also @ TechSpot: Metro: Last Light Performance, Benchmarked

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Computer infected by virus

Discussion in 'Virus and Malware Removal' started by meadow, Oct 26, 2012.

Post New Reply

Page 3 of 5

Broni Malware Annihilator Posts: 39,324 +175
That may be a good idea.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Broni, Nov 12, 2012

#41
meadow Newcomer, in training Posts: 83

File OTL.txt:
-------------
OTL logfile created on: 11/13/2012 2:08:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\userid\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 66.73% Memory free
3.81 Gb Paging File | 3.28 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 130.53 Gb Free Space | 87.60% Space Free | Partition Type: NTFS

Computer Name: computer-name | User Name: userid | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/13 14:07:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\userid\Desktop\OTL.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,228,520 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/03/03 10:57:54 | 000,032,768 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\trcboot.exe
PRC - [2011/03/03 10:57:53 | 000,040,960 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv6.exe
PRC - [2011/03/03 10:57:53 | 000,028,672 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\drivers\ldlcserv.exe
PRC - [2011/03/03 10:57:08 | 000,028,672 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\tpam.exe
PRC - [2011/03/03 10:55:05 | 000,036,864 | ---- | M] (IBM Corporation) -- C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
PRC - [2010/03/04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/11/12 20:59:02 | 000,132,392 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
PRC - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2008/08/29 12:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/08/11 13:16:40 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/01/11 14:35:13 | 000,454,928 | ---- | M] (Peregrine Systems, Inc.) -- C:\Program Files\Peregrine\InfraTools Remote Control\bin\iftlsnr.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/03 10:57:08 | 000,028,672 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\tpam.exe
MOD - [2011/03/03 10:54:50 | 000,485,376 | ---- | M] () -- C:\Program Files\IBM\Personal Communications\OOCSVCS2.DLL
MOD - [2010/03/04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009/11/05 07:39:40 | 000,087,552 | ---- | M] () -- C:\WINDOWS\system32\cpwmon2k.dll
MOD - [2008/08/29 12:58:26 | 000,197,408 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll

========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/03/03 10:57:55 | 000,032,768 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\appnnode.exe -- (AppnNode)
SRV - [2011/03/03 10:57:54 | 000,032,768 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\trcboot.exe -- (TrcBoot)
SRV - [2011/03/03 10:57:53 | 000,040,960 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv6.exe -- (ldlcserv6)
SRV - [2011/03/03 10:57:53 | 000,036,864 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cstrcser.exe -- (cstrcser)
SRV - [2011/03/03 10:57:53 | 000,028,672 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\WINDOWS\system32\drivers\ldlcserv.exe -- (ldlcserv)
SRV - [2011/03/03 10:54:46 | 000,049,152 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Program Files\IBM\Personal Communications\csrcmds.exe -- (csrcmds)
SRV - [2010/03/04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009/11/12 20:59:02 | 000,132,392 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService)
SRV - [2009/09/18 03:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2009/09/18 03:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)
SRV - [2008/08/29 12:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2002/01/11 14:35:13 | 000,454,928 | ---- | M] (Peregrine Systems, Inc.) [Auto | Running] -- C:\Program Files\Peregrine\InfraTools Remote Control\bin\iftlsnr.exe -- (iftlsnr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\userid\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/11/13 13:59:43 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ECFB3762-ECA2-4147-9FCD-7C9522040D3A}\MpKsl1bbd3b21.sys -- (MpKsl1bbd3b21)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/07/08 03:12:48 | 007,023,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011/03/03 10:57:57 | 000,208,928 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appnbase.sys -- (AppnBase)
DRV - [2011/03/03 10:57:57 | 000,058,432 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnsx25.sys -- (pdlnsx25)
DRV - [2011/03/03 10:57:57 | 000,054,416 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnsv25.sys -- (pdlnsv25)
DRV - [2011/03/03 10:57:57 | 000,022,384 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnslea.sys -- (pdlnslea)
DRV - [2011/03/03 10:57:56 | 000,067,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnemap.sys -- (pdlnemap)
DRV - [2011/03/03 10:57:56 | 000,067,072 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlndsdl.sys -- (pdlndsdl)
DRV - [2011/03/03 10:57:56 | 000,059,504 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnshay.sys -- (pdlnshay)
DRV - [2011/03/03 10:57:56 | 000,053,248 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlndqll.sys -- (pdlndqll)
DRV - [2011/03/03 10:57:56 | 000,050,336 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnecfg.sys -- (pdlnecfg)
DRV - [2011/03/03 10:57:56 | 000,019,984 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnepkt.sys -- (pdlnepkt)
DRV - [2011/03/03 10:57:56 | 000,018,944 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlndoem.sys -- (pdlndoem)
DRV - [2011/03/03 10:57:56 | 000,012,768 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnemsg.sys -- (pdlnemsg)
DRV - [2011/03/03 10:57:56 | 000,008,608 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnebas.sys -- (pdlnebas)
DRV - [2011/03/03 10:57:55 | 000,160,288 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlncfwk.sys -- (pdlncfwk)
DRV - [2011/03/03 10:57:55 | 000,075,200 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnacom.sys -- (pdlnacom)
DRV - [2011/03/03 10:57:55 | 000,070,144 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlndlpb.sys -- (pdlndlpb)
DRV - [2011/03/03 10:57:55 | 000,064,512 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdlndldl.sys -- (pdlndldl)
DRV - [2011/03/03 10:57:55 | 000,036,048 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlnafac.sys -- (pdlnafac)
DRV - [2011/03/03 10:57:55 | 000,012,800 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlndint.sys -- (pdlndint)
DRV - [2011/03/03 10:57:55 | 000,006,784 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pdlncbas.sys -- (pdlncbas)
DRV - [2011/03/03 10:57:54 | 001,322,080 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\appn.sys -- (Appn)
DRV - [2011/03/03 10:57:54 | 000,120,224 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\appnapi.sys -- (AppnApi)
DRV - [2011/03/03 10:57:54 | 000,101,696 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\llc2.sys -- (IBM_LLC2)
DRV - [2011/03/03 10:57:54 | 000,072,704 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pdlndldl6.sys -- (pdlndldl6)
DRV - [2011/03/03 10:57:54 | 000,038,280 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\anydlc.sys -- (Anydlc)
DRV - [2011/03/03 10:57:53 | 000,024,588 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\klognt.sys -- (KLOGNT)
DRV - [2011/03/03 10:57:53 | 000,012,028 | ---- | M] (IBM Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nstrcnt.sys -- (NsTrcNT)
DRV - [2010/04/05 23:35:56 | 000,168,616 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2009/11/12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/18 03:00:00 | 000,020,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2008/10/20 19:08:06 | 000,012,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smsmdm.sys -- (smsmdd)
DRV - [2008/08/29 12:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/08/21 05:38:10 | 000,020,480 | R--- | M] (Dell Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2008/03/29 16:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/05/11 23:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/11/30 21:30:14 | 000,010,880 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmscsi.sys -- (vmscsi)
DRV - [2005/08/12 11:46:42 | 000,062,080 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3112.sys -- (SI3112)
DRV - [2005/08/12 09:14:20 | 000,004,736 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2004/11/01 11:21:32 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2001/04/19 02:58:05 | 000,006,097 | ---- | M] (Peregrine Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Peregrine\InfraTools Remote Control\bin\iftrcdrv.sys -- (iftrcdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file://c:\WINDOWS\IEaccess\IEaccess.htm
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = file://c:\WINDOWS\IEaccess\IEaccess.htm
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\..\SearchScopes,DefaultScope = {E05A147D-4288-45BD-985F-255FB2DEBB45}
IE - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\..\SearchScopes\{E05A147D-4288-45BD-985F-255FB2DEBB45}: "URL" = http://www.bing.com/search?q={searchTerms}&form=B8DFDF&pc=B8DF&src=IE-SearchBox
IE - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\userid\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\userid\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2012/11/09 12:49:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [GPUpdate] C:\WINDOWS\System32\gpupdate.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PinAInfo] C:\WINDOWS\system32\ai.vbs ()
O4 - HKLM..\Run: [SetDefaultPrinter] C:\WINDOWS\system32\dp.vbs ()
O4 - HKLM..\Run: [SetGrammaticaLicense] C:\WINDOWS\system32\gl.vbs ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1597753769-3272558778-1852756267-2651\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C33E0064-3567-40E8-9D59-E27921F85CA7} https://secure.identrust.com/ms/IdenTrustCertEnroll.cab (PreVistaEnrollControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupControlXP Class)
O16 - DPF: {E81D4451-F9A6-4E99-AE23-0D040C020A62} https://secure.identrust.com/ms/IdenTrustCertEnroll.cab (PreVistaEnrollControl Class)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.72.126.59 10.72.126.26
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Grid12NT.nysdol.us
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E48819ED-8852-43E7-8370-81B6FFA49C09}: DhcpNameServer = 10.72.126.59 10.72.126.26
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/12 17:19:37 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/13 14:07:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\userid\Desktop\OTL.exe
[2012/11/13 14:06:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/11/09 12:52:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/11/06 14:38:39 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\userid\Desktop\aswMBR.exe
[2012/11/06 14:07:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/06 14:07:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/06 14:07:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/06 13:38:31 | 000,000,000 | ---D | C] -- C:\RK_Quarantine
[2012/11/06 13:14:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\userid\Desktop\tdsskiller
[2012/11/02 10:00:42 | 000,307,777 | ---- | C] (Farbar) -- C:\Documents and Settings\userid\Desktop\ListParts.exe
[2012/11/01 15:46:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/11/01 15:46:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/11/01 15:46:00 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/11/01 15:46:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/11/01 15:43:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/01 15:38:09 | 004,998,937 | R--- | C] (Swearware) -- C:\Documents and Settings\userid\Desktop\ComboFix.exe
[2012/10/26 12:08:20 | 000,000,000 | R--D | C] -- C:\Documents and Settings\userid\Recent
[2012/10/26 09:27:34 | 010,669,952 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\userid\Desktop\mbam-setup-1.65.1.1000.exe
[2012/10/26 09:26:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\userid\Local Settings\Application Data\PCHealth
[2012/10/22 12:07:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2012/10/22 11:53:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 30 Days ==========

[2012/11/13 14:11:01 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1597753769-3272558778-1852756267-2651UA.job
[2012/11/13 14:07:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\userid\Desktop\OTL.exe
[2012/11/13 14:04:16 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/11/13 14:03:52 | 000,509,682 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/11/13 14:03:52 | 000,089,828 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/11/13 14:03:38 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/11/13 14:03:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/11/13 13:58:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/11/13 13:58:52 | 2111,422,464 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/09 12:49:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/11/09 12:42:02 | 004,998,937 | R--- | M] (Swearware) -- C:\Documents and Settings\userid\Desktop\ComboFix.exe
[2012/11/08 12:30:02 | 000,002,299 | ---- | M] () -- C:\Documents and Settings\userid\Desktop\Google Chrome.lnk
[2012/11/08 12:30:02 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\userid\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/11/06 15:02:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\userid\Desktop\MBR.dat
[2012/11/06 14:38:39 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\userid\Desktop\aswMBR.exe
[2012/11/06 14:13:19 | 000,000,630 | RHS- | M] () -- C:\Documents and Settings\userid\ntuser.pol
[2012/11/06 14:09:22 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 13:58:16 | 010,669,952 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\userid\Desktop\mbam-setup-1.65.1.1000.exe
[2012/11/06 13:36:15 | 000,430,592 | ---- | M] () -- C:\Documents and Settings\userid\Desktop\RogueKiller.exe
[2012/11/06 13:11:44 | 002,195,061 | ---- | M] () -- C:\Documents and Settings\userid\Desktop\tdsskiller.zip
[2012/11/01 22:18:32 | 000,307,777 | ---- | M] (Farbar) -- C:\Documents and Settings\userid\Desktop\ListParts.exe
[2012/10/24 21:43:48 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\userid\Desktop\1gls3wdz.exe
[2012/10/22 11:27:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/22 09:11:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1597753769-3272558778-1852756267-2651Core.job
[2012/10/22 07:41:12 | 000,030,192 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

========== Files Created - No Company Name ==========

[2012/11/09 12:47:35 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2012/11/09 12:47:35 | 000,001,793 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
[2012/11/09 12:47:30 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/11/09 12:47:30 | 000,001,809 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
[2012/11/09 12:47:30 | 000,001,686 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/11/09 12:47:30 | 000,001,562 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2012/11/09 12:47:30 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
[2012/11/09 12:47:30 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2012/11/08 14:08:29 | 2111,422,464 | -HS- | C] () -- C:\hiberfil.sys
[2012/11/06 15:02:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\userid\Desktop\MBR.dat
[2012/11/06 14:07:10 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/06 13:36:04 | 000,430,592 | ---- | C] () -- C:\Documents and Settings\userid\Desktop\RogueKiller.exe
[2012/11/06 13:11:37 | 002,195,061 | ---- | C] () -- C:\Documents and Settings\userid\Desktop\tdsskiller.zip
[2012/11/01 15:46:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/11/01 15:46:00 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/11/01 15:46:00 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/11/01 15:46:00 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/11/01 15:46:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/10/26 11:35:37 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\userid\Desktop\1gls3wdz.exe
[2012/08/17 11:15:15 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/12/15 12:50:57 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/25 11:28:01 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\userid\Local Settings\Application Data\PUTTY.RND
[2011/08/23 12:17:59 | 000,000,630 | RHS- | C] () -- C:\Documents and Settings\userid\ntuser.pol
[2011/08/12 17:38:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/08/12 17:35:18 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/08/12 17:35:18 | 000,234,142 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2011/08/12 17:35:18 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/08/12 14:17:33 | 000,004,764 | ---- | C] () -- C:\WINDOWS\System32\CcmFramework.ini
[2011/08/12 13:43:04 | 000,030,192 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/05/02 11:52:04 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/05/02 11:52:04 | 000,509,682 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/02 11:52:04 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/05/02 11:52:04 | 000,089,828 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/02 11:52:04 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/05/02 11:52:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/05/02 11:52:04 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/05/02 11:52:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/05/02 11:52:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/05/02 11:52:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/05/02 11:51:59 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/05/02 11:51:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2011/05/02 10:32:02 | 000,000,393 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2011/05/02 09:46:29 | 000,316,416 | ---- | C] () -- C:\WINDOWS\System32\ct_corct.dll
[2011/05/02 09:46:29 | 000,272,384 | ---- | C] () -- C:\WINDOWS\System32\ct_bar.dll
[2011/05/02 09:46:29 | 000,176,640 | ---- | C] () -- C:\WINDOWS\System32\ct_file.dll
[2011/05/02 09:46:29 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\ct_zset.dll
[2011/05/02 09:46:28 | 000,022,944 | ---- | C] () -- C:\WINDOWS\System32\ci_file.dll
[2011/05/02 09:46:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ci_corct.dll
[2011/05/02 09:46:28 | 000,005,888 | ---- | C] () -- C:\WINDOWS\System32\ci_srv.dll
[2011/05/02 09:46:28 | 000,003,968 | ---- | C] () -- C:\WINDOWS\System32\ci_bar.dll
[2011/05/02 09:41:41 | 000,000,261 | ---- | C] () -- C:\WINDOWS\iftagt.ini
[2011/05/02 09:41:40 | 000,000,072 | ---- | C] () -- C:\WINDOWS\iftlsnr.ini
[2011/05/02 09:40:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2011/05/02 09:39:53 | 000,411,391 | ---- | C] () -- C:\WINDOWS\System32\Info.exe
[2011/05/02 09:04:37 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/05/02 09:03:49 | 000,000,078 | ---- | C] () -- C:\WINDOWS\init.ini
[2011/05/02 09:03:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ps2pdf.dll
[2011/05/02 08:54:33 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/05/02 08:53:30 | 012,832,768 | ---- | C] () -- C:\WINDOWS\System32\gsdll32.dll
[2011/05/02 08:01:27 | 000,000,051 | ---- | C] () -- C:\WINDOWS\smsts.ini
[2011/05/02 08:00:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/05/02 07:57:59 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/05/02 07:57:47 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/05/02 03:56:23 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/05/02 03:55:55 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/03 10:57:53 | 000,000,251 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlldrvr.com

========== ZeroAccess Check ==========

[2011/05/02 08:07:12 | 000,000,227 | -HS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/02/17 08:51:57 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/08/11 13:13:18 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2011/05/02 09:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Grammatica
[2011/05/02 09:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2011/08/15 12:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.computer-name\Application Data\Windows Desktop Search
[2011/08/12 13:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2011/05/02 09:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2011/05/02 09:04:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2011/08/25 08:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\userid\Application Data\Windows Desktop Search
[2012/01/13 10:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\userid\Application Data\Windows Search

========== Purity Check ==========

< End of report >

meadow, Nov 13, 2012

#42
meadow Newcomer, in training Posts: 83

File Extras.Txt
--------------------OTL Extras logfile created on: 11/13/2012 2:08:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\user-id\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 66.73% Memory free
3.81 Gb Paging File | 3.28 Gb Available in Paging File | 86.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 130.53 Gb Free Space | 87.60% Space Free | Partition Type: NTFS

Computer Name: computer-name | User Name: user-id | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1597753769-3272558778-1852756267-2651\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" =

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\EVN\BIN\evn.exe" = C:\EVN\BIN\evn.exe:*:Enabled:evn -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.4.2499.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 30
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A31B199-99D8-4203-9E0E-E3C9D8902534}" = xEditor
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{447D8B58-880C-4627-BF57-9C408219313E}" = Juniper Installer Service
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{5DBE95F6-823A-4547-9921-CEDFADA1D2D8}" = McAfee Agent
"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI
"{73868DD9-CC9A-4F7F-B708-99F096DEAB6D}" = Adobe Shockwave Player 11.5
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B3AE8231-C74A-4412-8701-EB494088C7A5}" = IBM Personal Communications
"{B7BDAF22-9647-4846-8EA9-6E0A5B785651}" = Adobe Flash Player 10 Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D787C24E-809D-4C48-BF53-EC5C76689A13}" = PolicyMaker™ Registry Extension Client
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"1CF754F21E4C8FD08B6F7C7CC3879C7395616841" = Windows Driver Package - Hewlett-Packard DOT4 (11/04/2007 10.1.1.3)
"2ED8EBC618ADA2092998C1AD5B6F07600EC8CEDB" = Windows Driver Package - Hewlett-Packard DOT4USB (02/18/2008 10.1.1.3)
"44A1336677759DD100DBA0E475E6C92114FFA5E8" = Windows Driver Package - Hewlett-Packard DOT4 (02/18/2008 10.1.1.3)
"656EF72B6C5328B8FB837688D9282663C5046571" = Windows Driver Package - Hewlett-Packard DOT4USB (07/25/2007 10.1.1.3)
"66373F198F5809ED38963BFA32FAC8008F8371D2" = Windows Driver Package - HP HP LaserJet P4010_P4510 Series PCL 6 (02/28/2008 61.072.51.02)
"66ED737C9D2B25C479FE362736CDC0734A1BC20A" = Windows Driver Package - Hewlett-Packard (HPZs2k12) DiskDrive (02/18/2008 10.1.1.5)
"6BFBF3E69880B92F09E46EAAF1A5BCA3EC73B329" = Windows Driver Package - Hewlett-Packard DOT4PRT (02/18/2008 10.1.1.3)
"8688956EC139638F031FB8EFEB14ECA17BCF98DA" = Windows Driver Package - HP HP LaserJet 5200LX PCL 6 (07/24/2007 61.063.941.00)
"997246873C67DB6031D55D0688BF87DFFB21EB69" = Windows Driver Package - Hewlett-Packard DOT4 (02/18/2008 10.1.1.3)
"9F1C57C4F855806D0B6F9BB24E2041E3FE19A2E1" = Windows Driver Package - Hewlett-Packard DOT4 (07/25/2007 10.1.1.3)
"Adobe AIR" = Adobe AIR
"BE25A62BB7041ED0F5643AA34A6FB49F7F8A63D6" = Windows Driver Package - Hewlett-Packard DOT4PRT (07/25/2007 10.1.1.3)
"CutePDF Writer Installation" = CutePDF Writer 2.8
"D3BBA59DAEC58919DF6127C26F86D481A4B90B73" = Windows Driver Package - Hewlett-Packard Ports (07/25/2007 10.1.1.3)
"F2BC9F814E94612B191E1AD48872E3B5349686AC" = Windows Driver Package - Hewlett-Packard Ports (02/18/2008 10.1.1.3)
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"Grammatica_is1" = Grammatica 7.0.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraTools Remote Control@5.53@en" = InfraTools Remote Control version 5.53 en
"IWPMNTV2R3" = IWPM for Windows XP
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Letter Generator" = Letter Generator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Microsoft Visual Studio 2005 Tools for Office Runtime
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROPLUS" = Microsoft Office Professional Plus 2007
"RDC" = RDC
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
"ZHCIELangPack" = Chinese (Simplified) Language Support

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1597753769-3272558778-1852756267-2651\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 5/13/2012 8:32:08 AM | Computer Name = computer-name | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/13/2012 4:32:08 PM | Computer Name = computer-name | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/14/2012 12:32:08 AM | Computer Name = computer-name | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/14/2012 8:32:08 AM | Computer Name = computer-name | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/14/2012 9:08:08 AM | Computer Name = computer-name | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/14/2012 4:32:08 PM | Computer Name = computer-name | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/15/2012 12:32:08 AM | Computer Name = computer-name | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/15/2012 8:32:08 AM | Computer Name = computer-name | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/15/2012 1:46:14 PM | Computer Name = computer-name | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 5/15/2012 1:46:15 PM | Computer Name = computer-name | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 5/15/2012 2:16:45 PM | Computer Name = computer-name | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

[ System Events ]
Error - 11/9/2012 2:13:09 PM | Computer Name = computer-name | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/9/2012 2:13:09 PM | Computer Name = computer-name | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 11/9/2012 2:13:32 PM | Computer Name = computer-name | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SiRemFil

Error - 11/13/2012 2:59:08 PM | Computer Name = computer-name | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain domain-name due to the following:
%%1311. Make sure that the computer is connected to the network and try again. If
the problem persists, please contact your domain administrator.

Error - 11/13/2012 2:59:51 PM | Computer Name = computer-name | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SiRemFil

Error - 11/13/2012 3:00:39 PM | Computer Name = computer-name | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 11/13/2012 3:06:03 PM | Computer Name = computer-name | Source = NETLOGON | ID = 3210
Description = This computer could not authenticate with \\network-domain,
a Windows domain controller for domain domain-name, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by another computer
on the same network using the same name or the password for this computer account
is
not recognized. If this message appears again, contact your system administrator.

Error - 11/13/2012 3:06:03 PM | Computer Name = computer-name | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 11/13/2012 3:09:50 PM | Computer Name = computer-name | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.139.1637.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error
code: 0x80244015 Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 11/13/2012 3:14:09 PM | Computer Name = computer-name | Source = NETLOGON | ID = 3210
Description = This computer could not authenticate with \\network-domain,
a Windows domain controller for domain domain-name, and therefore this computer might
deny logon requests. This inability to authenticate might be caused by another computer
on the same network using the same name or the password for this computer account
is
not recognized. If this message appears again, contact your system administrator.

< End of report >
------ Thanks.

meadow, Nov 13, 2012

#43
Broni Malware Annihilator Posts: 39,324 +175
OTL logs are clean.

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

4. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

5. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.
Broni, Nov 13, 2012

#44
meadow Newcomer, in training Posts: 83

Log of Security check
--------------------------
Results of screen317's Security Check version 0.99.54
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java(TM) 6 Update 30
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.181.14 Flash Player out of Date!
Adobe Reader X 10.1.2 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Microsoft Security Client Antimalware MsMpEng.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 14% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

meadow, Nov 14, 2012

#45

meadow Newcomer, in training Posts: 83

Log of FSS
----------------------------
Farbar Service Scanner Version: 09-11-2012
Ran by userid (administrator) on 14-11-2012 at 12:42:52
Running from "C:\Documents and Settings\userid\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline

Windows Firewall:
=============
Firewall Disabled Policy:
==================

System Restore:
============
System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============
Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
Extra List:
=======
DNE(10) Gpc(6) IPSec(4) NetBT(5) PSched(8) Tcpip(3)
0x0A0000000400000001000000020000000300000007000000050000000600000008000000090000000A000000
IpSec Tag value is correct.
**** End of log ****

meadow, Nov 14, 2012

#46

meadow Newcomer, in training Posts: 83

Log of AdwClearner
-----------------
# AdwCleaner v2.007 - Logfile created 11/14/2012 at 12:47:22
# Updated 06/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : userid - computername
# Boot Mode : Normal
# Running from : C:\Documents and Settings\userid\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Documents and Settings\userid\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [712 octets] - [14/11/2012 12:47:22]
########## EOF - C:\AdwCleaner[S1].txt - [771 octets] ##########

meadow, Nov 14, 2012

#47
meadow Newcomer, in training Posts: 83

I tried to ran TFC twice. 1st time, after about one hour, I still got blank blue screen. Both keyboard and mouse not working. I had to push the button to turn it off. 2nd time, I ran the TFC, after messeage "stop running processes" then microsoft security Essential warning, the computer just frozen, no key stroke or mouse response. The clock was not running.

meadow, Nov 14, 2012

#48
Broni Malware Annihilator Posts: 39,324 +175

Run TFC from safe mode.

Broni, Nov 14, 2012

#49
meadow Newcomer, in training Posts: 83

I ran TFC from safe mode, no log file generated. a message pop up suggest to run system restore first, I ignored it and ran the TFC.
then I ran TFC from normal mode, computer frozen again.
I ran ESET, no threats found.
Thanks.

meadow, Nov 15, 2012

#50
Broni Malware Annihilator Posts: 39,324 +175
Update Adobe Flash Player
Download for Internet Explorer: http://www.filehippo.com/download_flashplayer_ie_64/
Download for [/b]Firefox, Opera and other Gecko-based browsers[/b]: http://www.filehippo.com/download_flashplayer_firefox_64/

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

============================

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

==========================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

Do NOT post JavaRa log.

===========================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL :Commands [purity] [emptytemp] [EMPTYFLASH] [emptyjava] [CLEARALLRESTOREPOINTS] [Reboot]

Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
Broni, Nov 15, 2012

#51
meadow Newcomer, in training Posts: 83

Adobe Flash Version 11.3 seems not available any more. Always get HTTP404 error.

meadow, Nov 16, 2012

#52
Broni Malware Annihilator Posts: 39,324 +175

Which browser?

Broni, Nov 16, 2012

#53
meadow Newcomer, in training Posts: 83

Both IE and non_IE are not working.

meadow, Nov 16, 2012

#54
Broni Malware Annihilator Posts: 39,324 +175

Use Adobe site: http://get.adobe.com/flashplayer/
Make sure you UN-check McAfee Security Scan Plus installation.

Broni, Nov 16, 2012

#55
meadow Newcomer, in training Posts: 83

Installed adobe flashplayer successfullly.
try to run OTL to reset system restore on normal mode, computer just freezed, black screen, keyboard and monitor are not working. no log file was generated.
reboot compute on safe mode and run OTL. Here is the log file:
(Unable to start System Restore Service. Error code 10 )
----------------------------------------------------------------------------------------------------------

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.computer-name
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: user-name
->Temp folder emptied: 1500323 bytes
->Temporary Internet Files folder emptied: 29427470 bytes
->Java cache emptied: 1880 bytes
->Google Chrome cache emptied: 65543617 bytes
->Flash cache emptied: 492 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 37264 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5182783 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 97.00 mb

[EMPTYFLASH]

User: Administrator

User: Administrator.computer-name
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: user-name
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

[EMPTYJAVA]

User: Administrator

User: Administrator.computer-name
->Java cache emptied: 0 bytes

User: All Users

User: Default User

User: user-name
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

Unable to start System Restore Service. Error code 10

OTL by OldTimer - Version 3.2.69.0 log created on 11192012_164756
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\user-name\Local Settings\Temp\~DF30DD.tmp not found!
File\Folder C:\Documents and Settings\user-name\Local Settings\Temp\~DF30E8.tmp not found!
File\Folder C:\Documents and Settings\user-name\Local Settings\Temp\~DF3140.tmp not found!
File\Folder C:\Documents and Settings\user-name\Local Settings\Temp\~DF314B.tmp not found!
File\Folder C:\Documents and Settings\user-name\Local Settings\Temp\~DF324D.tmp not found!
File\Folder C:\Documents and Settings\user-name\Local Settings\Temp\~DF3258.tmp not found!
C:\Documents and Settings\user-name\Local Settings\Temporary Internet Files\Content.IE5\XB2SYNEL\ads[2].htm moved successfully.
C:\Documents and Settings\user-name\Local Settings\Temporary Internet Files\Content.IE5\XB2SYNEL\page-3[1].htm moved successfully.
C:\Documents and Settings\user-name\Local Settings\Temporary Internet Files\Content.IE5\XB2SYNEL\XexqN1a_o27MhVVdJFKAcA[2].eot moved successfully.
C:\Documents and Settings\user-name\Local Settings\Temporary Internet Files\Content.IE5\R1TU81DI\comScore[1].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
-------------------------

Thanks.

meadow, Nov 19, 2012

#56
Broni Malware Annihilator Posts: 39,324 +175

Yeah, system restore didn't get reset and I also see this in FSS log:

wscsvc Service is not running.

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

Go to Step 4 and under "System Restore" click on Create button:

Go to Start Repairs tab and click Start button.

Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

Click on box next to the Restart System when Finished. Then click on Start.

Post new FSS log.

Broni, Nov 19, 2012

#57
meadow Newcomer, in training Posts: 83

After running "Start Repairs" for a while, the computer is lost again. No monitor signal, no response to mouse and keyboard. I had to push power button to turn it off. There are some files created by the process, but I don't know which one is useful.
did I terminate it too soon? rerun it in safe mode?
by the way, my version of window repairs has one more repair option: "repair window safe mode", I unchecked it.

meadow, Nov 20, 2012

#58
Broni Malware Annihilator Posts: 39,324 +175

Try to re-run it in normal mode.

Broni, Nov 20, 2012

#59
meadow Newcomer, in training Posts: 83

Rerun in normal mode. this time, after ran for abount 3-5 minutes, computer restarted. once it is up, the winodw pop up, stats that the sytem has recovered from a seriouse error, the error report contains following:
Error signature
BCCode:100000ea BCP1:8A2D6DA0 BCP2:8A33FE30 BCP3:BA513CBC BCP4:00000001 OSVer:5_1_2600 SP:3_0 Product:256_1

meadow, Nov 21, 2012

#60

Page 3 of 5

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.