Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Lost quick launch icons and more. [Closed]

Started by turkeestalker , Sep 24 2012 08:28 AM

This topic is locked

#1
turkeestalker

Posted 24 September 2012 - 08:28 AM

Member

Member
35 posts

Contracted something that has caused my quick launch icons to disappear from my desktop. Also I am not able to open any programs from my start menu, I have to actually find the icon in the folder on my hard drive and right click then click open from that drop down menu. I have been unable to use system restore to go back to an earlier configuration to try to correct the problem. Any help would be grearly appreciated.

Microsoft Windows XP Professional
Version 2002
Service pack 3

Panda Cloud Antivirus

#2
turkeestalker

Posted 24 September 2012 - 08:56 AM

Member

Topic Starter
Member
35 posts

OTL logfile created on: 9/24/2012 9:31:00 AM - Run 2
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Documents and Settings\General User\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 390.55 Mb Available Physical Memory | 38.51% Memory free
2.38 Gb Paging File | 1.77 Gb Available in Paging File | 74.08% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.38 Gb Free Space | 3.70% Space Free | Partition Type: NTFS
Drive E: | 111.79 Gb Total Space | 13.56 Gb Free Space | 12.13% Space Free | Partition Type: NTFS

Computer Name: GENERAL-NZ0WBHD | User Name: General User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/24 09:30:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\General User\Desktop\OTL.exe
PRC - [2012/07/13 11:35:54 | 000,116,632 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
PRC - [2012/07/13 11:35:52 | 000,776,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/06/05 11:48:30 | 000,087,400 | ---- | M] (Nero AG) -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2012/04/08 19:23:36 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/09 14:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/04/28 13:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/06/26 11:34:58 | 000,166,448 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\QuickCam10\COCIManager.exe
PRC - [2006/06/26 11:34:40 | 000,614,960 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
PRC - [2006/06/26 11:33:32 | 000,243,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2006/06/26 10:46:04 | 000,497,200 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/13 11:35:54 | 000,116,632 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
MOD - [2012/07/13 11:35:52 | 000,776,088 | ---- | M] () -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
MOD - [2012/06/05 11:49:18 | 000,465,672 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\sqlite3.dll
MOD - [2012/06/05 11:48:04 | 000,034,168 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NFileCacheDBAccess.dll
MOD - [2012/06/05 11:47:56 | 000,045,408 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\NAdvLog.dll
MOD - [2012/06/05 11:47:38 | 000,128,368 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\LiveupdateTactics.dll
MOD - [2012/06/05 11:47:14 | 000,023,904 | ---- | M] () -- C:\Program Files\Motorola Media Link\Lite\DbAccess.dll
MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2007/02/14 12:55:11 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll
MOD - [2007/02/14 12:55:10 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll
MOD - [2006/06/26 11:34:46 | 000,988,720 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10Res.dll
MOD - [2006/06/26 11:34:40 | 000,614,960 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2012/07/13 11:35:54 | 000,116,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/05 11:48:30 | 000,087,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/04/28 12:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/06/26 11:33:56 | 000,091,696 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logitech\SrvLnch\srvlnch.exe -- (LVSrvLauncher)
SRV - [2006/06/26 11:33:42 | 000,099,888 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motport.sys -- (motport)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Motousbnet.sys -- (Motousbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motmodem.sys -- (motmodem)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\GENERA~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\motfilt.sys -- (BTCFilterService)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/06/11 11:56:32 | 000,020,864 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2012/06/08 16:08:52 | 000,006,656 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2012/01/25 14:57:46 | 000,008,448 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2012/01/05 13:10:09 | 000,144,008 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/11/30 18:37:24 | 000,112,648 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/11/23 09:59:40 | 000,130,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 12:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 12:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2009/07/10 14:01:06 | 000,025,856 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motoandroid.sys -- (motandroidusb)
DRV - [2009/06/30 09:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot)
DRV - [2008/08/27 03:47:08 | 000,337,408 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187B.sys -- (RTL8187B)
DRV - [2006/06/26 11:33:40 | 000,023,472 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006/06/26 11:33:36 | 001,952,816 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2006/06/26 11:33:28 | 001,587,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2006/06/22 17:29:47 | 000,961,072 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2006/06/22 17:29:47 | 000,020,272 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2006/06/22 17:29:43 | 000,055,984 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus)
DRV - [2006/06/22 17:29:40 | 001,413,424 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2005/03/17 16:30:10 | 000,132,608 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/10/08 06:59:11 | 000,326,656 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Camdrl.sys -- (CamDrL)
DRV - [2004/10/08 06:57:48 | 000,022,016 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/06/08 14:57:57 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...omplete=0&hl=en
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...sa&d=2012-01-29 07:18:43&v=9.0.0.23&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{AE145E1E-82BE-44B6-ADDF-231A5C6B6DC9}: "URL" = http://www.mysearchr...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co...mplete=0&hl=en"
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

[2012/09/22 10:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\General User\Application Data\Mozilla\Firefox\Profiles\fr0fug9p.default\extensions
[2012/09/16 11:30:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\General User\Application Data\Mozilla\Firefox\Profiles\fr0fug9p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2012/09/22 10:38:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1200146452691 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoft...s/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} http://acs.pandasoft...5/asproinst.cab (ASPRO Installer Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2254D304-6171-46F4-8B16-39D35A8CE65B}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\General User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\General User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/28 04:07:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/11/05 16:39:18 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/24 09:29:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\General User\Desktop\OTL.exe
[2012/09/23 17:38:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/22 16:14:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2012/09/22 16:14:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\General User\Start Menu\Programs\AVS4YOU
[2012/09/22 16:13:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVS4YOU
[2012/09/22 16:13:39 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2012/09/22 16:13:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia
[2012/09/22 16:13:38 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2012/09/22 16:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU
[2012/09/22 10:17:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/09/21 20:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free Offers from Freeze.com
[2012/09/21 05:02:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/09/20 18:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2012/09/20 18:09:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/09/20 18:08:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\General User\Local Settings\Application Data\Google
[2012/09/15 20:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\General User\Local Settings\Application Data\Mozilla
[2012/09/15 20:39:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\General User\Application Data\Mozilla
[2012/09/15 20:39:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/09/15 20:39:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox(2)
[2012/09/11 18:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\General User\Desktop\Kiearra Nichole Zanderholmes
[2012/09/05 18:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\General User\Application Data\FileZilla
[2012/08/25 21:41:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/08/25 21:41:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/08/25 21:41:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/08/25 21:41:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/08/25 21:39:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/08/25 21:38:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2008/05/17 05:33:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\General User\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/24 09:30:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\General User\Desktop\OTL.exe
[2012/09/24 01:47:25 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/09/23 18:58:00 | 000,000,476 | ---- | M] () -- C:\WINDOWS\tasks\Motorola Device Manager Engine.job
[2012/09/23 17:41:00 | 000,000,450 | ---- | M] () -- C:\WINDOWS\tasks\MotoCast Update.job
[2012/09/23 14:09:44 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\General User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/22 16:19:33 | 009,770,040 | ---- | M] () -- C:\Documents and Settings\General User\My Documents\justine.pdf
[2012/09/22 15:10:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/22 15:10:09 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1844237615-1482476501-839522115-1003.job
[2012/09/22 15:09:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/22 10:38:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/22 10:17:46 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/09/22 09:50:10 | 000,897,888 | ---- | M] () -- C:\Documents and Settings\General User\Desktop\pdf converter setup.exe
[2012/09/20 17:55:06 | 034,296,696 | ---- | M] () -- C:\Documents and Settings\General User\My Documents\vlcmediaplayer-setup.exe
[2012/09/20 17:50:13 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1844237615-1482476501-839522115-1003.job
[2012/09/17 19:18:57 | 000,000,175 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/09/17 19:13:48 | 000,001,534 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2012/09/17 04:55:32 | 000,000,298 | ---- | M] () -- C:\Documents and Settings\General User\Desktop\Invisible Users.url
[2012/09/16 18:58:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Motorola Device Manager Update.job
[2012/09/12 15:57:11 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/11 18:18:38 | 000,000,468 | ---- | M] () -- C:\Documents and Settings\General User\My Documents\Document.rtf
[2012/09/09 07:55:40 | 000,019,451 | ---- | M] () -- C:\Documents and Settings\General User\My Documents\95.jpg
[2012/09/09 07:48:03 | 000,021,816 | ---- | M] () -- C:\Documents and Settings\General User\My Documents\51.jpg
[2012/09/03 14:22:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2012/09/02 16:42:09 | 000,021,639 | ---- | M] () -- C:\Documents and Settings\General User\Desktop\kiearra.jpg
[2012/09/01 15:27:38 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\General User\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/08/28 20:44:54 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/08/28 10:14:53 | 006,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2012/08/28 10:14:53 | 001,212,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/08/28 10:14:53 | 000,916,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/08/28 10:14:53 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/08/28 10:14:53 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/08/28 10:14:53 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012/08/28 10:14:53 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012/08/28 10:14:53 | 000,521,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/08/28 10:14:53 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012/08/28 10:14:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/08/28 10:14:53 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/08/28 10:14:53 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012/08/28 10:14:53 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/08/28 10:14:53 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/08/28 10:14:53 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012/08/28 10:14:53 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012/08/28 10:14:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012/08/28 10:14:53 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012/08/28 10:14:52 | 002,000,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/08/28 10:14:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012/08/28 10:14:52 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012/08/28 10:14:52 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/08/28 10:14:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012/08/28 10:14:52 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012/08/28 10:14:52 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/08/28 10:14:52 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/08/28 07:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012/08/28 07:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012/08/28 07:07:15 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012/08/26 16:15:04 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\General User\My Documents\Internet Explorer.lnk
[2012/08/25 22:01:43 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\General User\Application Data\Microsoft\Internet Explorer\Quick Launch\Y!Supra.lnk
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/22 16:19:32 | 009,770,040 | ---- | C] () -- C:\Documents and Settings\General User\My Documents\justine.pdf
[2012/09/22 10:17:45 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2012/09/22 10:17:41 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/09/22 09:50:07 | 000,897,888 | ---- | C] () -- C:\Documents and Settings\General User\Desktop\pdf converter setup.exe
[2012/09/20 17:55:02 | 034,296,696 | ---- | C] () -- C:\Documents and Settings\General User\My Documents\vlcmediaplayer-setup.exe
[2012/09/11 21:41:25 | 000,021,639 | ---- | C] () -- C:\Documents and Settings\General User\Desktop\kiearra.jpg
[2012/09/09 07:56:36 | 000,019,451 | ---- | C] () -- C:\Documents and Settings\General User\My Documents\95.jpg
[2012/09/09 07:49:32 | 000,021,816 | ---- | C] () -- C:\Documents and Settings\General User\My Documents\51.jpg
[2012/08/26 16:15:04 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\General User\My Documents\Internet Explorer.lnk
[2012/08/25 21:41:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/08/25 21:41:24 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/08/25 21:41:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/08/25 21:41:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/08/25 21:41:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/17 15:47:40 | 000,000,010 | ---- | C] () -- C:\WINDOWS\lastspeedfactor.dat
[2012/03/14 22:11:59 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2012/03/14 20:19:52 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\General User\.recently-used.xbel
[2012/02/20 13:08:19 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/02/20 13:08:19 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2012/02/20 13:08:19 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/02/20 13:08:19 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2012/02/20 13:08:19 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2012/02/20 13:08:19 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2012/02/20 13:08:19 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2012/02/20 13:08:19 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2012/02/20 13:08:19 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2012/02/20 13:08:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2012/02/20 13:08:19 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2012/02/20 13:08:19 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2012/02/20 13:08:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2012/02/20 13:08:19 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2012/02/20 13:08:19 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2012/02/20 13:08:19 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/02/04 22:18:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\YAHELITE_cookie.INI
[2011/12/31 21:01:53 | 000,000,175 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/12/31 21:00:45 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/12/02 05:37:36 | 000,723,294 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2011/12/02 05:37:36 | 000,136,491 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2009/08/28 21:36:25 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\General User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/01 20:49:04 | 000,007,455 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/05/17 05:33:33 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\General User\Application Data\pcouffin.cat
[2008/05/17 05:33:33 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\General User\Application Data\pcouffin.inf

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#3
godawgs

Posted 25 September 2012 - 06:41 PM

Teacher

Retired Staff
8,228 posts

Hello turkeestalker, :wave:

. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.

We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
If I ask a Question just answer it, don't run anything unless directed to.

Please read every post completely before doing anything.

Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.

Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.

I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes )
Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.

Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.

Please post the contents of the Extras.txt file. It should be on the desktop.

Step-1.

Run RogueKiller

Download RogueKiller and save it on your desktop.
Quit all programs
Start RogueKiller.exe.
Wait until Prescan has finished ...
Click on Scan

Wait for the end of the scan.
The report has been created on the desktop.
Post the contents of the RKreport.txt text file located on your desktop.

NOTE: If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Step-2.

Run aswMBR

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
If it asks you if you want to download the latest virus definitions, click Yes
Click the "Scan" button to start the scan
On completion of the scan click save log. Save it to your desktop and post in your next reply.

NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.

Step-3.

Things For Your Next Post:
1. The Extras.txt log
2. The RKreport.txt log
3. The aswMBR.txt log

#4
turkeestalker

Posted 25 September 2012 - 07:04 PM

Member

Topic Starter
Member
35 posts

results from step 1

RogueKiller V8.0.5 [09/23/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : General User [Admin rights]
Mode : Scan -- Date : 09/25/2012 20:01:30

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[RUN][SUSP PATH] [ON_E:JDA.MINE]HKCU[...]\Run : Yahoo Update (C:\Documents and Settings\JDA.MINE\Local Settings\Application Data\Yahoo\YahooUpdate\Yahooupdt32.exe) -> FOUND
[RUN][BLACKLIST DLL] [ON_E:JDA.MINE]HKCU[...]\Run : IntelOnlineService (rundll32.exe "C:\Documents and Settings\All Users\Application Data\IntelOnlineService.dll",DllRegisterServer) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤
-> E:\windows\system32\config\SOFTWARE
-> E:\Documents and Settings\Administrator\NTUSER.DAT
-> E:\Documents and Settings\Default User\NTUSER.DAT
-> E:\Documents and Settings\JDA\NTUSER.DAT
-> E:\Documents and Settings\JDA.MINE\NTUSER.DAT
-> E:\Documents and Settings\JDA~1~MIN\NTUSER.DAT
-> E:\Documents and Settings\LocalService\NTUSER.DAT
-> E:\Documents and Settings\NetworkService\NTUSER.DAT

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDS728040PLA320 +++++
--- User ---
[MBR] 7400064056c6ecd2949170893943ca94
[BSP] cdd3489926f5497925137870b7b50a47 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38138 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD12 00JB-00FUA0 USB Device +++++
--- User ---
[MBR] 8236127e4a10839c662dd1f8d8050785
[BSP] e24cb1d96bb0435339ae2e20363bf06b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 51 | Size: 114469 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#5
turkeestalker

Posted 25 September 2012 - 07:44 PM

Member

Topic Starter
Member
35 posts

results of step 2

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-25 20:07:45
-----------------------------
20:07:45.828 OS Version: Windows 5.1.2600 Service Pack 3
20:07:45.828 Number of processors: 2 586 0x403
20:07:45.828 ComputerName: GENERAL-NZ0WBHD UserName: General User
20:07:48.187 Initialize success
20:11:16.875 The log file has been saved successfully to "C:\Documents and Settings\General User\Desktop\aswMBR.txt"

I am sorry godawgs... but the second file saved is a .dat file, not a text file. Not sure what is up.
How should I proceed?

#6
godawgs

Posted 26 September 2012 - 05:28 AM

Teacher

Retired Staff
8,228 posts

Hi,

The aswMBR log is incomplete. The scan results that you posted shows that the aswMBR.txt file was saved to the desktop:

20:11:16.875 The log file has been saved successfully to "C:\Documents and Settings\General User\Desktop\aswMBR.txt"

But, the reason it may not have completed is this, from the OTL log:

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.24 Gb Total Space | 1.38 Gb Free Space | 3.70% Space Free | Partition Type: NTFS

Windows needs at least 15% free space on the hard drive to function properly and 25% free space is the recommended.

You need to remove things from the C: drive and get the free space close to the recommended %. Things like pictures, videos, data files and text files. You can uninstall programs that you no longer use. You can delete the TEMP files with Disk Cleanup.

I'm not sure we will get anything to run with that little amount of free space. I'm surprised your programs will run.

As for the aswMBR.txt file. If that file is on the desktop, open it and compare it to what you posted. If the file has more information in it than what got posted, copy and paste the contents of the file into your next reply. If the file on the desktop looks the same as what you posted, delete the aswMBR.txt file and re-run aswMBR, then post the new log.

As for the Extras.txt log...when you first run OTL it generates two files, OTL.txt---which you posted---and Extras.txt. The files are saved to the same location your ran OTL from, in this case your desktop.
Look for the Extras.txt file and post it's contents. If you can't find it let me know and we'll get another one.

Things For Your Next Post:
1. The complete aswMBR log
2. The Extras.txt log

#7
turkeestalker

Posted 26 September 2012 - 09:18 PM

Member

Topic Starter
Member
35 posts

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-26 21:55:35
-----------------------------
21:55:35.953 OS Version: Windows 5.1.2600 Service Pack 3
21:55:35.953 Number of processors: 2 586 0x403
21:55:35.968 ComputerName: GENERAL-NZ0WBHD UserName: General User
21:55:37.093 Initialize success
21:55:56.968 AVAST engine defs: 12092501
21:56:10.906 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
21:56:10.906 Disk 0 Vendor: HDS728040PLA320 PF1OA63A Size: 38146MB BusType: 3
21:56:10.921 Disk 0 MBR read successfully
21:56:10.921 Disk 0 MBR scan
21:56:11.000 Disk 0 Windows XP default MBR code
21:56:11.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 38138 MB offset 63
21:56:11.000 Disk 0 scanning sectors +78108030
21:56:11.140 Disk 0 scanning C:\WINDOWS\system32\drivers
21:56:25.625 Service scanning
21:56:54.593 Modules scanning
21:57:06.859 Disk 0 trace - called modules:
21:57:06.875 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
21:57:06.875 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865d4ab8]
21:57:06.875 3 CLASSPNP.SYS[f75fefd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x86556d98]
21:57:07.484 AVAST engine scan C:\WINDOWS
21:57:28.937 AVAST engine scan C:\WINDOWS\system32
21:59:17.828 AVAST engine scan C:\WINDOWS\system32\drivers
21:59:33.375 AVAST engine scan C:\Documents and Settings\General User
22:10:41.343 AVAST engine scan C:\Documents and Settings\All Users
22:11:54.906 Scan finished successfully
22:17:01.109 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\General User\Desktop\MBR.dat"
22:17:01.109 The log file has been saved successfully to "C:\Documents and Settings\General User\Desktop\aswMBR.txt"

#8
godawgs

Posted 29 September 2012 - 07:49 AM

Teacher

Retired Staff
8,228 posts

Hi,

The aswMBR log looks good. I was waiting for the Extras.txt file. Did you find it? Have you been able to free up any space on the C:\ drive?

#9
turkeestalker

Posted 29 September 2012 - 08:46 AM

Member

Topic Starter
Member
35 posts

My apologies but I guess I am not understanding what you mean by Extras.txt file. Yes I have freed up 26%.

#10
godawgs

Posted 29 September 2012 - 09:56 AM

Teacher

Retired Staff
8,228 posts

Hi,

OK, let's do it this.

Posted Image

OTL Scan

Please re-open OTL

Double click the on your desktop. Vista /7 users right click and click Run as Administrator. Make sure all other windows are closed .
You will see a console like the one below:
At the top of the console click the greyed out None button<---Important
In the Extra Registry section click the circle beside Use Safelist.<---Important
Click the button. Do not change any settings unless otherwise told to do so.
Let the scan run uninterrupted. The scan won't take long.
When the scan completes, it will open Extras.Txt on the desktop.
Please copy the contents of this file and paste it into your reply. To do that:
On the .txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
Right-click inside the forum post window then click Paste.This will paste the contents of the .txt file in the in the post window.

Things For Your Next Post:
1. The Extras.txt log

#11
godawgs

Posted 03 October 2012 - 11:15 PM

Teacher

Retired Staff
8,228 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.