Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Trojan.Ransom.Gen and Trojan.PWS [Solved]


  • This topic is locked This topic is locked

#1
adam80

adam80

    Member

  • Member
  • PipPip
  • 54 posts
Had a screen come up with a phony official message claiming that my PC is illegally viewing/downloading content. I couldn't use the PC and the message would not go away, so I rebooted in safe mode and ran MBAM and removed/quarantined two files (see log below). The phony message is gone and I'm able to use my PC again. I'm concerned that there's other stuff that MBAM didn't catch. I just want to be sure I get rid of this mess completely. Any help is much appreciated. I've included an OTL log as well.

thanks,
Adam

MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.23.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode)
Internet Explorer 8.0.6001.18702
Jerry Adamson :: ADAMSONFAMILY [administrator]

8/28/2012 11:32:58 PM
mbam-log-2012-08-28 (23-32-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196424
Time elapsed: 5 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\Jerry Adamson\Local Settings\Temp\install_0_msi.exe (Trojan.PWS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Jerry Adamson\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

(end)

OTL

OTL logfile created on: 8/28/2012 11:58:35 PM - Run 2
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Security
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 747.13 Mb Available Physical Memory | 73.68% Memory free
2.38 Gb Paging File | 2.24 Gb Available in Paging File | 94.12% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.43 Gb Free Space | 54.85% Space Free | Partition Type: NTFS

Computer Name: ADAMSONFAMILY | User Name: Jerry Adamson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 23:54:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Security\OTL.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/25 13:13:18 | 000,329,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/11/01 15:41:50 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/28 01:31:28 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2011/11/01 15:42:05 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/11/16 12:11:32 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80501
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...id=80501&lng=en
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {8E53A6C3-55E1-49A4-B85D-1EB4E9B5F006}
IE - HKCU\..\SearchScopes\{8E53A6C3-55E1-49A4-B85D-1EB4E9B5F006}: "URL" = http://www.google.co...1I7ADRA_enUS477
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_95.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/03/27 22:10:36 | 000,610,100 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16230 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O15 - HKCU\..Trusted Domains: uploaded.to ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: utsa.edu ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48E2F46A-B3E5-4295-8DF8-2263540C81CB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/07 16:42:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/28 23:39:54 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry Adamson\Recent
[2012/08/01 23:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Adamson\Application Data\vlc
[2012/08/01 22:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 30 Days ==========

[2012/08/28 23:41:17 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/28 23:40:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/28 23:25:39 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/28 19:42:37 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Desktop\Yahoo! Mail The best web-based email!.url
[2012/08/28 13:25:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/28 13:25:18 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 21:00:55 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 13:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/01 22:54:59 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2012/08/28 23:16:23 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/01 22:54:59 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/16 22:23:22 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 22:07:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/26 19:20:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/20 21:32:44 | 000,069,385 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/03/20 21:32:44 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2012/03/07 17:14:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/03/07 16:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/07 16:39:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/07 10:34:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/07 10:33:52 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/06 18:21:27 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/11/01 15:42:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/11/01 15:42:10 | 000,433,278 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/01 15:42:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/11/01 15:42:10 | 000,068,234 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 15:42:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/11/01 15:42:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/11/01 15:42:09 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/11/01 15:42:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/11/01 15:42:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/11/01 15:42:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/11/01 15:41:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/11/01 15:41:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== LOP Check ==========

[2012/03/27 22:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2012/03/28 00:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/03/21 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2012/07/02 22:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Audacity
[2012/05/21 22:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\ElevatedDiagnostics
[2012/03/20 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Image Zone Express
[2012/03/28 01:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\LibreOffice
[2012/04/05 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Oracle
[2012/03/29 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Philipp Winterberg
[2012/06/20 13:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Scholastic
[2012/03/21 19:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\TaxCut
[2012/03/27 22:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
  • 0

Advertisement


#2
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,312 posts
Hello adam80, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.



I don't see anything else that jumps out in the log. But let's run a couple of additional scans to make sure.
Also, I don't see an antivirus program running on the computer. Do you have one?
Also, when you ran the OTL scan the first time it produced a file named Extras.txt. I need to see that file. You should find it in the C:\Security folder that you ran OTL from.


Step-1

Run RogueKiller

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Double click the RogueKiller.exe. file to run the program.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
Please post:

All RKreport.txt text files located on your desktop.
NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again


Step-2.

AdwCleaner by Xplode

Download AdwCleaner from here to your desktop.
  • XP users, double click the adwcleaner.exe file to run AdwCleaner. (Vista and 7 users)right click and select Run as administrator
  • Click the Search button and wait for the scan to finish.
  • Once done it will ask to reboot, allow this.
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[R1].txt
Posted Image


Step-3.

Things For Your Next Post:
1. Please answer my question about the antivirus program
2. The Extras.txt log
3. The RKReport.txt log
4. The AdwCleaner[R!].txt log
  • 0

#3
adam80

adam80

    Member

  • Member
  • PipPip
  • 54 posts
I don't have an antivirus program. I didn't find an Extras.txt, so I tried running OTL again and only received another OTL.txt file. What should I do? Here's the other logs you asked for.

Thanks again,
Adam

RogueKiller V8.0.0 [08/26/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Jerry Adamson [Admin rights]
Mode : Scan -- Date : 08/29/2012 12:44:12

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST340014AS +++++
--- User ---
[MBR] e941622f4adb921057bbb27cef8418ff
[BSP] 7300be3f1d1e1bdc8ab71557b57afe22 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt


# AdwCleaner v1.801 - Logfile created 08/29/2012 at 12:47:26
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jerry Adamson - ADAMSONFAMILY
# Boot Mode : Normal
# Running from : C:\Security\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****


***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80501&lng=en
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80501
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80501&lng=en
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80501

*************************

AdwCleaner[R1].txt - [3005 octets] - [29/08/2012 12:47:26]

########## EOF - C:\AdwCleaner[R1].txt - [3133 octets] ##########
  • 0

#4
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,312 posts
Hi, :)

We'll get the Extras.txt file another way :thumbsup:

We will get an antivirus installed shortly. There are some excellent free antivirus programs. I'm amazed that your system isn't really infected. You must practice very safe web surfing.
As for the Extras.txt file, let's do this....OTL should be run from the desktop. One of the reasons is because the files it produces are easier to find. So we are gonna move OTL to the Desktop.

Next we will run a new OTL scan that will get information on all users, information on some additional locations and if you check the right boxes it will produce the Extras.txt file.

Then we will start cleaning up your computer.


Step-2.

I want you to go to the C:\Security folder and right click on the OTL file and click Copy.
Then go to the DESKTOP, find an empty area and right click and click Paste. This will put OTL on the Desktop.

Then go back to the C:\Security folder and delete the OTL file and any other files you find there related to OTL. Normally these are the OTL.txt file and the Extras.txt file.
If the OTL files are the only ones in the folder, you can just delete the folder.


Now we are gonna do a OTL custom scan. This will also create the Extras.txt file. Please read the directions carefully
It might help if you print them out before you start.


Step-2.

Posted Image OTL Custom Scan

1. Please copy the text in the code box below and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the code box, right click the mouse and click Copy.
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s
C:\Program Files\Common Files\ComObjects\*.* /s
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c

2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it.
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users at the top of the console
  • Do Not click the box beside Include 24bit Scans if it is available.
  • Make sure the Output box at the top is set to Standard Output.
    This is the part that will generate the Extras.txt file
  • In the Extra Registry section, click the radio button beside Use Safelist<--Very Important
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste.This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-3.

Things For Your Next Post:
1. The new OTL.txt log
2. The Extras.txt log.
  • 0

#5
adam80

adam80

    Member

  • Member
  • PipPip
  • 54 posts
Here's the logs you asked for:

OTL logfile created on: 8/29/2012 9:23:28 PM - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Jerry Adamson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 743.58 Mb Available Physical Memory | 73.33% Memory free
2.38 Gb Paging File | 2.24 Gb Available in Paging File | 94.11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.28 Gb Free Space | 54.45% Space Free | Partition Type: NTFS

Computer Name: ADAMSONFAMILY | User Name: Jerry Adamson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 23:54:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/25 13:13:18 | 000,329,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/11/01 15:41:50 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/17 20:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/28 01:31:28 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2011/11/01 15:42:05 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/11/16 12:11:32 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80501
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox...id=80501&lng=en
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://1ste.com/welcome
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://1ste.com/welcome
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://1ste.com/welcome
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://1ste.com/welcome
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://1ste.com/welcome
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://1ste.com/welcome
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://1ste.com/welcome
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://1ste.com/welcome
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox...tb_id&%language
IE - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\..\SearchScopes,DefaultScope = {8E53A6C3-55E1-49A4-B85D-1EB4E9B5F006}
IE - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\..\SearchScopes\{8E53A6C3-55E1-49A4-B85D-1EB4E9B5F006}: "URL" = http://www.google.co...1I7ADRA_enUS477
IE - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_95.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/03/27 22:10:36 | 000,610,100 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16230 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\..Trusted Domains: uploaded.to ([]* in Trusted sites)
O15 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\..Trusted Domains: utsa.edu ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48E2F46A-B3E5-4295-8DF8-2263540C81CB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/07 16:42:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2099/01/01 12:00:00 | 004,256,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res.dll
[2099/01/01 12:00:00 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2099/01/01 12:00:00 | 002,479,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoeres.dll
[2099/01/01 12:00:00 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ss3dfo.scr
[2099/01/01 12:00:00 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ss3dfo.scr
[2099/01/01 12:00:00 | 000,679,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sstext3d.scr
[2099/01/01 12:00:00 | 000,679,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sstext3d.scr
[2099/01/01 12:00:00 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sspipes.scr
[2099/01/01 12:00:00 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sspipes.scr
[2099/01/01 12:00:00 | 000,502,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxa.dll
[2099/01/01 12:00:00 | 000,402,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2filt.dll
[2099/01/01 12:00:00 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssflwbox.scr
[2099/01/01 12:00:00 | 000,393,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssflwbox.scr
[2099/01/01 12:00:00 | 000,325,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2fxb.dll
[2099/01/01 12:00:00 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ae.dll
[2099/01/01 12:00:00 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oeimport.dll
[2099/01/01 12:00:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabimp.dll
[2099/01/01 12:00:00 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\setup50.exe
[2099/01/01 12:00:00 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemig50.exe
[2099/01/01 12:00:00 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msimn.exe
[2099/01/01 12:00:00 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmypics.scr
[2099/01/01 12:00:00 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmypics.scr
[2099/01/01 12:00:00 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2099/01/01 12:00:00 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oemiglib.dll
[2099/01/01 12:00:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabfind.dll
[2099/01/01 12:00:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wabmig.exe
[2099/01/01 12:00:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmarque.scr
[2099/01/01 12:00:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmarque.scr
[2099/01/01 12:00:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssbezier.scr
[2099/01/01 12:00:00 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssbezier.scr
[2099/01/01 12:00:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssmyst.scr
[2099/01/01 12:00:00 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssmyst.scr
[2099/01/01 12:00:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ssstars.scr
[2099/01/01 12:00:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ssstars.scr
[2099/01/01 12:00:00 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2ext.dll
[2099/01/01 12:00:00 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2res2.dll
[2099/01/01 12:00:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmm2eres.dll
[2012/08/29 16:26:38 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry Adamson\Recent
[2012/08/29 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Adamson\Desktop\RK_Quarantine
[2012/08/28 23:54:54 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
[2012/08/01 23:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Adamson\Application Data\vlc
[2012/08/01 22:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 30 Days ==========

[2012/08/29 21:18:36 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/29 21:18:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/28 23:54:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
[2012/08/28 23:25:39 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/28 19:42:37 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Desktop\Yahoo! Mail The best web-based email!.url
[2012/08/28 13:25:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/28 13:25:18 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 21:00:55 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 13:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/01 22:54:59 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2012/08/28 23:16:23 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/01 22:54:59 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/16 22:23:22 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 22:07:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/26 19:20:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/20 21:32:44 | 000,069,385 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/03/20 21:32:44 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2012/03/07 17:14:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/03/07 16:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/07 16:39:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/07 10:34:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/07 10:33:52 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/06 18:21:27 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/11/01 15:42:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/11/01 15:42:10 | 000,433,278 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/01 15:42:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/11/01 15:42:10 | 000,068,234 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 15:42:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/11/01 15:42:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/11/01 15:42:09 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/11/01 15:42:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/11/01 15:42:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/11/01 15:42:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/11/01 15:41:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/11/01 15:41:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/11/01 15:41:50 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2011/11/01 15:41:50 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: QMGR.DLL >
[2011/11/01 15:42:10 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\dllcache\qmgr.dll
[2011/11/01 15:42:10 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: SERVICES >
[2011/11/01 15:42:11 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/07/27 15:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2011/11/01 15:42:11 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.HTML >
[2008/04/16 11:29:04 | 000,004,166 | ---- | M] () MD5=DB0CABD236311DDEB186C9B8A13F39A6 -- C:\Program Files\BillP Studios\WinPatrol\services.html

< MD5 for: SERVICES.LNK >
[2012/03/28 01:29:06 | 000,001,602 | ---- | M] () MD5=B5B0C1F7588753F5855466A844DFF319 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2011/11/01 15:42:11 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SVCHOST.EXE >
[2011/11/01 15:42:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2011/11/01 15:42:12 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2011/11/01 15:42:12 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2011/11/01 15:42:12 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/11/01 15:42:13 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2011/11/01 15:42:13 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >
"Type" = 32
"Start" = 3
"ErrorControl" = 1
"ImagePath" = %SystemRoot%\system32\svchost.exe -k netsvcs -- [2011/11/01 15:42:12 | 000,014,336 | ---- | M] (Microsoft Corporation)
"DisplayName" = Background Intelligent Transfer Service
"DependOnService" = RpcSs [binary data] -- [2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation)
"DependOnGroup" = [binary data]
"ObjectName" = LocalSystem
"Description" = Transfers data between clients and servers in the background. If BITS is disabled, features such as Windows Update will not work correctly.
"FailureActions" = 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 68 E3 0C 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 01 00 00 00 60 EA 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Parameters]
"ServiceDll" = C:\WINDOWS\system32\qmgr.dll -- [2011/11/01 15:42:10 | 000,409,088 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]
"0" = Root\LEGACY_BITS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Local\AutoProxyCache /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: ST340014AS
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 37.00GB
Starting Offset: 32256
Hidden sectors: 0


< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: ADAMSONFAMILY
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 E DVD-ROM 0 B
Volume 2 C NTFS Partition 37 GB Healthy System

< >

< End of report >


OTL Extras logfile created on: 8/29/2012 9:23:28 PM - Run 4
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Jerry Adamson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 743.58 Mb Available Physical Memory | 73.33% Memory free
2.38 Gb Paging File | 2.24 Gb Available in Paging File | 94.11% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.28 Gb Free Space | 54.45% Space Free | Partition Type: NTFS

Computer Name: ADAMSONFAMILY | User Name: Jerry Adamson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hta [@ = ] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0FF18B53-CA57-40BB-B562-21A27B662005}" = 1600
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java™ 7 Update 5
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{302A1E2E-DD58-4673-BC99-9CC10EC2637A}" = WinPatrol
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{7AEBFFF0-15A1-48A9-88F3-06604486C7C9}" = WMPTagSupportExtender
"{80C3019B-3BA4-4674-AC90-A0B402593BA5}_is1" = WMP Tag Plus 1.2
"{85BCA736-A0F4-448E-9BC1-6EA08693E10B}" = HP Image Zone Express
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A45C5EC7-F13E-4414-99BE-47373935C0FE}" = Eraser 6.0.10.2620
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB449D5A-7710-47aa-B9F5-352B877C90E6}" = 1600_Help
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F4C6CC40-1142-49be-A28C-7BBD36F0B41A}" = 1600Trb
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"CDisplay_is1" = CDisplay 1.8
"DS-Monkey Audio Source" = DS-Monkey Audio Source 1.00
"EncSpot Basic_is1" = EncSpot Basic 2.0
"HP Photo & Imaging" = HP Image Zone 4.7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"RadLight APE DirectShow filter" = RadLight APE DirectShow filter (remove only)
"RarZilla Free Unrar" = RarZilla Free Unrar
"RealAlt_is1" = Real Alternative 2.0.2
"VLC media player" = VLC media player 2.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/6/2012 2:33:27 PM | Computer Name = ADAMSONFAMILY | Source = Application Error | ID = 1000
Description = Faulting application nerostartsmart.exe, version 2.1.0.11, faulting
module nerostartsmart.exe, version 2.1.0.11, fault address 0x0010a30f.

[ System Events ]
Error - 8/25/2012 12:08:12 AM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/25/2012 9:18:11 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/25/2012 11:53:52 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/26/2012 9:20:35 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/27/2012 10:20:05 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/27/2012 11:21:55 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/27/2012 11:23:17 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/28/2012 1:28:48 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/28/2012 10:14:15 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Pml Driver HPZ12 service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/28/2012 11:37:41 PM | Computer Name = ADAMSONFAMILY | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).


< End of report >
  • 0

#6
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,312 posts
Hi Adam,

Thanks for the logs. Let's see if we can clean your machine up :thumbsup:


Step-1.

Run AdwCleaner Fix

Re-open AdwCleaner
  • Click the Deletion button and wait for the scan.
    Posted Image
  • When the scan ends, a report appears.
  • Once done it will ask to reboot, allow this
  • On reboot a log will be produced please attach that. This report is also saved to C:\AdwCleaner[S1].txt


Step-2.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:OTL
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O15 - HKU\S-1-5-21-1801674531-2025429265-1177238915-1003\..Trusted Domains: uploaded.to ([]* in Trusted sites)

:FILES
ipconfig /flushdns /c

:COMMANDS
[RESETHOSTS]
[EMPTYTEMP]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-3.

Things For Your Next Post:
1. The AdwCleaner[S1].txt log
2. The OTL fixes log
3. The new OTL.txt log
4. How is the computer running now?
  • 0

#7
adam80

adam80

    Member

  • Member
  • PipPip
  • 54 posts
Here's my logs. There doesn't seem to be any problems. :)

# AdwCleaner v1.801 - Logfile created 08/30/2012 at 13:19:27
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Jerry Adamson - ADAMSONFAMILY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jerry Adamson\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

***** [Registry] *****


***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80501&lng=en --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80501 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80501&lng=en --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80501 --> hxxp://www.google.com

*************************

AdwCleaner[S1].txt - [3260 octets] - [30/08/2012 13:19:27]

########## EOF - C:\AdwCleaner[S1].txt - [3388 octets] ##########



All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1801674531-2025429265-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\uploaded.to\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Jerry Adamson\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jerry Adamson\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jerry Adamson
->Temp folder emptied: 45723 bytes
->Temporary Internet Files folder emptied: 1368588 bytes
->Flash cache emptied: 470 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1.00 mb


OTL by OldTimer - Version 3.2.59.1 log created on 08302012_132539

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...



OTL logfile created on: 8/30/2012 1:31:28 PM - Run 5
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Jerry Adamson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 717.11 Mb Available Physical Memory | 70.72% Memory free
2.38 Gb Paging File | 2.21 Gb Available in Paging File | 92.86% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 19.74 Gb Free Space | 53.00% Space Free | Partition Type: NTFS

Computer Name: ADAMSONFAMILY | User Name: Jerry Adamson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 23:54:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/25 13:13:18 | 000,329,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/11/01 15:41:50 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/28 01:31:28 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2011/11/01 15:42:05 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/11/16 12:11:32 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {8E53A6C3-55E1-49A4-B85D-1EB4E9B5F006}
IE - HKCU\..\SearchScopes\{8E53A6C3-55E1-49A4-B85D-1EB4E9B5F006}: "URL" = http://www.google.co...1I7ADRA_enUS477
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_95.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/08/30 13:25:55 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O15 - HKCU\..Trusted Domains: utsa.edu ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48E2F46A-B3E5-4295-8DF8-2263540C81CB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/07 16:42:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/30 13:25:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/30 13:19:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry Adamson\Recent
[2012/08/29 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Adamson\Desktop\RK_Quarantine
[2012/08/28 23:54:54 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
[2012/08/01 23:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Adamson\Application Data\vlc
[2012/08/01 22:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 30 Days ==========

[2012/08/30 13:27:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/30 13:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/30 13:25:55 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/08/29 12:36:37 | 000,618,227 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Desktop\adwcleaner.exe
[2012/08/28 23:54:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
[2012/08/28 23:25:39 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/28 19:42:37 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Desktop\Yahoo! Mail The best web-based email!.url
[2012/08/28 13:25:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/28 13:25:18 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 21:00:55 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 13:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/01 22:54:59 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2012/08/29 12:36:33 | 000,618,227 | ---- | C] () -- C:\Documents and Settings\Jerry Adamson\Desktop\adwcleaner.exe
[2012/08/28 23:16:23 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/01 22:54:59 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/16 22:23:22 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 22:07:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/26 19:20:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/20 21:32:44 | 000,069,385 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/03/20 21:32:44 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2012/03/07 17:14:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/03/07 16:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/07 16:39:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/07 10:34:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/07 10:33:52 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/06 18:21:27 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/11/01 15:42:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/11/01 15:42:10 | 000,433,278 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/01 15:42:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/11/01 15:42:10 | 000,068,234 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 15:42:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/11/01 15:42:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/11/01 15:42:09 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/11/01 15:42:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/11/01 15:42:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/11/01 15:42:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/11/01 15:41:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/11/01 15:41:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== LOP Check ==========

[2012/03/28 00:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/03/21 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2012/07/02 22:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Audacity
[2012/05/21 22:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\ElevatedDiagnostics
[2012/03/20 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Image Zone Express
[2012/03/28 01:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\LibreOffice
[2012/04/05 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Oracle
[2012/03/29 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Philipp Winterberg
[2012/06/20 13:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Scholastic
[2012/03/21 19:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\TaxCut
[2012/03/27 22:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
  • 0

#8
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,312 posts
Hi adam, :)

There doesn't seem to be any problems.

That's what we like to hear :thumbsup:

After this run we will get an antivirus on the system and then if everything is OK, we'll cleanup.


Step-1.

Posted ImageMalwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Once downloaded, close all programs and browsers on your computer.

Right click the mbam-setup.exe file and click Run As Administrator, then click the Continue button on the UAC window to install the application.
  • When the installation begins, keep following the prompts in order to continue with the installation process. Do not make any changes to default settings.
  • When the program has finished installing, make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • MBAM will now automatically start and you will see a message stating that you should update the program before performing a scan.
  • As MBAM will automatically update itself after the install, you can press the OK button to close that box and you will now be at the main program as shown below.

    NOTE: When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)

    Posted Image
  • On the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

I would suggest that you keep this antimalware program. Run a Quick Scan frequently and a Full Scan every week or so. Update the definition files before running a scan. Click the Update tab and update from there.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • When completed Do Not select Uninstall application on close. Make sure you copy the log file
  • Now click on: Posted Image
  • If you didn't copy the log file, use notepad to open the log file located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Things For Your Next Post:
1. The MalwareBytes log
2. The ESET online scan log
  • 0

#9
adam80

adam80

    Member

  • Member
  • PipPip
  • 54 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.31.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jerry Adamson :: ADAMSONFAMILY [administrator]

8/30/2012 9:18:39 PM
mbam-log-2012-08-30 (21-18-39).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 238217
Time elapsed: 29 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\50\c024a32-47119091 (Trojan.PWS) -> Quarantined and deleted successfully.

(end)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8afa3629ea6e434f9861f5e171eb79c7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-31 05:39:16
# local_time=2012-08-31 12:39:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=41044
# found=26
# cleaned=0
# scan_time=2166
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\flstudio_10.0.8_online.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\Complete Extras\deckadance_1.93.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1\5bbc3881-2b5b22f6 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\221acdd3-7493c2f5 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\5a50c413-3f04dc6e Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23\560dfd7-26854df0 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\26\44758b9a-3af0fd1c Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27\1d773cdb-670a1a9e multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27\69dc2db-331e3666 Java/Exploit.Agent.NAX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27\69dc2db-5d318722 Java/Exploit.Agent.NAT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\28\7ea3c55c-1eaa5468 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\3\25201b83-26570980 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\31\4adff31f-56cdf231 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39\2c518ee7-115721b9 Java/Exploit.Agent.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\483df029-243ed4ff Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\46\41fe522e-27556661 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\48\44558070-12b6f43a Java/Exploit.CVE-2012-1723.BE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51\1691b033-1c687fdd multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51\588fe573-2d813c9e Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\3f40bb4-7e60a375 a variant of Java/Exploit.CVE-2012-4681.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54\2072f536-44a14013 probably a variant of Java/Exploit.CVE-2012-0507.BJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54\3ebb08b6-6c2a06b3 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56\4a5acc38-5239b356 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6\7460f06-28a182c3 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8\20a8d188-31af72b6 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\9\587e77c9-1aa804ba Java/Exploit.CVE-2012-0507.K trojan (unable to clean) 00000000000000000000000000000000 I
  • 0

#10
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,312 posts
Hi adam80 :)

The logs are looking good. We'll just clean up the stragglers. Then get an antivirus on the system and a final quick scan and we should be ready to cleanup ;)


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the code box below. To do this, highlight everything
inside the code box , right click and click Copy.
:COMMANDS
[CREATERESTOREPOINT]

:OTL
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

:FILES
ipconfig /flushdns /c
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\flstudio_10.0.8_online.exe Win32
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\Complete Extras\deckadance_1.93.exe Win32
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0

:COMMANDS
[REBOOT]

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop.
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
10. Run OTL again and click the Posted Image button. Post the log it produces in your next reply.


Step-2.

Let's get an antivirus on the system.

Please go to our Free Antivirus and Antispyware Software page.

Scroll down to the Free Antivirus Software section and download only one of the programs listed to the Desktop
Then double click on the setup file to start the installation and follow the prompts.
I use Microsoft Securith Essentials. It is recommended by GTG, it takes fewer system resources, it has a smaller footprint. And it seems to play better with other programs on the system. This is one of those cases where Microsoft has an excellent program.


Step-3.

Things For Your Next Post:
1. The OTL fixes log
2. The new OTL.txt log
3. Let me know how the antivirus install went.
  • 0
<

Advertisement


#11
adam80

adam80

    Member

  • Member
  • PipPip
  • 54 posts
I ran the fix and here are the logs and then downloaded Microsoft Security Essentials and ran it, there doesn't seem to be any more problems.

Thanks,
Adam

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.
C:\Documents and Settings\Jerry Adamson\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jerry Adamson\Desktop\cmd.txt deleted successfully.
File\Folder C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\flstudio_10.0.8_online.exe Win32 not found.
File\Folder C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\Complete Extras\deckadance_1.93.exe Win32 not found.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.59.1 log created on 08312012_130750


OTL logfile created on: 8/31/2012 1:10:06 PM - Run 6
OTL by OldTimer - Version 3.2.59.1 Folder = C:\Documents and Settings\Jerry Adamson\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 747.63 Mb Available Physical Memory | 73.73% Memory free
2.38 Gb Paging File | 2.24 Gb Available in Paging File | 93.94% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 19.62 Gb Free Space | 52.66% Space Free | Partition Type: NTFS

Computer Name: ADAMSONFAMILY | User Name: Jerry Adamson | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/28 23:54:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/25 13:13:18 | 000,329,312 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/11/01 15:41:50 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll


========== Services (SafeList) ==========

SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/28 01:31:28 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2011/11/01 15:42:05 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/11/16 12:11:32 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {8E53A6C3-55E1-49A4-B85D-1EB4E9B5F006}
IE - HKCU\..\SearchScopes\{8E53A6C3-55E1-49A4-B85D-1EB4E9B5F006}: "URL" = http://www.google.co...1I7ADRA_enUS477
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_95.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2012/08/30 13:44:00 | 000,600,511 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 csh.actiondesk.com
O1 - Hosts: 127.0.0.1 www.activemeter.com #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 cms.ad2click.nl
O1 - Hosts: 16124 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O15 - HKCU\..Trusted Domains: utsa.edu ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48E2F46A-B3E5-4295-8DF8-2263540C81CB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/07 16:42:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/31 01:44:59 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jerry Adamson\Recent
[2012/08/30 23:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/30 13:25:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/29 12:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Adamson\Desktop\RK_Quarantine
[2012/08/28 23:54:54 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
[2012/08/01 23:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jerry Adamson\Application Data\vlc
[2012/08/01 22:54:10 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN

========== Files - Modified Within 30 Days ==========

[2012/08/31 13:09:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/08/31 13:08:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/08/30 13:44:00 | 000,600,511 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2012/08/28 23:54:57 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jerry Adamson\Desktop\OTL.exe
[2012/08/28 23:25:39 | 083,023,306 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/28 19:42:37 | 000,000,571 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Desktop\Yahoo! Mail The best web-based email!.url
[2012/08/28 13:25:19 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/08/28 13:25:18 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/15 21:00:55 | 000,226,408 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 13:01:20 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/01 22:54:59 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk

========== Files Created - No Company Name ==========

[2012/08/28 23:16:23 | 083,023,306 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ism_0_llatsni.pad
[2012/08/01 22:54:59 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/05/16 22:23:22 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/13 22:07:00 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/03/26 19:20:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/03/20 21:32:44 | 000,069,385 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2012/03/20 21:32:44 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2012/03/07 17:14:18 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2012/03/07 16:45:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/03/07 16:39:52 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/03/07 10:34:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/03/07 10:33:52 | 000,226,408 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/06 18:21:27 | 000,000,600 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2011/11/01 15:42:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/11/01 15:42:10 | 000,433,278 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/01 15:42:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/11/01 15:42:10 | 000,068,234 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/01 15:42:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/11/01 15:42:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/11/01 15:42:09 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/11/01 15:42:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/11/01 15:42:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/11/01 15:42:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/11/01 15:41:49 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/11/01 15:41:48 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

========== LOP Check ==========

[2012/03/28 00:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/03/21 19:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2012/07/02 22:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Audacity
[2012/05/21 22:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\ElevatedDiagnostics
[2012/03/20 22:00:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Image Zone Express
[2012/03/28 01:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\LibreOffice
[2012/04/05 13:16:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Oracle
[2012/03/29 13:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Philipp Winterberg
[2012/06/20 13:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\Scholastic
[2012/03/21 19:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\TaxCut
[2012/03/27 22:12:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jerry Adamson\Application Data\WinPatrol

========== Purity Check ==========



< End of report >
  • 0

#12
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,312 posts
Hi adam80,

I ran the fix and here are the logs and then downloaded Microsoft Security Essentials and ran it, there doesn't seem to be any more problems.

Well yes and no. This from the OTL fixes log:

< ipconfig /flushdns /c >
Windows IP Configuration
Could not flush the DNS Resolver Cache: Function failed during execution.

The DNS Client service doesn't appear to be running. Let's get a scan to see if there any other services broken.


Step-1.

Run Farbar Service Scanner

Please download Farbar Service Scanner to the desktop.
Doubleclick the FSS.exe file to run it. (Vista and 7 users may need to right click the file and click Run as Administrator)
  • Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step-2.

Things For Your Next Post:
1. The FSS.txt log
  • 0

#13
adam80

adam80

    Member

  • Member
  • PipPip
  • 54 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Jerry Adamson (administrator) on 31-08-2012 at 20:21:46
Running from "C:\Documents and Settings\Jerry Adamson\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

#14
godawgs

godawgs

    Teacher

  • GeekU Moderator
  • 5,312 posts
Hi adam80,

Yep, that's it. Let's check it.

  • Click Start, click Run, type services.msc in the run box and then click OK.
  • In the list of services,under the Name cloumn, click DNS Client.
  • Make sure that the Status column displays Started and that the Startup Type column displays [/b]Automatic[/b].
    If the service is not set to Started or if the startup type for the DNS Client service is not set to Automatic, follow these steps:
    • Right-click DNS Client, and then click Properties.
    • In the DNS Client Properties dialog box, click the General tab.
    • If the StartUp type: is set to Disabled, click the down arrow beside Disabled and click Automatic.
    • In the Service status: says Stopped, click the Start button. Then click Apply, and then click OK and close the Services window.
  • Reboot the computer


Step-1.

If the service was stopped and you had to re-start it:

Run the Farbar Service Scanner again and post the new log.
  • 0

#15
adam80

adam80

    Member

  • Member
  • PipPip
  • 54 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Jerry Adamson (administrator) on 31-08-2012 at 21:50:02
Running from "C:\Documents and Settings\Jerry Adamson\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.

**** End of log ****
  • 0

Advertisement




Similar Topics: Trojan.Ransom.Gen and Trojan.PWS [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured