Hard drive cluster/system check virus

Solved
By MONALOVE80
Jan 19, 2012
  1. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

    Extras-log:

    OTL Extras logfile created on: 1/20/2012 2:13:23 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mona\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.25 Gb Total Physical Memory | 2.71 Gb Available Physical Memory | 83.42% Memory free
    5.09 Gb Paging File | 4.70 Gb Available in Paging File | 92.37% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 465.71 Gb Total Space | 430.84 Gb Free Space | 92.51% Space Free | Partition Type: NTFS
    Unable to calculate disk information.

    Computer Name: MONIQUE | User Name: Mona | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-3179336198-101048220-3685835499-1005\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
    "4481:TCP" = 4481:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4481:UDP" = 4481:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "4482:TCP" = 4482:TCP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync data transfer
    "4482:UDP" = 4482:UDP:LocalSubNet:Enabled:BlackBerry Desktop Software Wireless Music Sync discovery
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\system32\lxducoms.exe" = C:\WINDOWS\system32\lxducoms.exe:*:Enabled:5600-6600 Series Server -- ( )
    "C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe" = C:\Program Files\V CAST Music with Rhapsody\rhapsody.exe:*:Enabled:RealNetworks Rhapsody -- (Rhapsody International Inc.)
    "C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe" = C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe:*:Enabled:BlackBerry Desktop Software -- (Research In Motion)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
    "{1B3BA990-4EE8-4ACD-AFEC-DC3BFAF521A7}" = BlackBerry Device Software v5.0.0 for the BlackBerry 9550 smartphone
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
    "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
    "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{31C44235-A613-4E95-B297-207BF6C6A8C1}" = Creative ZEN Vision M Series
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Netwaiting
    "{448E2D77-E504-4221-B2C2-93646B344729}" = Mouse Suite for Desktop Computers
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
    "{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
    "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{78E9A751-5616-233F-1249-16AC5758C646}" = muvee Reveal Seagate Edition
    "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
    "{87841AF8-C785-42FF-A76E-CC0F0C2816CC}" = ATI Catalyst Control Center
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A1BC9F13-59FE-43E4-8498-DF5A721196C5}" = BlackBerry USB Drivers
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A75BC59B-10BF-6B87-DCC7-3501F158ACC6}" = Times Reader
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
    "{EE35B247-F872-4FFD-BCD1-1970C7E86C84}" = GPS Image Tracker
    "{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ActiveTouchMeetingClient" = WebEx
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "ATI Display Driver" = ATI Display Driver
    "AudibleManager" = AudibleManager
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
    "Carbonite Setup Lite" = Carbonite Online Backup Setup
    "CNXT_MODEM_PCI_HSF" = Conexant D850 PCI V.92 Modem
    "com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
    "Creative Removable Disk Manager" = Creative Removable Disk Manager
    "Dell Support Center" = Dell Support Center
    "GoToAssist" = GoToAssist Corporate
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
    "Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "MegaStat 9.1" = MegaStat 9.1
    "MegaStat Excel 2007" = MegaStat Excel 2007
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Movielink Manager" = BLOCKBUSTER Movielink
    "Mozilla Firefox 8.0.1 (x86 en-US)" = Mozilla Firefox 8.0.1 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Optimum Online net guide" = Optimum Online net guide
    "Professor Answers" = Professor Answers
    "Professor Teaches Access 2007" = Professor Teaches Access 2007
    "Professor Teaches Accounting Fundamentals" = Professor Teaches Accounting Fundamentals
    "Professor Teaches Business Planning" = Professor Teaches Business Planning
    "Professor Teaches Excel 2007" = Professor Teaches Excel 2007
    "Professor Teaches Excel 2007 Advanced" = Professor Teaches Excel 2007 Advanced
    "Professor Teaches Outlook 2007" = Professor Teaches Outlook 2007
    "Professor Teaches PowerPoint 2007" = Professor Teaches PowerPoint 2007
    "Professor Teaches PowerPoint 2007 Advanced" = Professor Teaches PowerPoint 2007 Advanced
    "Professor Teaches QuickBooks 2010" = Professor Teaches QuickBooks 2010
    "Professor Teaches Word 2007" = Professor Teaches Word 2007
    "Professor Teaches Word 2007 Advanced" = Professor Teaches Word 2007 Advanced
    "PROSet" = Intel(R) PRO Network Connections Drivers
    "SysInfo" = Creative System Information
    "Typing Quick & Easy" = Typing Quick & Easy
    "V CAST Music with Rhapsody" = V CAST Music with Rhapsody
    "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "ZENcast Organizer" = ZENcast Organizer
    "Zynga Toolbar" = Zynga Toolbar

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-3179336198-101048220-3685835499-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/19/2012 2:12:58 PM | Computer Name = MONIQUE | Source = UmxAgent | ID = 110
    Description =

    Error - 1/19/2012 2:12:58 PM | Computer Name = MONIQUE | Source = UmxAgent | ID = 99
    Description =

    Error - 1/19/2012 2:12:58 PM | Computer Name = MONIQUE | Source = UmxAgent | ID = 110
    Description =

    Error - 1/19/2012 2:12:58 PM | Computer Name = MONIQUE | Source = UmxAgent | ID = 99
    Description =

    Error - 1/19/2012 2:12:59 PM | Computer Name = MONIQUE | Source = UmxAgent | ID = 110
    Description =

    Error - 1/19/2012 2:12:59 PM | Computer Name = MONIQUE | Source = UmxAgent | ID = 99
    Description =

    Error - 1/19/2012 2:13:00 PM | Computer Name = MONIQUE | Source = UmxAgent | ID = 110
    Description =

    Error - 1/19/2012 2:13:00 PM | Computer Name = MONIQUE | Source = UmxAgent | ID = 99
    Description =

    Error - 1/19/2012 9:51:49 PM | Computer Name = MONIQUE | Source = Application Error | ID = 1000
    Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
    module unknown, version 0.0.0.0, fault address 0x12baa919.

    Error - 1/19/2012 11:32:46 PM | Computer Name = MONIQUE | Source = Application Hang | ID = 1002
    Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ OSession Events ]
    Error - 1/11/2011 2:11:45 AM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 10
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 1/11/2011 2:11:56 AM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 1/17/2011 3:26:39 AM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 82496
    seconds with 16380 seconds of active time. This session ended with a crash.

    Error - 1/17/2011 3:28:05 AM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 72
    seconds with 60 seconds of active time. This session ended with a crash.

    Error - 1/17/2011 6:37:07 AM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3934
    seconds with 480 seconds of active time. This session ended with a crash.

    Error - 1/17/2011 12:30:17 PM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 62
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/1/2011 11:37:10 AM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/1/2011 11:37:45 AM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 16
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 6/1/2011 12:12:09 PM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 35
    seconds with 0 seconds of active time. This session ended with a crash.

    Error - 7/17/2011 11:46:17 PM | Computer Name = MONIQUE | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 74
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 1/17/2012 3:50:10 PM | Computer Name = MONIQUE | Source = DCOM | ID = 10010
    Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
    with DCOM within the required timeout.

    Error - 1/17/2012 3:52:16 PM | Computer Name = MONIQUE | Source = DCOM | ID = 10010
    Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
    with DCOM within the required timeout.

    Error - 1/17/2012 3:54:18 PM | Computer Name = MONIQUE | Source = DCOM | ID = 10010
    Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
    with DCOM within the required timeout.

    Error - 1/17/2012 3:56:20 PM | Computer Name = MONIQUE | Source = DCOM | ID = 10010
    Description = The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register
    with DCOM within the required timeout.

    Error - 1/17/2012 4:01:24 PM | Computer Name = MONIQUE | Source = DCOM | ID = 10010
    Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
    with DCOM within the required timeout.

    Error - 1/17/2012 4:03:25 PM | Computer Name = MONIQUE | Source = DCOM | ID = 10010
    Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
    with DCOM within the required timeout.

    Error - 1/19/2012 11:53:19 AM | Computer Name = MONIQUE | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 1/19/2012 11:53:19 AM | Computer Name = MONIQUE | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Fax service to connect.

    Error - 1/19/2012 11:53:19 AM | Computer Name = MONIQUE | Source = Service Control Manager | ID = 7000
    Description = The Fax service failed to start due to the following error: %%1053

    Error - 1/19/2012 11:57:20 AM | Computer Name = MONIQUE | Source = System Error | ID = 1003
    Description = Error code 1000008e, parameter1 c0000005, parameter2 b9f1571d, parameter3
    ac5c3070, parameter4 00000000.


    < End of report >
  2. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Good news :)

    You can reinstall your AV program now.

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- -- (0113701327027611mcinstcleanup) McAfee Application Installer Cleanup (0113701327027611)
      O3 - HKLM\..\Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
      O3 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\..\Toolbar\WebBrowser: (no name) - {0123B506-0AD9-43AA-B0CF-916C122AD4C5} - No CLSID value found.
      O3 - HKU\S-1-5-21-3179336198-101048220-3685835499-1005\..\Toolbar\WebBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/12/24 19:18:09 | 000,001,014 | -HS- | C] () -- C:\Documents and Settings\Mona\Local Settings\Application Data\gvextw6g8lpw1ewy4vnx0n142a7r
      [2011/03/30 20:38:18 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Etilapuqazefijoc.dat
      [2011/03/30 20:38:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Jxilipenoxokexaq.bin
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\Release Agreement.pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\Prayer.doc:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\Dave & Bust. Birthday_Packages_NorthEast.pdf:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\Bills.xls:Roxio EMC Stream
      @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Mona\My Documents\1080_Group_Job_Info ---[.doc:Roxio EMC Stream
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  3. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

  4. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

    OTL-log:

    All processes killed
    ========== OTL ==========
    Error: No service named 0113701327027611mcinstcleanup) McAfee Application Installer Cleanup (0113701327027611 was found to stop!
    Service\Driver key 0113701327027611mcinstcleanup) McAfee Application Installer Cleanup (0113701327027611 not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3179336198-101048220-3685835499-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0123B506-0AD9-43AA-B0CF-916C122AD4C5} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0123B506-0AD9-43AA-B0CF-916C122AD4C5}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3179336198-101048220-3685835499-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\WINDOWS\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\Mona\Local Settings\Application Data\gvextw6g8lpw1ewy4vnx0n142a7r moved successfully.
    C:\WINDOWS\Etilapuqazefijoc.dat moved successfully.
    C:\WINDOWS\Jxilipenoxokexaq.bin moved successfully.
    ADS C:\Documents and Settings\Mona\My Documents\Release Agreement.pdf:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Mona\My Documents\Prayer.doc:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Mona\My Documents\Dave & Bust. Birthday_Packages_NorthEast.pdf:Roxio EMC Stream deleted successfully.
    ADS C:\Documents and Settings\Mona\My Documents\Bills.xls:Roxio EMC Stream deleted successfully.
    Unable to delete ADS C:\Documents and Settings\Mona\My Documents\1080_Group_Job_Info ---[.doc:Roxio EMC Stream .
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 294871 bytes
    ->FireFox cache emptied: 46263601 bytes
    ->Flash cache emptied: 19843 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 56504 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 83727 bytes
    ->FireFox cache emptied: 43590229 bytes
    ->Flash cache emptied: 58117 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 6635654 bytes
    ->Flash cache emptied: 19692 bytes

    User: Mona
    ->Temp folder emptied: 869191 bytes
    ->Temporary Internet Files folder emptied: 17321410 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 185510163 bytes
    ->Google Chrome cache emptied: 353215313 bytes
    ->Flash cache emptied: 85029 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 58350 bytes

    User: Shawn
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 42357188 bytes
    ->Flash cache emptied: 57508 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 52480 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 664.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: Guest

    User: LocalService

    User: Mona
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: Shawn
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Mona
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Shawn
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01202012_145337

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF7E8A.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF7EFD.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF80EE.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF80FD.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF82BC.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF838D.tmp not found!
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\WW7OBCWH\banner[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\WW7OBCWH\showthread[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\WW7OBCWH\xd_proxy[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\RZTMKFOY\game_ads_proxy[1].htm moved successfully.

    Registry entries deleted on Reboot...
  5. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

    security check:

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 20
    Out of date Java installed!
    Adobe Flash Player ( 10.3.183.7) Flash Player Out of Date!
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
  6. Broni

    Broni Malware Annihilator Posts: 46,153   +251

  7. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

    farbar scan:

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Mona (administrator) on 20-01-2012 at 15:08:14
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========

    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x080000000400000001000000020000000300000008000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
  8. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

    I did the TFC and as it shut down my screen went blue with this message:

    Stop:c000021a {Fatal System Error}
    The windows subsystem system process terminated unexpectedly with a status of 0xc0000005 (0x7e743152 0x0138ecac).
    The system has been shut down.

    Should I be concerned about this or is this normal?
  9. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    This is pretty powerful cleaner.
    Try it from safe mode.
  10. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

    The TFC worked in safe mode.

    I did the ESET scan. Unfortunately, my mouse froze & I accidentally clicked on finish. The scan had found two adwares. I re-scanned to see if they would show up again, but in the second scan came back with no threats. In manage quarantine it has these files in it:

    C:\Documents and settings\Mona\Application Data\262E6BE9085BBA1B2F8C02EEA0CF7F08\local.ini

    C:\Documents and settings\Mona\Application Data\262E6BE9085BBA1B2F8C02EEA0CF7F08\enemies-names.txt
  11. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Update Adobe Flash Player
    Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

    ===========================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =============================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  12. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

    I updated java and flash and installed avast AV. Then I ran OTL.

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Flash cache emptied: 0 bytes

    User: Mona
    ->Temp folder emptied: 17132369 bytes
    ->Temporary Internet Files folder emptied: 70669290 bytes
    ->Java cache emptied: 2027 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 679 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Shawn
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 562447 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 84.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Flash cache emptied: 0 bytes

    User: Mona
    ->Flash cache emptied: 0 bytes

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Shawn
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: Guest

    User: LocalService

    User: Mona
    ->Java cache emptied: 0 bytes

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: Shawn
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.31.0 log created on 01202012_180503

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF7A1.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF7AC.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF804.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF80F.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF83F.tmp not found!
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temp\~DF84A.tmp not found!
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\Y1HW4XLI\1;~sscs=_;ord=6011642[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\Y1HW4XLI\adServer[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\Y1HW4XLI\banner[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\Y1HW4XLI\game_ads_proxy[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\Y1HW4XLI\techspot_com[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\Y1HW4XLI\xd_proxy[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\VGSR1G2Z\1;~sscs=_;ord=6011642[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\VGSR1G2Z\game_ads_proxy[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\VGSR1G2Z\game_ads_proxy[2].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\VGSR1G2Z\net[2].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\VGSR1G2Z\partner[2].htm moved successfully.
    File\Folder C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\VGSR1G2Z\topic176381-4[1].html not found!
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\DLS8X8LQ\918[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\DLS8X8LQ\partner[3].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\DLS8X8LQ\topic58138[1].html moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\D1Y7U54I\badge[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\D1Y7U54I\banner[1].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\D1Y7U54I\banner[2].htm moved successfully.
    C:\Documents and Settings\Mona\Local Settings\Temporary Internet Files\Content.IE5\D1Y7U54I\partner[3].htm moved successfully.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\WINDOWS\temp\_asw_aisI.tm~a03888\setup.lok not found!

    Registry entries deleted on Reboot...
  13. MONALOVE80

    MONALOVE80 TechSpot Member Topic Starter Posts: 38

    I downloaded the suggested tools and everything looks good. Now I just got to change all my passwords.


    Thank you so much Broni. I truly appreciate all the help you have given me :).
  14. Broni

    Broni Malware Annihilator Posts: 46,153   +251

    Way to go!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.