Solved Virus in winnt\assembly\gac_MSIL\desktop

virus

OTL Extras logfile created on: 9/5/2011 6:56:26 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

766.00 Mb Total Physical Memory | 271.61 Mb Available Physical Memory | 35.46% Memory free
2.96 Gb Paging File | 2.55 Gb Available in Paging File | 86.28% Paging File free
Paging file location(s): C:\pagefile.sys 2304 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 13.99 Gb Free Space | 37.58% Space Free | Partition Type: NTFS

Computer Name: BLACKIE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\FrostWire 5\FrostWire.exe" = C:\Program Files\FrostWire 5\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\WINNT\system32\msfeedssync.exe" = C:\WINNT\system32\msfeedssync.exe:*:Disabled:Microsoft Feeds Synchronization -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21CBD20D-D287-49AF-8866-E5653E45AC5C}" = TurboTax 2010 wwviper
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam
"{68D923E0-1244-0F60-6108-2B154B0462D0}" = Comcast Access
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{83DD27C9-CDC2-489A-87FA-8622C1F8F8EC}" = Debugging Tools for Windows (x86)
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AIM_7" = AIM 7
"AIMTunes" = AIMTunes
"avast" = avast! Free Antivirus
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"BFGC" = Big Fish Games: Game Manager
"BFG-Cursed House" = Cursed House
"BFG-Jewel Quest Mysteries - The Seventh Gate" = Jewel Quest Mysteries: The Seventh Gate
"Canon MG5200 series User Registration" = Canon MG5200 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner (remove only)
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1" = Comcast Access
"Driver Performer_is1" = Driver Performer
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ffdshow_is1" = ffdshow
"FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1" = FOX News Live Stream
"FrostWire 5" = FrostWire 5.1.4
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Plaxo" = Plaxo Toolbar for Windows
"RCA Detective™_is1" = RCA Detective™ 2.0.0.98
"RCA easyRip™_is1" = RCA easyRip™ 1.4.6.0
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"TurboTax 2010" = TurboTax 2010
"VLC media player" = VLC media player 1.1.7
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"magicJack" = magicJack
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/14/2011 5:21:20 PM | Computer Name = BLACKIE | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: System.Data, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
. Error code = 0x80070020

Error - 4/15/2011 5:53:51 PM | Computer Name = BLACKIE | Source = ESENT | ID = 490
Description = svchost (1260) An attempt to open the file "C:\WINNT\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4/15/2011 5:54:09 PM | Computer Name = BLACKIE | Source = ESENT | ID = 490
Description = svchost (1260) An attempt to open the file "C:\WINNT\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 5/9/2011 5:28:37 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

Error - 5/9/2011 5:30:27 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module avgssie.dll, version 10.0.0.1324, fault address 0x00113ddd.

Error - 5/9/2011 5:30:32 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1001
Description = Fault bucket -1886626976.

Error - 5/22/2011 10:12:25 AM | Computer Name = BLACKIE | Source = Application Error | ID = 1000
Description = Faulting application musicfrost.exe, version 3.2.0.10, faulting module
musicfrost.exe, version 3.2.0.10, fault address 0x0001b48b.

Error - 8/29/2011 2:05:14 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1000
Description = Faulting application bdoinouq.exe, version 1.0.15.15641, faulting
module bdoinouq.exe, version 1.0.15.15641, fault address 0x0000c676.

Error - 8/29/2011 2:05:30 PM | Computer Name = BLACKIE | Source = Application Error | ID = 1001
Description = Fault bucket -1709570951.

Error - 9/5/2011 2:29:46 PM | Computer Name = BLACKIE | Source = Application Hang | ID = 1002
Description = Hanging application aim.exe, version 7.5.8.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 9/5/2011 2:08:15 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 2:26:38 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 2:50:41 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 2:51:11 PM | Computer Name = BLACKIE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/5/2011 6:26:26 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 6:26:56 PM | Computer Name = BLACKIE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/5/2011 6:26:59 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 6:27:28 PM | Computer Name = BLACKIE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 9/5/2011 6:44:09 PM | Computer Name = BLACKIE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 9/5/2011 6:44:39 PM | Computer Name = BLACKIE | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.


< End of report >



The computer is doin fine. Deleted ask toolbar, also all viewpoint media programs.
should I keep or delete all these cleaning programs when finished?
 
I'll let you know later...

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

==================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files\MyWebSearch\bar\1.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
O3 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-823518204-2025429265-839522115-1003\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
[5 C:\WINNT\*.tmp files -> C:\WINNT\*.tmp -> ]
[3 C:\WINNT\System32\*.tmp files -> C:\WINNT\System32\*.tmp -> ]
[2010/11/22 15:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\avg9
[2011/09/05 18:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Viewpoint
[2011/04/20 20:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINNT\Application Data\Zylom
[2010/02/07 17:01:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue
@Alternate Data Stream - 240 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:DDF112BD
@Alternate Data Stream - 233 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:EB4FEEF5
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:C22674B6
@Alternate Data Stream - 224 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:4CA05B44
@Alternate Data Stream - 223 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:A02025CE
@Alternate Data Stream - 213 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:1709732A
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:8E5EA40F
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:57B374AB
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:9BAC4211
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:9E4F05ED
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:436BE28C
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:A4E7D25F

:Services

:Reg
[-HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\m3ffxtbr@mywebsearch.com]

:Files
C:\Program Files\MyWebSearch

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

===================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
ran the otl on run fix, had to reboot myself , recieved no logs. on start up, microsoft error,
java suite crashed into buffer overrun,silent installation of jusched.exe undeserable.
 
All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearc h.com: C:\Program Files\MyWebSearch\bar\1.bin not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4 not found.
Registry value HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-2025429265-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINNT\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINNT\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control PackageCab
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\PackageCab\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\PackageCab\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\PackageCab\ not found.
C:\WINNT\002158_.tmp deleted successfully.
C:\WINNT\005091_.tmp deleted successfully.
C:\WINNT\SET3.tmp deleted successfully.
C:\WINNT\SET7.tmp deleted successfully.
C:\WINNT\SETD.tmp deleted successfully.
C:\WINNT\System32\ConduitEngine.tmp deleted successfully.
C:\WINNT\System32\CONFIG.TMP deleted successfully.
C:\WINNT\System32\SETCB.tmp deleted successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\IN\10110 folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\IN folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\sounds\stream folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\sounds folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\puzzles folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\properties folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\images\upsell folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\images\mainmenubkg folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\images\backdrops folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\images folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US\data folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2\en-US folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia\Bejeweled2 folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer\TryMedia folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom\ZylomGamesPlayer folder moved successfully.
C:\Documents and Settings\All Users.WINNT\Application Data\Zylom folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\speed up my pc 4 folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\RegistryBooster\_temp folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\RegistryBooster\history folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\RegistryBooster\backup folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue\RegistryBooster folder moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Application Data\uniblue folder moved successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:DDF112BD deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:EB4FEEF5 deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:C22674B6 deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:4CA05B44 deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:A02025CE deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:1709732A deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:8E5EA40F deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:57B374AB deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:9BAC4211 deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:9E4F05ED deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:436BE28C deleted successfully.
ADS C:\Documents and Settings\All Users.WINNT\Application Data\TEMP:A4E7D25F deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\m3ffxtbr@mywebsearch.com\ not found.
========== FILES ==========
File\Folder C:\Program Files\MyWebSearch not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users.WINNT

User: Default User.WINNT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56545 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner.HOME-5NR1RMGI5L
->Temp folder emptied: 10465335 bytes
->Temporary Internet Files folder emptied: 33441191 bytes
->Java cache emptied: 3879 bytes
->Flash cache emptied: 4580 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 53329 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb


[EMPTYFLASH]

User: All Users.WINNT

User: Default User.WINNT
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

User: NetworkService.NT AUTHORITY

User: Owner.HOME-5NR1RMGI5L
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09062011_220318

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DFD1A9.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DFD1BC.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DFD356.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DFD38F.tmp not found!
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\T3RGV9HR\topic170071-2[1].html moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\P0OVG3T1\aol_com[2].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\P0OVG3T1\hub[2].html moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\P0OVG3T1\xfinity_comcast_net[1].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\FG73KAZ1\League_Gothic-webfont[1].eot moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\ABM8BYV1\a[1].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\ABM8BYV1\BebasNeue-webfont[1].eot moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\ABM8BYV1\load_v7[1].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINNT\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
avast! Free Antivirus
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner (remove only)
Java(TM) 6 Update 27
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.5
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
``````````End of Log````````````
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.
 
virus

C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031002.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031008.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031010.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031011.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031013.DLL Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031014.DLL Win32/Toolbar.MyWebSearch.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031017.SCR Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031019.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031020.EXE Win32/Adware.FunWeb application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031022.DLL Win32/Toolbar.MyWebSearch.H application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031023.DLL Win32/Toolbar.MyWebSearch.I application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031024.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031025.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031028.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031032.EXE Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031033.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP220\A0031034.DLL Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\System Volume Information\_restore{33EECA5F-9C26-46DF-BAB6-78FBE0A7CFC2}\RP223\A0033799.ini Win32/Sirefef.CH trojan cleaned by deleting - quarantined
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users.WINNT

User: Default User.WINNT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner.HOME-5NR1RMGI5L
->Temp folder emptied: 1123528 bytes
->Temporary Internet Files folder emptied: 35981092 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3827 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 626060 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 209448 bytes

Total Files Cleaned = 36.00 mb


[EMPTYFLASH]

User: All Users.WINNT

User: Default User.WINNT
->Flash cache emptied: 0 bytes

User: LocalService.NT AUTHORITY

User: NetworkService.NT AUTHORITY

User: Owner.HOME-5NR1RMGI5L
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.27.0 log created on 09082011_202954

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DF75D0.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DF7754.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DF8AC2.tmp not found!
File\Folder C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temp\~DF8AD7.tmp not found!
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\Content.IE5\HT3MV8XV\showthread[1].htm moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\Owner.HOME-5NR1RMGI5L\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
File move failed. C:\WINNT\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Broni,thank you for all your help. computer seems to be ok except on start up, am getting "jusched.exe encountered a problem and needs to close" and shell_notifyicon failed to perform desired action. are they important?
 
Disable jusched.exe as a startup: http://www.howtogeek.com/howto/windows-vista/what-is-juschedexe-and-why-is-it-running/

Way to go!!
p4193510.gif

Good luck and stay safe :)
 

Similar threads

Cal Jeffrey
The promise (and pitfalls) of NPCs powered by AI in video games
Replies
17
Views
486
Dreadcthulhu
D
midian182
Avast Free Antivirus: Testing its features and learning about the six layers of protection
Replies
0
Views
749
midian182
midian182
midian182
Game over for Twitter/X as Nintendo follows Microsoft and Sony in removing integration
Replies
17
Views
610
lonetac
L

Latest posts

Back