Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorer crippled after IEXPLORE Download [Solved]


  • This topic is locked This topic is locked

#1
stratec

stratec

    Member

  • Member
  • PipPip
  • 52 posts
Man, I'm in bad shape. I'm Windows XP and IE 8. I hung up after downloading a utility called IEXPLORE to look at a problem with my wife's iphone. It hung me up and I couldn't start IE 8 afterwards. I could run nothing, not even System Restore. I was able to delete IE 8 from Control Panel and after reboot it came up with IE 7 then I managed to find a Run command to launch System Restore and I restored back from a good checkpoint.

After coming up, IE 8 looks strange. I can't download anything. I run Microsoft Security Essentials and am up to date without any problems for year. I have used Geeks to go before so I have OTL installed on my PC.

When I run OTL OK but I can't insert the log here and after saving with Notepad it won't let me insert below in attachments. I can't even type a file name in the box below but I can type fine here. I can email it to you if that is possible.

Stratec
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please note that I am currently in training as a GeekU Senior. My posts must be reviewed by an instructor, so there may be a slight delay.

I am consulting with my instructor about your situation and will post some instructions for you soon.
  • 0

#3
stratec

stratec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Buddierdl, any time you can give me, is very much appreciated. I will check your replies and answer ASAP. I have had with malware before but this is the worst one. I believe you'll get an immediate promotion to Senior after you solve this one. :happy:
Thanks again, Stratec
  • 0

#4
stratec

stratec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I am able to email from my infected computer. So emailed the OTL log to myself and posted it using my work PC below.

OTL logfile created on: 11/18/2012 4:21:32 PM - Run 4
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Eric Stratmann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.07 Gb Total Space | 99.55 Gb Free Space | 68.15% Space Free | Partition Type: NTFS

Computer Name: YOUR-808E7D12E4 | User Name: Eric Stratmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012/03/07 02:02:35 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/05 05:13:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Stratmann\Desktop\OTL.exe
PRC - [2010/07/27 04:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/07/27 03:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/11/24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/08/21 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/29 18:14:08 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/05/29 18:14:02 | 000,105,240 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 05:13:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Stratmann\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/27 03:47:12 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/07/27 03:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/05/29 18:14:08 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/05/29 18:14:02 | 000,105,240 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003/03/08 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/11/18 15:46:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8C35B7C9-07D3-41A2-A00E-02A24811B3DE}\MpKslf3ca7735.sys -- (MpKslf3ca7735)
DRV - [2010/07/27 03:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 03:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 17:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/08/21 06:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/08 11:50:40 | 005,955,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/12 15:30:46 | 000,252,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/12/06 14:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/05/18 13:43:16 | 000,178,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/05/17 11:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/04/16 15:35:18 | 000,009,817 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2004/04/16 15:34:56 | 000,117,760 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2004/04/16 15:34:56 | 000,117,760 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2008/08/21 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe= File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://brt1/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ra.rhi.com/d...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll) - C:\Program Files\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll) - C:\Program Files\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eric Stratmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eric Stratmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/08 11:19:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 16:17:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/18 15:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\Application Data\searchqutoolbar
[2012/11/18 15:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2012/11/18 15:02:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/11/18 14:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/18 14:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\Application Data\Yahoo!
[2012/11/18 12:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\Application Data\PC Cleaners
[2012/11/18 12:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\Application Data\PCPro
[2012/11/18 12:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/11/18 12:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners
[2012/11/18 11:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2012/11/11 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/11 20:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/02 16:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\My Documents\Photos
[2012/10/22 06:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(4)
[2012/10/22 06:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(4)
[2012/10/22 06:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2012/11/18 15:54:56 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/18 15:54:39 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/11/18 15:52:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-889260285-4177728887-3231333883-1004UA.job
[2012/11/18 15:46:19 | 000,012,660 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/18 15:44:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/18 15:29:46 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\Eric Stratmann\Desktop\Removal instructions for Advanced Security Tool 2010.url
[2012/11/18 15:04:22 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/18 14:31:02 | 000,668,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/18 14:31:02 | 000,142,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/18 13:30:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/18 12:56:38 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\pc-dis-upd.job
[2012/11/18 12:07:26 | 000,070,887 | ---- | M] () -- C:\logfile
[2012/11/17 13:52:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-889260285-4177728887-3231333883-1004Core.job
[2012/11/16 15:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/11 20:16:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/11/10 15:17:31 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2012/11/09 03:04:04 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/11/09 03:01:06 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/11/07 05:30:59 | 000,098,723 | ---- | M] () -- C:\Documents and Settings\Eric Stratmann\My Documents\Esker.JPG
[2012/10/22 02:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/10/22 02:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

========== Files Created - No Company Name ==========

[2012/11/18 13:27:58 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/11/18 12:56:37 | 000,000,424 | ---- | C] () -- C:\WINDOWS\tasks\pc-dis-upd.job
[2012/11/11 20:16:11 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/11/09 03:14:00 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/07 05:30:59 | 000,098,723 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\My Documents\Esker.JPG
[2012/02/16 11:33:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 03:15:26 | 001,418,890 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-889260285-4177728887-3231333883-1004-0.dat
[2012/02/10 03:15:25 | 000,141,898 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/08 19:13:17 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/06/21 05:08:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2011/06/03 07:54:42 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Application Data\Rim.Desktop.Exception.log
[2011/06/02 14:28:58 | 000,001,105 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Application Data\Rim.Desktop.HttpServerSetup.log
[2011/02/09 20:16:59 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/10/18 04:55:39 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Local Settings\Application Data\kodakpcd.ini
[2010/08/22 16:30:24 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/22 08:41:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 08:41:43 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/08/22 08:41:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010/08/22 08:18:31 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/21 06:47:41 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/08 11:26:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/10/08 11:26:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/10/08 11:26:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/10/08 11:26:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/10/08 11:26:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/10/08 11:26:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/10/08 11:25:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/10/08 04:13:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2006/01/26 14:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/01 12:22:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/01 03:18:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll
[2003/03/08 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >

Attached Files


  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Stratec,

I am looking over your log and will get back to you as soon as I can.
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi stratec,

Let's clear away some of the junk, and then I need to get a little deeper look at the system.

Step 1: Run adwCleaner

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 2: Get a fresh OTL scan. Please note the slightly different directions.

Open OTL
  • Select the Scan All Users box in the middle on the top of the window
  • Check the button next to "Use Safe List" in the "Extra Registry" box.
  • Click the Run Scan button. Post the two logs it produces in your next reply.

Things I need in your next reply:
  • adwCleaner log
  • New OTL scan log
  • Extras log

  • 0

#7
stratec

stratec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
ADWCleaner,Attached File  AdwCleanerS1.txt   3.7KB   25 downloadsAttached File  OTL 11-19.Txt   45.8KB   39 downloadsAttached File  Extras 11-19.Txt   38.79KB   35 downloads

OTL logfile created on: 11/19/2012 6:43:24 PM - Run 5
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Documents and Settings\Eric Stratmann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 74.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.07 Gb Total Space | 103.48 Gb Free Space | 70.85% Space Free | Partition Type: NTFS
Drive E: | 970.52 Mb Total Space | 969.97 Mb Free Space | 99.94% Space Free | Partition Type: FAT

Computer Name: YOUR-808E7D12E4 | User Name: Eric Stratmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2012/09/12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/08/30 19:57:22 | 000,040,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/05 05:13:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Stratmann\Desktop\OTL.exe
PRC - [2010/07/27 04:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/07/27 03:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2009/10/14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/10/14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2008/08/21 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/29 18:14:08 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/05/29 18:14:02 | 000,105,240 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2004/07/27 17:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 05:13:01 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eric Stratmann\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/07/27 03:47:12 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/09/12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/08/11 16:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/25 17:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/07/27 03:47:14 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007/05/29 18:14:08 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel®
SRV - [2007/05/29 18:14:02 | 000,105,240 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel®
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003/03/08 22:31:02 | 000,065,795 | R--- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGSp50.sys -- (AFGSp50)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2012/11/19 18:40:49 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{EF1F1900-18E7-47CB-8218-9037E37FB0F6}\MpKsl01273329.sys -- (MpKsl01273329)
DRV - [2010/07/27 03:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 03:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009/04/30 17:01:34 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 16:55:32 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)
DRV - [2008/08/21 06:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/04/14 00:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/08 11:50:40 | 005,955,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/10/12 15:30:46 | 000,252,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel®
DRV - [2006/12/06 14:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel®
DRV - [2006/05/18 13:43:16 | 000,178,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2005/05/17 11:20:08 | 000,015,872 | ---- | M] (Atmel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atmeltpm.sys -- (atmeltpm)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/04/16 15:35:18 | 000,009,817 | ---- | M] (Nortel Networks) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\eacfilt.sys -- (Eacfilt)
DRV - [2004/04/16 15:34:56 | 000,117,760 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECSHM)
DRV - [2004/04/16 15:34:56 | 000,117,760 | ---- | M] (Nortel Networks NA, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ipsecw2k.sys -- (IPSECEXT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-889260285-4177728887-3231333883-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-889260285-4177728887-3231333883-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-889260285-4177728887-3231333883-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: ([2008/08/21 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe= File not found
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKU\S-1-5-21-889260285-4177728887-3231333883-1004..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-889260285-4177728887-3231333883-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-889260285-4177728887-3231333883-1004\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKU\S-1-5-21-889260285-4177728887-3231333883-1004\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://brt1/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://ra.rhi.com/d...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Eric Stratmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eric Stratmann\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/08 11:19:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/11/18 16:17:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/18 15:02:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012/11/18 14:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/11/18 14:33:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\Application Data\Yahoo!
[2012/11/18 12:56:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\Application Data\PC Cleaners
[2012/11/18 12:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\Application Data\PCPro
[2012/11/18 12:56:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/11/18 12:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\PC Cleaners
[2012/11/18 11:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Freeze.com
[2012/11/11 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/11/11 20:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/11/02 16:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Eric Stratmann\My Documents\Photos
[2012/10/22 06:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\iPod(4)
[2012/10/22 06:02:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes(4)
[2012/10/22 06:02:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Files - Modified Within 30 Days ==========

[2012/11/19 18:40:48 | 000,012,660 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/19 18:39:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/19 18:34:44 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/19 18:27:50 | 000,543,531 | ---- | M] () -- C:\Documents and Settings\Eric Stratmann\Desktop\adwcleaner.exe
[2012/11/19 17:52:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-889260285-4177728887-3231333883-1004UA.job
[2012/11/19 13:52:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-889260285-4177728887-3231333883-1004Core.job
[2012/11/19 12:56:00 | 000,000,424 | ---- | M] () -- C:\WINDOWS\tasks\pc-dis-upd.job
[2012/11/18 15:29:46 | 000,000,280 | ---- | M] () -- C:\Documents and Settings\Eric Stratmann\Desktop\Removal instructions for Advanced Security Tool 2010.url
[2012/11/18 15:04:22 | 000,188,200 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/11/18 14:31:02 | 000,668,194 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/18 14:31:02 | 000,142,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/18 13:30:46 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/11/18 12:07:26 | 000,070,887 | ---- | M] () -- C:\logfile
[2012/11/16 15:16:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/11/11 20:16:11 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/11/10 15:17:31 | 000,000,525 | ---- | M] () -- C:\hpfr3420.xml
[2012/11/09 03:04:04 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/11/09 03:01:06 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/11/07 05:30:59 | 000,098,723 | ---- | M] () -- C:\Documents and Settings\Eric Stratmann\My Documents\Esker.JPG
[2012/10/22 02:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2012/10/22 02:37:31 | 001,866,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys

========== Files Created - No Company Name ==========

[2012/11/19 18:31:43 | 000,543,531 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Desktop\adwcleaner.exe
[2012/11/18 12:56:37 | 000,000,424 | ---- | C] () -- C:\WINDOWS\tasks\pc-dis-upd.job
[2012/11/11 20:16:11 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/11/09 03:14:00 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/11/07 05:30:59 | 000,098,723 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\My Documents\Esker.JPG
[2012/02/16 11:33:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/10 03:15:26 | 001,418,890 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-889260285-4177728887-3231333883-1004-0.dat
[2012/02/10 03:15:25 | 000,141,898 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/08 19:13:17 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/06/21 05:08:46 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2011/06/03 07:54:42 | 000,000,154 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Application Data\Rim.Desktop.Exception.log
[2011/06/02 14:28:58 | 000,001,105 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Application Data\Rim.Desktop.HttpServerSetup.log
[2011/02/09 20:16:59 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/10/18 04:55:39 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Local Settings\Application Data\kodakpcd.ini
[2010/08/22 16:30:24 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/22 08:41:43 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/22 08:41:43 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2010/08/22 08:41:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2010/08/22 08:18:31 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Eric Stratmann\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/21 06:47:41 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/08 11:26:33 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/10/08 11:26:33 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/10/08 11:26:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/10/08 11:26:33 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/10/08 11:26:33 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/10/08 11:26:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/10/08 11:25:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009/10/08 04:13:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2006/01/26 14:42:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/01/01 12:22:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/01/01 03:18:58 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4924.dll
[2003/03/08 22:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

< End of report >
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Has anything improved? How is your computer running now? Could you please describe the current symptoms?
  • 0

#9
stratec

stratec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
My Internet Explorer problem is unchanged. I never had any slow response before so that was not the problem. The problem is my IE is inoperable. I've attached a copy of screen shot when I come up. Favorites button doesn't work. I can't print anything. Can open up tools or history or any other things on toolbar. Also, if you look in the tray, something's wrong becuase it doesn't identify the site you're on. So in general I'm in the same mode as before, IE is crippled. Also like before I can't download anything from this IE. I have to do it on another computer and bring thump drive with .exe and install that way.

Attached Thumbnails

  • IE Screen Shot.JPG

  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi stratec,

I think your Internet Explorer may be corrupted. Let's try this program to fix it.

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image

Let me know how it goes and if it fixes IE.
  • 0

Advertisements


#11
stratec

stratec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I agree that my Windows IE has be compromised. So I started the tweaking.com process but stopped when I read SFC requires a Windows CD for XP which is what I run. What do I do? Also, are you sure Start Repairs is a conservative approach and won't mess up Windows for me?
Stratec
  • 0

#12
stratec

stratec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
Sorry meant to say I don't have my Windows CD. How can I run SFC?
  • 0

#13
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi stratec,

If you don't have your XP disc, just skip the SFC step. Don't worry about running this program; I would not advise you to run it if it would damage Windows. If you would like some added assurance, you can create a restore point first, as follows.

To set up a restore point, follow these steps:
  • Close any programs that are open.
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore. The System Restore Wizard opens.
  • Click Create a restore point, and then click Next.
  • In Restore point description box, type a description for the restore point. Use a description that is easy to understand.
    Note The date and time are automatically added to your restore point. Therefore, you do not have to use them in your description.
  • To finish creating this restore point, click the Create button. The System Restore Wizard notifies you when the restore point is created.

  • 0

#14
stratec

stratec

    Member

  • Topic Starter
  • Member
  • PipPip
  • 52 posts
I'm out of town and away from infected computer until Sun PM. Have a good t'giving.
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Thank you for letting me know. See you then and have a good Thanksgiving.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP