TechSpot

Analyse my OTL log please!

Solved
By anthonyb7890
Mar 21, 2011
  1. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    the ESET Online Scanner wont work for me! it keeps saying its waiting.
     
  2. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    i'll be right back, i gotta run to the store! will you be online for a while! (please say yes! lol!)
     
  3. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Try different browser.
     
  4. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    I should be around for another hour, or so...
     
  5. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    ok, ill finish this step befor i leave! Mozilla seems to be working fine!
     
  6. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Uninstall Java(TM) 6 Update 5.

    Update Firefox to the latest 4.0 version.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

    We'll need to install Service Pack 3 and update IE, but Eset log first.
     
  7. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    sooooo, wait untill Eset is finnished befor i do any of that! Brooooo im soooo grateful for you helping me out! (im am definatley donateing for the help! im a lifetime fan/ customer lol) i have a question! would it be easier for you to remotey controle my comp? i have a logmein account, you would be able to have fully controle my entire computer from your internet browser!
     
  8. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    I'm glad to see you happy :)

    We don't do one-on-one sessions here.
    I'm too busy for that and it doesn't benefit other members, who can actually read topics.

    Yes, wait with updates.
    Updates (especially service packs) should be applied on clean computers.
    I doubt, Eset will find much, but it's better to play safe.
     
  9. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    ok, im off to the store be back soon! (its at about 20%)
     
  10. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    OK..................
     
  11. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    arrrrrrrrgh! it got to 100% but in red it says "Unexpected error 2002"
    nsaau finite
     
     
  12. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    This one should be faster....

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Free scan now button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View report.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
  13. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    QuickScan Beta 32-bit v0.9.9.80
    -------------------------------
    Scan date: Wed Mar 23 00:58:05 2011
    Machine ID: 846C4C09



    No infection found.
    -------------------



    Processes
    ---------
    (unsigned) C-Major Audio 2612 C:\WINDOWS\stsystra.exe
    (unsigned) Dell Wireless WLAN Card Wireless Networ 1192 C:\WINDOWS\system32\BCMWLTRY.EXE
    (unsigned) Dell Wireless WLAN Card Wireless Networ 2596 C:\WINDOWS\system32\WLTRAY.EXE
    (unsigned) Hewlett-Packard hpotdd01 3116 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    (unsigned) IntelliSonic Systray Control 2636 C:\WINDOWS\system32\KADxMain.exe
    (unsigned) WLTRYSVC.EXE 1180 C:\WINDOWS\system32\WLTRYSVC.EXE

    (verified) Apple Mobile Device Service 1656 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    (verified) avast! Antivirus 1288 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    (verified) avast! Antivirus 2908 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    (verified) Bonjour 1668 C:\Program Files\Bonjour\mDNSResponder.exe
    (verified) Cyberlink PowerCinema 2688 C:\Program Files\Dell\MediaDirect\PCMService.exe
    (verified) Dell Support Center Updates 2736 C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (verified) Digital Line Detection 3096 C:\Program Files\Digital Line Detect\DLG.exe
    (verified) Firefox 3980 C:\Program Files\Mozilla Firefox\firefox.exe
    (verified) GrooveMonitor Utility 2720 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (verified) Intel(R) Common User Interface 2476 C:\WINDOWS\system32\hkcmd.exe
    (verified) Intel(R) Common User Interface 2508 C:\WINDOWS\system32\igfxpers.exe
    (verified) Intel(R) Common User Interface 2500 C:\WINDOWS\system32\igfxsrvc.exe
    (verified) Java(TM) Platform SE 6 U24 1708 C:\Program Files\Java\jre6\bin\jqs.exe
    (verified) Java(TM) Platform SE Auto Updater 2 0 2804 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (verified) Live! Cam Console Auto Launcher 2544 C:\WINDOWS\OEM02Mon.exe
    (verified) Microsoft ActiveSync 2944 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    (verified) Microsoft ActiveSync 3040 C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    (verified) Microsoft® Windows® Operating System 2160 C:\WINDOWS\explorer.exe
    (verified) Microsoft® Windows® Operating System 2092 C:\WINDOWS\system32\alg.exe
    (verified) Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\csrss.exe
    (verified) Microsoft® Windows® Operating System 2968 C:\WINDOWS\system32\ctfmon.exe
    (verified) Microsoft® Windows® Operating System 808 C:\WINDOWS\system32\lsass.exe
    (verified) Microsoft® Windows® Operating System 796 C:\WINDOWS\system32\services.exe
    (verified) Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\smss.exe
    (verified) Microsoft® Windows® Operating System 1548 C:\WINDOWS\system32\spoolsv.exe
    (verified) Microsoft® Windows® Operating System 1040 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1788 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1612 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 972 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1132 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1080 C:\WINDOWS\system32\svchost.exe
    (verified) Microsoft® Windows® Operating System 752 C:\WINDOWS\system32\winlogon.exe
    (verified) Microsoft® Windows® Operating System 2424 C:\WINDOWS\system32\wscntfy.exe
    (verified) Microsoft® Windows® Operating System 3488 C:\WINDOWS\system32\wuauclt.exe
    (verified) SupportSoft sprtsvc 1764 C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    (verified) Synaptics Pointing Device Driver 2456 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


    Network activity
    ----------------
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 72.14.204.99
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 63.233.60.17
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 72.14.204.100
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 199.7.71.190
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 63.80.4.43
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 63.80.4.56
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 63.80.4.42
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 63.80.4.42
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 72.14.204.99
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 69.63.181.15
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 63.80.4.43
    Process firefox.exe (3980) connected on port 80 (HTTP) --> 72.14.204.120

    Process svchost.exe (1040) listens on ports: 135 (RPC)
    Process rapimgr.exe (3040) listens on ports: 990 (FTP over SSL)


    Autoruns and critical files
    ---------------------------
    (unsigned) C:\Dell\E-Center\EULALauncher.exe
    (unsigned) C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
    (unsigned) C-Major Audio C:\WINDOWS\stsystra.exe
    (unsigned) Dell Webcam Manager C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    (unsigned) Dell Wireless WLAN Card Wireless Networ C:\WINDOWS\system32\WLTRAY.EXE
    (unsigned) IntelliSonic Systray Control C:\WINDOWS\system32\KADxMain.exe
    (unsigned) QuickTime C:\Program Files\QuickTime\qttask.exe
    (unsigned) SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

    (verified) Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
    (verified) Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    (verified) Adobe CS4 Service Manager C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
    (verified) Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    (verified) avast! Antivirus C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    (verified) Cyberlink PowerCinema C:\Program Files\Dell\MediaDirect\PCMService.exe
    (verified) Dell Support Center Updates C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    (verified) Digital Line Detection C:\Program Files\Digital Line Detect\DLG.exe
    (verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    (verified) Intel(R) Common User Interface C:\WINDOWS\system32\hkcmd.exe
    (verified) Intel(R) Common User Interface C:\WINDOWS\system32\igfxdev.dll
    (verified) Intel(R) Common User Interface C:\WINDOWS\system32\igfxpers.exe
    (verified) Intel(R) Common User Interface C:\WINDOWS\system32\igfxtray.exe
    (verified) iTunes C:\Program Files\iTunes\iTunesHelper.exe
    (verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    (verified) Live! Cam Console Auto Launcher C:\WINDOWS\OEM02Mon.exe
    (verified) Microsoft ActiveSync C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    (verified) Microsoft Office OneNote C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
    (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
    (verified) MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    (verified) SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (verified) SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    (verified) Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (verified) Webroot CD Installer D:\install.exe
    (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


    Browser plugins
    ---------------
    (unsigned) BitDefender QuickScan C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\65ip0wdq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    (unsigned) Facebook Plugin C:\Documents and Settings\Chad\Application Data\Facebook\npfbplugin_1_0_3.dll
    (unsigned) Java(TM) Platform SE 6 U24 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    (unsigned) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    (unsigned) The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    (unsigned) The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

    (verified) 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    (verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    (verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
    (verified) DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
    (verified) DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    (verified) DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
    (verified) DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
    (verified) FFExternalAlert.dll C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\65ip0wdq.default\extensions\{f434cffe-fa5c-4569-a0f5-ffbf98ab2b65}\components\FFExternalAlert.dll
    (verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
    (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
    (verified) Java Deployment Toolkit 6.0.240.7 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    (verified) Java(TM) Platform SE 6 U24 c:\program files\java\jre6\bin\jp2ssv.dll
    (verified) Java(TM) Platform SE 6 U24 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    (verified) Messenger C:\Program Files\Messenger\msmsgs.exe
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
    (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
    (verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
    (verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    (verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    (verified) QuickTime Plug-in 7.6.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    (verified) RadioWMPCore.dll C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\65ip0wdq.default\extensions\{f434cffe-fa5c-4569-a0f5-ffbf98ab2b65}\components\RadioWMPCore.dll
    (verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
    (verified) Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll
    (verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll


    Missing files
    -------------
    File not found: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
    --> HKLM\System\ControlSet001\services\AVP\"ImagePath"

    File not found: C:\WINDOWS\System32\appmgmts.dll
    --> HKLM\System\ControlSet001\services\AppMgmt\Parameters\"ServiceDll"

    File not found: C:\WINDOWS\System32\hidserv.dll
    --> HKLM\System\ControlSet001\services\HidServ\Parameters\"ServiceDll"

    File not found: C:\WINDOWS\system32\drivers\klif.sys
    --> HKLM\System\ControlSet001\services\klif\"ImagePath"

    File not found: C:\WINDOWS\system32\rpcnet.exe
    --> HKLM\System\ControlSet001\services\Rpcnet\"ImagePath"

    File not found: none
    --> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"

    File not found: system32\DRIVERS\klim5.sys
    --> HKLM\System\ControlSet001\services\klim5\"ImagePath"

    File not found: system32\drivers\kl1.sys
    --> HKLM\System\ControlSet001\services\kl1\"ImagePath"


    Scan
    ----
    (unsigned) MD5: d6b7814aa0d1412f0ea77845c0af7b51 C:\Dell\E-Center\EULALauncher.exe
    (unsigned) MD5: d94c362e750f8c283bf52537d3df28b5 C:\Documents and Settings\Chad\Application Data\Facebook\npfbplugin_1_0_3.dll
    (unsigned) MD5: 04d1724431472792224002ca40382d0d C:\Documents and Settings\Chad\Application Data\Mozilla\Firefox\Profiles\65ip0wdq.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    (unsigned) MD5: 25deb52dd93c4e024fe45c3d336e71dc C:\Program Files\Alwil Software\Avast5\1033\Base.dll
    (unsigned) MD5: b9c3606cc100851ab518360b3b143b56 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
    (unsigned) MD5: 9c2de8cc604ca0b9b3159bc1f1f37897 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
    (unsigned) MD5: c050fcf245459d9739d7c9f35c3e6543 C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
    (unsigned) MD5: 98b88e4c545bfdf0853be8f0e88b9c25 C:\Program Files\Alwil Software\Avast5\AhResMai.dll
    (unsigned) MD5: e79db5e7f8b3093db545d179c4e16840 C:\Program Files\Alwil Software\Avast5\ahResMes.dll
    (unsigned) MD5: 9fd4b1af566ec3b687b56ffb80c2d20d C:\Program Files\Alwil Software\Avast5\AhResNS.dll
    (unsigned) MD5: 4146cbfe2cbefc6a98489788f81b0562 C:\Program Files\Alwil Software\Avast5\ahResP2P.dll
    (unsigned) MD5: f6166797cfa677a1e96d93ca9cbf8f6a C:\Program Files\Alwil Software\Avast5\AhResStd.dll
    (unsigned) MD5: 73b68ff32ef2bf35e94351daaeb3641a C:\Program Files\Alwil Software\Avast5\AhResWS.dll
    (unsigned) MD5: 2e84f62700e169063eb7d7d2141f8c7e C:\Program Files\Alwil Software\Avast5\ashBase.dll
    (unsigned) MD5: b9863dde6b6109d5b2eda2f11bf54d25 C:\Program Files\Alwil Software\Avast5\ashServ.dll
    (unsigned) MD5: ac954e4d33cd7e7e6d6f73798d4576c3 C:\Program Files\Alwil Software\Avast5\ashTask.dll
    (unsigned) MD5: 5231300f5e0a59a50eac3f93d2b4c95a C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
    (unsigned) MD5: e9ad62f2cda825b7e1b22169d028c4f8 C:\Program Files\Alwil Software\Avast5\aswAux.dll
    (unsigned) MD5: 73b999eb4fcf3f0b0951cb2c7398548d C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
    (unsigned) MD5: 76d0ef658394a209eb5e2dfb248f9df6 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
    (unsigned) MD5: 7573c4352b667e7da363cf4242ad8329 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
    (unsigned) MD5: 2dd10103b434f7287ec5714839730f03 C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
    (unsigned) MD5: 583932915ce54c5ed3d5f61bb607f338 C:\Program Files\Alwil Software\Avast5\aswIdle.dll
    (unsigned) MD5: 292e1d9c2f36fd93a5247bef8109c8e2 C:\Program Files\Alwil Software\Avast5\aswLog.dll
    (unsigned) MD5: 8b21dda956cd984c0e524cd718af9e27 C:\Program Files\Alwil Software\Avast5\aswProperty.dll
    (unsigned) MD5: 41a27def802426f74137b7e38e7229ac C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
    (unsigned) MD5: dad18c5212b3492ea1e7244780981fc6 C:\Program Files\Alwil Software\Avast5\defs\10112800\algo.dll
    (unsigned) MD5: 5c5209b04b1942a534259c2ab7bb1eea C:\Program Files\Dell Support Center\bin\libeay32.dll
    (unsigned) MD5: 1409eb2c3cb92d612e124d52ed766359 C:\Program Files\Dell Support Center\bin\sprtmessage.dll
    (unsigned) MD5: 5fb486db877dfbb52828d77f110eba9d C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.dll
    (unsigned) MD5: 01b46beece252636a678e9312e6031fd C:\Program Files\Dell Support Center\bin\SupportSoft.Agent.Sprocket.SupportMessage.dll
    (unsigned) MD5: 267b3a856e9f4db1cabd4e6db71e07d2 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
    (unsigned) MD5: dac9b43bbfa0359e252ddb0cb91dea6d C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
    (unsigned) MD5: 066b1558b0286677d4cce0a20f01f0fe C:\Program Files\Dell\MediaDirect\Kernel\common\CLRCEngine3.dll
    (unsigned) MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Dell\MediaDirect\MFC71.dll
    (unsigned) MD5: cb1135906d951b574f9f2498be8f11f9 C:\Program Files\Digital Line Detect\BVRPDiag.dll
    (unsigned) MD5: 0c8b5063810b0af4fe765682ed53e1a7 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll
    (unsigned) MD5: a564a22308a3f55235ba2478ee82992d C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
    (unsigned) MD5: cc9b2b1c42766a18a42226f41637b789 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll
    (unsigned) MD5: 4ebb5b4dcabec18b29d01f9f607b0114 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    (unsigned) MD5: ceab731a7dfa877d80217b33c64043cc C:\Program Files\Mozilla Firefox\freebl3.dll
    (unsigned) MD5: 84f3a9ff0138f1148651c9fd57325d74 C:\Program Files\Mozilla Firefox\nssdbm3.dll
    (unsigned) MD5: 5d10887c550ab149a7d0e0c2438b8655 C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
    (unsigned) MD5: eed2ce7bd9e43b8500d906d944460d22 C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
    (unsigned) MD5: d0a6a66fc72ef36817cd9b71f7134679 C:\Program Files\Mozilla Firefox\softokn3.dll
    (unsigned) MD5: 8cbd57d84729debee1e83cb5fa3e3d7a C:\Program Files\QuickTime\qttask.exe
    (unsigned) MD5: ecd5517a6633826057d4f050927ddf56 C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
    (unsigned) MD5: 62ed5455beeeba980486090371c3cca4 C:\PROGRA~1\ALWILS~1\Avast5\1033\uiLangRes.dll
    (unsigned) MD5: 4be4d03253a962ca71e69885eaac839b C:\PROGRA~1\ALWILS~1\Avast5\aswData.dll
    (unsigned) MD5: 535c946b02fa300ca8c8ef363e154e65 C:\PROGRA~1\ALWILS~1\Avast5\aswUtil.dll
    (unsigned) MD5: 1a1afd43645750a8966459be45c9a732 C:\PROGRA~1\ALWILS~1\Avast5\CommonRes.dll
    (unsigned) MD5: a5205b3af85b1477ab2c2a1e12201598 C:\WINDOWS\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
    (unsigned) MD5: d48fdd9a1a20801024dbefd215de3b22 C:\WINDOWS\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    (unsigned) MD5: f25962237efd7e15b77b641ce498cc46 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_5f89e0d6\mscorlib.dll
    (unsigned) MD5: feb51460c49bd583760a1bd401b63961 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_c736d9d7\System.Xml.dll
    (unsigned) MD5: ad3f3c45d801c6bf2963294572f56cd7 C:\WINDOWS\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_c57ab0b3\System.dll
    (unsigned) MD5: e1a1206a4fb19b675e947b29ccd25fba C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
    (unsigned) MD5: efad1fe6e6bc3f65d6c453e70bb061c2 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    (unsigned) MD5: 1dfe3fbe7e2cd236218ad6a6eccd6824 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    (unsigned) MD5: c710ae9090389e218152995074f5c576 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    (unsigned) MD5: 398f5bd3729e72ede7efe917cf035227 C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    (unsigned) MD5: 127e7dd016305ff87b9b59189672c497 C:\WINDOWS\stsystra.exe
    (unsigned) MD5: c974bfebdef0470e89957b9f432c1138 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
    (unsigned) MD5: ae5c2908126de1a2c4cac5eacfb57602 C:\WINDOWS\system32\bcm1xsup.dll
    (unsigned) MD5: c681fdaa85dd6ba2ec1a8927e482e1fd C:\WINDOWS\system32\BCMLogon.dll
    (unsigned) MD5: 4df537a09034434ea9481b88ab1d3c25 C:\WINDOWS\system32\bcmwlpkt.dll
    (unsigned) MD5: de691dd74fffd9a39e784000255bf67c C:\WINDOWS\system32\BCMWLTRY.EXE
    (unsigned) MD5: ec94e05b76d033b74394e7b2175103cf C:\WINDOWS\system32\drivers\APPDRV.sys
    (unsigned) MD5: 0c8762b91b967a91373e0e022b62acfc C:\WINDOWS\system32\drivers\dxec02.sys
    (unsigned) MD5: 478b4415dfb3a45b6fe61ec781e07d7b C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
    (unsigned) MD5: 00ae175b903d45ed4a62384d3315dc2a C:\WINDOWS\system32\drivers\ZDPSP50.sys
    (unsigned) MD5: eb965ad08b0576de68554e829423e46d C:\WINDOWS\system32\KADxCtl.dll
    (unsigned) MD5: ddb03471bce8ba2e49c34ba74127220d C:\WINDOWS\system32\KADxMain.exe
    (unsigned) MD5: b5b67ee09b52d7129b8041b9bd411f7b C:\WINDOWS\system32\mscoree.dll
    (unsigned) MD5: 4d8172ef27d522aefeb113f85a177872 C:\WINDOWS\system32\preflib.dll
    (unsigned) MD5: f2b4a9d0d0e1fbf6cca824ea0a76ffc0 C:\WINDOWS\system32\stlang.dll
    (unsigned) MD5: 90f267169c3ec50908a97102026a23de C:\WINDOWS\system32\WLTRAY.EXE
    (unsigned) MD5: 356e1c6dfce861502665ff9d7711dc88 C:\WINDOWS\system32\wltrynt.dll
    (unsigned) MD5: bcd7db5c2fd6bfb59416f125dde077ff C:\WINDOWS\system32\WLTRYSVC.EXE
    (unsigned) MD5: 1b7524806d0270b81360c63a2fa047cb C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll

    The following file(s) must be uploaded for server-side scanning:
    C:\Program Files\Mozilla Firefox\freebl3.dll
    C:\Program Files\Mozilla Firefox\softokn3.dll
    C:\Program Files\Mozilla Firefox\nssdbm3.dll

    Upload started - 3 file(s)
    nssdbm3.dll (98304)
    softokn3.dll (155648)
    freebl3.dll (249856)
    Upload speed - 8 KB/s
    Upload finished - 3 uploaded, 0 failed

    The uploaded file(s) were found clean.

    Scan finished - communication took 65 sec
    Total traffic - 0.53 MB sent, 1.47 KB recvd
    Scanned 1191 files and modules - 152 seconds

    ==============================================================================
     
  14. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current (including Service Pack 3 installation and updating Internet Explorer to version 8!)

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  15. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    "OTL: OTL.com - Corrupt File"
    The file or directory C:\Documents and Settings\Chad|Local Settings\Temporary Internet Files\Content.IES\X3ZYY9GW is corrupt and unreadable. Please run the Chkdsk Utility.

    "Error Deleting Files or Folder"
    Cannot remove folder Dc26: the directory is not empty.
     
  16. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Reset system restore manually.
    Turn it off.
    Restart computer.
    Turn system restore on.
     
  17. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.DC7D8VF1
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Administrator.DC7D8VF1.000
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Chad
    ->Temp folder emptied: 164200 bytes
    ->Temporary Internet Files folder emptied: 4669797 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 25957858 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 405 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 29.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: Administrator.DC7D8VF1

    User: Administrator.DC7D8VF1.000

    User: All Users

    User: Chad
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.22.3 log created on 03232011_011131

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Chad\Local Settings\Temp\WCESLog.log moved successfully.

    Registry entries deleted on Reboot...
     
  18. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Good :)


    Whenever ready....
     
  19. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    awesome! im gonna do all of my updates now!
     
  20. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    i think we have a problem! it rebooted, but now its stuck were it says welcome!
     
  21. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    nevermond, its working, it just tooook a whiiile, is there anyway to speed up my comp?jezykowej bantso
     
  22. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    Take your time
    Install all updates and see how it goes.

    Going to bed.
    I'll be back here tomorrow morning.
     
  23. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    ok! thank you! goodnight!
     
  24. Broni

    Broni Malware Annihilator Posts: 47,078   +257

    How are things?
     
  25. anthonyb7890

    anthonyb7890 TS Rookie Topic Starter Posts: 96

    things are great!
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.