WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93083 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Trojan:Java/Bytverify [Solved]

Started by blondygirl , Feb 08 2014 07:54 PM

This topic is locked

39 replies to this topic

#31 blondygirl

Authentic Member

Authentic Member
49 posts

Posted 19 February 2014 - 12:57 AM

Good Morning Jo!

Well it takes 15 - 20 reboots of the computer in the hopes of getting FireFox to actually open

I was trying that fix yesterday but as soon as you click reset firefox it closes and and tries to reboot....only for it to just hang...I've never gotten past the first step because I just get the high whirring, continual hour glass and a frozen white page :wall:

Thanking you

blondy

Advertisements

Register to Remove

#32 Jo*

SuperMember

Malware Team
1,208 posts

Posted 19 February 2014 - 03:06 AM

Hello blondygirl,

it looks like a system restore to 13 February 2014 is a way back to a working Firefox on your system.

If you like to do that, OK.
After a restore we would need a fresh OTL log.

Graduate of the WTT Classroom
Cheers,
Jo

#33 blondygirl

Authentic Member

Authentic Member
49 posts

Posted 20 February 2014 - 12:02 AM

Hi Jo :adios:

Hope you like challenges!

Ok so I click on the 13th of February to system restore...there are a few choices there....none of them worked. Each one said it was not successful :ph34r:

Thanking you

blondy

#34 Jo*

SuperMember

Malware Team
1,208 posts

Posted 20 February 2014 - 01:50 AM

Hello blondygirl,

Uninstall Firefox completely using this manual: http://kb.mozillazin...talling_Firefox

NOTE.
Use MozBackup: http://mozbackup.jasnapaka.com/ to backup your bookmarks and passwords. Do NOT backup anything else.
Install fresh copy of Firefox.

***

Run OTL again.

Double click on the OTL icon to run it.
Right click on the OTL icon and select[/color]
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
don't check the boxes beside LOP Check and Purity Check this time.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window OTL.Txt.
Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***

Graduate of the WTT Classroom
Cheers,
Jo

#35 blondygirl

Authentic Member

Authentic Member
49 posts

Posted 21 February 2014 - 08:38 AM

Good morning Jo :adios:

Well I removed everything I could find and reinstalled a fresh version of the FireFox...so nice to click the icon and not have the CPU's hit the roof and my computer sounding like it wants to take off !! :banana: Thank you very much for helping me!!

blondy

Here is my OTL report

OTL logfile created on: 2/21/2014 7:26:52 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Blondy Girl\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 85.13% Memory free
4.83 Gb Paging File | 4.39 Gb Available in Paging File | 90.92% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.03 Gb Total Space | 82.69 Gb Free Space | 56.63% Space Free | Partition Type: NTFS

Computer Name: BLONDYGIRL | User Name: Blondy Girl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
PRC - C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MsMpEng.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBTPP5C.DLL ()

========== Services (SafeList) ==========

SRV - (getPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_8fa3539.dll ()
SRV - (MBAMService) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Maleware\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (WinDefend) -- C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (dlbt_device) -- C:\WINDOWS\system32\dlbtcoms.exe (Dell)

========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (UIUSys) -- system32\drivers\UIUSys.sys File not found
DRV - (PxHelp20) -- System32\Drivers\PxHelp20.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\BLONDY~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSEH) -- C:\WINDOWS\system32\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgfwfd) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgfwdx) -- C:\WINDOWS\system32\drivers\avgfwdx.sys (AVG Technologies CZ, s.r.o.)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (senfilt) -- C:\WINDOWS\system32\drivers\senfilt.sys (Creative Technology Ltd.)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Computer Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-tyc8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ca.yahoo.com/?fr=fp-tyc8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://ca.search.yah...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.1.0.20130813024103
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 27.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2014/02/20 21:22:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Extensions
[2010/07/12 08:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2014/02/20 23:32:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\p85jpsih.default\extensions
[2014/02/20 23:30:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\p85jpsih.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2014/02/20 23:32:55 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\Blondy Girl\Application Data\Mozilla\Firefox\Profiles\p85jpsih.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014/02/20 22:44:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/02/20 22:44:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/02/11 22:50:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1268536452890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1347918779578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.153.176.1 75.153.176.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FAA375B-6105-45E1-A6CA-8E796C8BE572}: DhcpNameServer = 75.153.176.1 75.153.176.9
O18 - Protocol\Handler\intu-qt2009 {03947252-2355-4e9b-B446-8CCC75C43370} - C:\Program Files\QuickTax 2009\ic2009pp.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Documents and Settings\Blondy Girl\My Documents\Downloads\Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/13 06:17:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/20 22:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/02/20 22:44:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014/02/20 20:52:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\MozBackup
[2014/02/15 17:10:35 | 002,347,384 | ---- | C] (ESET) -- C:\Documents and Settings\Blondy Girl\Desktop\esetsmartinstaller_enu.exe
[2014/02/13 21:52:20 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2014/02/13 21:50:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/02/11 22:44:19 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2014/02/11 22:42:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2014/02/11 22:42:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2014/02/11 22:42:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2014/02/11 22:42:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2014/02/11 22:41:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014/02/11 22:41:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2014/02/11 22:00:23 | 005,180,278 | R--- | C] (Swearware) -- C:\Documents and Settings\Blondy Girl\Desktop\ComboFix.exe
[2014/02/10 21:59:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/10 21:51:47 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\Blondy Girl\Desktop\JRT.exe
[2014/02/09 16:52:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 16:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
[2014/02/09 16:11:28 | 000,052,312 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/09 16:11:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Blondy Girl\Desktop\mbar
[2014/02/09 15:49:11 | 012,589,848 | ---- | C] (Malwarebytes Corp.) -- C:\Documents and Settings\Blondy Girl\Desktop\mbar-1.07.0.1009.exe
[2014/02/09 15:04:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe
[2014/02/08 18:41:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Blondy Girl\Desktop\HiJackThis.exe

========== Files - Modified Within 30 Days ==========

[2014/02/21 07:16:58 | 000,000,402 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2014/02/21 07:13:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/21 00:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/02/20 22:45:04 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/20 22:44:57 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/02/20 20:52:17 | 000,000,930 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2014/02/20 19:40:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2014/02/20 19:40:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2014/02/20 17:29:19 | 154,427,042 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2014/02/19 18:52:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/17 13:43:08 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2014/02/17 12:04:59 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Desktop\SystemLook.exe
[2014/02/17 11:24:46 | 000,466,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/02/17 11:24:46 | 000,080,942 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/02/16 18:22:14 | 000,140,504 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\My Documents\Windows 8 Upgrade Assistant.mht
[2014/02/16 15:22:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2014/02/15 17:11:36 | 000,284,424 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2014/02/15 17:10:37 | 002,347,384 | ---- | M] (ESET) -- C:\Documents and Settings\Blondy Girl\Desktop\esetsmartinstaller_enu.exe
[2014/02/11 22:50:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/02/11 22:44:23 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2014/02/11 22:01:16 | 005,180,278 | R--- | M] (Swearware) -- C:\Documents and Settings\Blondy Girl\Desktop\ComboFix.exe
[2014/02/10 21:51:49 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\Blondy Girl\Desktop\JRT.exe
[2014/02/09 16:11:28 | 000,052,312 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2014/02/09 15:51:07 | 012,589,848 | ---- | M] (Malwarebytes Corp.) -- C:\Documents and Settings\Blondy Girl\Desktop\mbar-1.07.0.1009.exe
[2014/02/09 15:48:59 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Desktop\AdwCleaner.exe
[2014/02/09 15:04:20 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Blondy Girl\Desktop\OTL.exe
[2014/02/09 15:04:02 | 000,987,425 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Desktop\SecurityCheck.exe
[2014/02/09 13:18:34 | 000,212,992 | ---- | M] () -- C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/02/08 18:41:14 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Blondy Girl\Desktop\HiJackThis.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2014/02/06 03:54:08 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2014/02/05 16:26:52 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2014/02/05 16:26:51 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2014/02/05 16:26:50 | 001,216,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2014/02/05 16:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2014/02/05 16:26:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2014/02/05 16:26:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2014/02/05 16:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2014/02/05 16:26:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2014/02/05 16:26:48 | 006,021,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2014/02/05 16:26:48 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2014/02/05 16:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2014/02/05 16:26:44 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2014/02/05 16:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2014/02/05 16:26:43 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2014/02/05 16:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2014/02/05 16:26:43 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2014/02/05 16:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2014/02/05 16:26:43 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2014/02/05 16:26:42 | 002,006,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2014/02/05 16:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2014/02/05 16:26:42 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2014/02/05 16:26:42 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2014/02/05 16:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2014/02/05 16:26:41 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2014/02/05 16:26:40 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2014/02/05 16:26:38 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2014/02/05 16:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2014/02/05 16:26:37 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2014/02/05 16:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\corpol.dll
[2014/02/05 16:26:37 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\corpol.dll
[2014/02/05 15:24:05 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec

========== Files Created - No Company Name ==========

[2014/02/20 22:45:04 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2014/02/20 22:44:57 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2014/02/20 22:44:57 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2014/02/20 20:52:17 | 000,000,930 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MozBackup.lnk
[2014/02/17 12:04:58 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Desktop\SystemLook.exe
[2014/02/16 18:22:14 | 000,140,504 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\My Documents\Windows 8 Upgrade Assistant.mht
[2014/02/16 15:20:41 | 000,225,262 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msimain.sdb
[2014/02/11 22:44:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2014/02/11 22:44:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2014/02/11 22:42:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2014/02/11 22:42:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2014/02/11 22:42:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2014/02/11 22:42:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2014/02/11 22:42:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2014/02/09 15:48:52 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Desktop\AdwCleaner.exe
[2014/02/09 15:04:02 | 000,987,425 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Desktop\SecurityCheck.exe
[2012/12/14 18:22:58 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Application Data\.backup.dm
[2010/03/14 18:46:38 | 000,212,992 | ---- | C] () -- C:\Documents and Settings\Blondy Girl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/03/13 10:31:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#36 Jo*

SuperMember

Malware Team
1,208 posts

Posted 21 February 2014 - 09:06 AM

Hello blondygirl,

well done.

It Appears That Your Pc Is Now Clean!

***

Clean up:

We used Combofix.
Deactivate your antivirus software once more.

Click START then RUN
Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Enable your antivirus software.

***

Run AdwCleaner.exe.

Click on the Uninstall button.
A window will open, press the Confirm button.
AdwCleaner will uninstall now.

***

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:OTL

:Commands
[emptytemp]
[clearallrestorepoints]

Close all other programs apart from OTL as this step may require a reboot
Then click the Run Fix button at the top
Let the program run unhindered.
Say Yes to the prompt and then allow the program to reboot your computer.

***

Clean up with delfix:

please download delfix to your desktop.
Close all other programms and start delfix.
Please check all the boxes and run the tool.
delfix will now delete all found traces of our removal process

***

Delete the log files our tools created; they are located at your desktop or at the
"c:\users\{.......}\Downloads" folder.
Highlight them, and press the del or delete key on the keyboard.
You can browse to the location of the file or folder using either My Computer or Windows Explorer.

***

Your remaining issue with "system restore not working" is not malware related.
Please start a new topic at our MS Windows forum section.

***

Here are some Preventive tips to reduce the potential for spyware infection in the future:

1. Browse more secure

WOT - Know which websites to trust
Web of Trust - this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam.

2. Enable Protected Mode in Internet Explorer. This helps Windows Vista, 7 / 8 users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:

Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.

3. Make sure you keep your Windows OS current.

Windows XP users can visit Windows update regularly to download and install any critical updates and service packs.
Windows Vista / 7 users can update via
Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane).

4. Avoid P2P

If you think you're using a "safe" P2P program, only the program is safe, not the data.
You will share files from unsafe sources, and these may be infected.
Some bad guys use P2P filesharing as an important chanel to spread their wares.

5. Use only one anti-virus software and keep it up-to-date.

6. Firewall
Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

7. Backup regularly
You never know when your PC will become unstable or become so infected that you can't recover it.

8. Use Strong passwords!

9. Email attachments
Do not open any unknown email attachments, which you received without asking for it!

Extra note:
Keep your Browser, Java, pdf Reader and Adobe Flash Up to Date.
Make sure your programs are up to date - because older versions may contain Security Leaks.
To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

***

Graduate of the WTT Classroom
Cheers,
Jo

#37 blondygirl

Authentic Member

Authentic Member
49 posts

Posted 22 February 2014 - 03:24 PM

Hi Jo!! :adios:

So I did everything you asked last night...turn on the computer today to write a thank you for EVERYTHING and....

High CPU, computer sounds like it wants to take off, FireFox hangs :wall:

blondy

**edit** I should also mention that now this is also happening when I use the Internet Explorer

Thanking you

Edited by blondygirl, 22 February 2014 - 06:41 PM.

#38 Jo*

SuperMember

Malware Team
1,208 posts

Posted 23 February 2014 - 06:05 AM

Hello blondygirl,

....
High CPU, computer sounds like it wants to take off, FireFox hangs

**edit** I should also mention that now this is also happening when I use the Internet Explorer

Sorry to hear about that, but:
Your remaining issues with fan, CPU load and system restore are not malware related.
Please start a new topic at our MS Windows forum section.

Total Fragmentation on Drive C:: 10%

Only if it's no SSD drive: One thing that could help is to defrag your drive.

And think about Windows XP: The end of the road

Graduate of the WTT Classroom
Cheers,
Jo

#39 blondygirl

Authentic Member

Authentic Member
49 posts

Posted 25 February 2014 - 04:10 AM

Hi Jo :adios:

Thank you for all the time and assistance you gave me. I really appreciate all your help.

The end of XP has been on my mind for awhile now....good time to start hinting for an upgrade :whistling:

Thank you so much!! :notworthy:

blondy

#40 Jo*

SuperMember

Malware Team
1,208 posts

Posted 26 February 2014 - 12:21 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

Graduate of the WTT Classroom
Cheers,
Jo

Body Background

skin color theme