TechSpot

"Hard drive clusters are partly damaged" message

Inactive
By khastings
Dec 27, 2011
  1. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Karen, the black screen can be another result from the malware.

    If the screen goes black when you start up in Normal Mode, the go right into #1 below, follow with #2, then #3 if needed. Then go on with #4, #5 and #6.If needed, do #7.
    ---------------------------
    Let me know if this can be accomplished. If it can or if it cannot, I'd like you to go through this sequence of scans again. Please take care to run in the order given: I have made changes to address your problem specifically/
    --------------------------------------
    If you are infected with System Check it is important that you do not delete any files from your Temp folder or use any temp file cleaners
    ============================================
    1. Boot into Safe Mode with Networking again.
    ===========================================
    2. Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
    For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
    =============================================
    3. Run Unhide again If the display can be changed and you still have missing icons, programs, files, etc.,
    ================================
    4. Run RKill again
    =======================================
    Do not reboot your computer after running RKilll as the malware programs will start again.
    ================================
    5. Run the TDSKiller again
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    6. Try the Malwarebytes Full Scan again.
    =====================================
    7. Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    ====================================
    You can now reboot back into Normal Mode.
    ====================================
    If you cannot resolve the black screen and go on, please let me know. I will instruct you in how to get back in and may also have you do an Error Check.

    For my information, do you have System Restore points set? Do not set a new one now- just tell me if there are any restore points.
  2. khastings

    khastings TS Rookie Topic Starter Posts: 36

    MBAM Log

    I was able to get Malwarebytes to update once I uninstalled and reinstalled, which is great. Here is the log from the Full Scan in normal mode:
    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.10.05

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Administrator :: MARTY [administrator]

    1/10/2012 11:47:47 AM
    mbam-log-2012-01-10 (11-47-47).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 246194
    Time elapsed: 32 minute(s), 34 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\TDSSKiller_Quarantine\28.12.2011_16.34.24\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\TDSSKiller_Quarantine\28.12.2011_16.34.24\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\TDSSKiller_Quarantine\28.12.2011_16.39.34\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\TDSSKiller_Quarantine\28.12.2011_16.39.34\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.
    C:\TDSSKiller_Quarantine\28.12.2011_21.39.02\mbr0000\tdlfs0000\tsk0005.dta (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    C:\TDSSKiller_Quarantine\28.12.2011_21.39.02\mbr0000\tdlfs0000\tsk0006.dta (Rootkit.TDSS) -> Quarantined and deleted successfully.

    (end)
  3. khastings

    khastings TS Rookie Topic Starter Posts: 36

    Hi - sorry, I did not see your post before the MBAM log, but when I plugged in my other screen, it has not since gone black...maybe the screen is junk now, it is a bit old hp 1702. I am now working on your post #26, I do try to be careful to follow your instructions in order, I know it can make all the difference.
    *Question* - I never used "unhide", I went to Folder Options and set View to hidden files and folders. I still see icons as translucent, seem to still be classified as hidden. Do I need to do anything about this before proceeding with your post #26, as my other screen is not going black. If no, shall I start with #4 in that same post? Thanks.
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The Hidden File and Folders are hidden because some are Protected System Folders- not having them visible lessens the chance for an accidental delete. If we intentionally needed to access a folder that was hidden, we would use the Folder Options to make it visible.

    But malware puts an attribute in that makes icons, the desktop, the programs an/or random files causing them to be missing- it 'hides' features that are not suppose to be 'hidden.'

    Please go back to Folder Options> View tab> check "Do not show hidden files and folders"> Check "Hide Protected System Files (Recommended)> Apply> OK.
    -------------------------
    Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    The items being 'hidden' by the malware are not the same ones that are hidden in Folder Options.
    ====================================
    Regarding this "Warning!! Do not run ComboFix in Compatibility Mode." There is a proper use for this as explained below:
    The Compatibility tab is only available for programs that are installed on your hard drive. When you open the program Properties, if it has this tab, you can access it and direct it to run on the OS you now have. And Display settings for the program can be adjusted if needed. But this requires user direct action. Compatibility Mode change isn't done accidentally.

    But I suspect this may be a fake warning form the malware. I'll have you run the following instead:
    • Download OTL from either of the links below and save it to your desktop.
      Link 1
      Link 2
      Note 1.: If you cannot run executable file, down OTL from either of the following links:
      http://oldtimer.geekstogo.com/OTL.com
      http://oldtimer.geekstogo.com/OTL.scr
      Note 2: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.

      [*]Double click the OTL icon to run it.[​IMG]
      [*]Set Output at the top to Minimal Output.
      [*]Check the boxes beside LOP Check and Purity Check.
      [*]Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
      [*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
      [*]When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
      [*]Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
  5. khastings

    khastings TS Rookie Topic Starter Posts: 36

    Restore point & OTL.txt file

    Hi Bobbye, the last System restore point was January 10, 2012 at 1:52:23 PM System Checkpoint, I know I created one before but that was back in December trying to fix this myself.

    Here is the OTL.txt file:
    OTL logfile created on: 1/12/2012 3:12:22 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 69.13% Memory free
    3.34 Gb Paging File | 3.12 Gb Available in Paging File | 93.35% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 64.52 Gb Total Space | 18.73 Gb Free Space | 29.03% Space Free | Partition Type: NTFS
    Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

    Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\12011200\algo.dll ()
    MOD - C:\WINDOWS\system32\cpwmon2k.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
    DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
    DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
    DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
    DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
    DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
    DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
    DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
    DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
    DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
    DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
    DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
    DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
    DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
    DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
    DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
    DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
    DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
    DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
    DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
    DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
    DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
    DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
    DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



    O1 HOSTS File: ([2011/08/05 19:26:40 | 000,436,668 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.123topsearch.com
    O1 - Hosts: 127.0.0.1 123topsearch.com
    O1 - Hosts: 127.0.0.1 www.132.com
    O1 - Hosts: 127.0.0.1 132.com
    O1 - Hosts: 127.0.0.1 www.136136.net
    O1 - Hosts: 127.0.0.1 136136.net
    O1 - Hosts: 127.0.0.1 www.163ns.com
    O1 - Hosts: 127.0.0.1 163ns.com
    O1 - Hosts: 15031 more lines...
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BYRUA_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275512446515 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275512437234 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{04C49C2E-5528-4A96-A07C-AF3BB1DDEB65}: DhcpNameServer = 4.2.2.1 208.39.140.42
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C976CFF-FA86-4F59-87AA-30F302690AB9}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4569725-BF76-426A-8F96-53BE21D12E0F}: NameServer = 192.168.1.248,192.168.1.247
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/03 06:51:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
    O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell - "" = AutoRun
    O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
    O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/12 15:01:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/01/12 15:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Citrix
    [2012/01/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/10 11:47:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/01/10 11:28:14 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2012/01/10 11:24:44 | 004,377,009 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2011/12/30 18:41:07 | 000,000,000 | --SD | C] -- C:\friday26551f
    [2011/12/30 16:44:34 | 000,000,000 | --SD | C] -- C:\friday
    [2011/12/30 11:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/30 11:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/30 11:05:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/30 11:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/30 11:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/28 16:35:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2011/12/27 21:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg
    [2011/12/27 17:24:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/27 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/27 16:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
    [2011/12/27 16:08:51 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/12/27 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/12/27 16:08:50 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/12/27 16:08:47 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/12/27 16:08:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/12/27 16:08:46 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/12/27 16:08:46 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/12/27 16:08:46 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/12/27 16:08:45 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/12/27 16:08:29 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/12/27 16:08:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/12/27 11:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/12/27 11:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/12/27 11:54:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
    [2011/12/25 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/23 22:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Fix
    [2011/12/21 11:42:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VZW Utility Application - LG
    [2011/12/21 11:41:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2011/12/21 11:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/01/12 15:12:19 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards (2).url
    [2012/01/12 15:07:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
    [2012/01/12 15:07:25 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad (2).lnk
    [2012/01/12 15:01:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/01/12 14:56:07 | 000,684,297 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
    [2012/01/12 14:39:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/12 14:38:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/10 17:48:57 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
    [2012/01/10 13:29:54 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2012/01/10 11:47:03 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/10 11:25:04 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
    [2012/01/10 11:24:47 | 004,377,009 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
    [2012/01/10 11:22:08 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Presque Isle, Maine SkyCam.url
    [2011/12/30 20:28:53 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Subscription Received.url
    [2011/12/30 20:23:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/27 21:15:27 | 055,659,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
    [2011/12/27 17:25:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/12/27 16:08:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/25 09:12:36 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
    [2011/12/25 09:12:01 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
    [2011/12/25 09:12:00 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
    [2011/12/25 09:10:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/12/25 09:10:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/12/25 00:02:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/25 00:02:13 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/12/23 22:17:53 | 000,000,849 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/23 09:45:22 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VERIZON EMAIL.url
    [2011/12/23 09:29:20 | 000,444,886 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/12/23 09:29:20 | 000,072,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/12/21 18:03:44 | 000,000,291 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How to Age and Braise Venison.url
    [2011/12/21 16:50:22 | 000,000,137 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Bay 4 Motorsports Tewksbury MA ... Quality Pre-Owned ATV, Motorcycle, Dirtbike, Snowmobile Dealer. Located in Tewksbury Massachusetts.url
    [2011/12/19 22:50:06 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\U.S. National Debt Clock Real Time.url
    [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/01/12 15:12:19 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards (2).url
    [2012/01/12 15:07:25 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad (2).lnk
    [2012/01/12 15:00:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2012/01/12 15:00:45 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2012/01/12 15:00:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/12 15:00:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2012/01/12 15:00:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/01/12 15:00:40 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
    [2012/01/12 15:00:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2012/01/12 15:00:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2012/01/12 15:00:40 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI Catalyst Control Center Setup.lnk
    [2012/01/12 15:00:40 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install Altiris Aclient.lnk
    [2012/01/12 15:00:40 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
    [2012/01/12 15:00:40 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
    [2012/01/12 15:00:40 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
    [2012/01/12 14:56:06 | 000,684,297 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\unhide.exe
    [2012/01/10 17:48:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
    [2012/01/10 11:47:03 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
    [2011/12/30 11:05:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/30 11:05:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/30 11:05:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/30 11:05:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/30 10:38:11 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
    [2011/12/28 21:46:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/27 21:15:24 | 055,659,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
    [2011/12/27 17:25:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak
    [2011/12/27 17:24:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/27 16:08:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/25 09:11:59 | 000,000,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
    [2011/12/25 09:11:59 | 000,000,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
    [2011/12/25 09:11:33 | 000,000,432 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
    [2011/12/25 09:11:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/12/25 09:10:48 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/12/25 09:10:48 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/12/24 10:33:53 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
    [2011/12/21 16:50:22 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Bay 4 Motorsports Tewksbury MA ... Quality Pre-Owned ATV, Motorcycle, Dirtbike, Snowmobile Dealer. Located in Tewksbury Massachusetts.url
    [2011/12/21 16:11:54 | 000,000,291 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How to Age and Braise Venison.url
    [2011/12/21 11:42:23 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2011/12/19 22:50:06 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\U.S. National Debt Clock Real Time.url
    [2011/09/07 12:55:41 | 000,394,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/22 10:23:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/05/22 10:23:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/03/17 21:03:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/03/12 21:36:39 | 000,086,084 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/12/29 23:21:21 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
    [2010/12/29 23:21:21 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/07/08 12:39:26 | 000,000,022 | ---- | C] () -- C:\Program Files\InstSuccess.ini
    [2008/07/08 09:24:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2008/07/08 09:24:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
    [2008/07/08 09:07:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
    [2008/07/08 09:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/07/07 13:29:16 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2008/07/07 13:29:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
    [2008/07/07 13:29:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
    [2008/02/15 06:14:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/02/15 06:05:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2008/02/15 06:05:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2008/02/15 06:05:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2008/02/15 06:05:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2008/02/15 06:04:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
    [2008/02/15 05:49:12 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2006/04/25 13:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/04/25 12:43:54 | 000,444,886 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/04/25 12:43:54 | 000,072,636 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/04/25 12:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/04/25 12:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/02/27 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/02/27 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/02/27 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/02/27 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/02/27 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/02/27 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/02/27 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/02/27 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/05/08 05:12:22 | 000,000,781 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [1998/05/06 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

    ========== LOP Check ==========

    [2010/06/03 06:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
    [2011/12/25 08:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
    [2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
    [2008/02/15 06:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2010/12/30 20:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
    [2010/06/03 06:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2011/12/27 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/08/20 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
    [2011/12/24 21:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2011/07/04 14:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2011/12/27 21:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/12/27 12:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/12/29 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >
    [2008/04/13 19:12:35 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\setupn.exe


    < MD5 for: EXPLORER.EXE >
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
    [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
    [2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe
    [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe
    [2006/02/27 21:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2006/02/27 21:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
    [2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
    [2011/05/27 15:22:14 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2006/02/27 21:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
    [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
    [2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
  6. khastings

    khastings TS Rookie Topic Starter Posts: 36

    Extras.txt file

    OTL Extras logfile created on: 1/12/2012 3:12:22 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 69.13% Memory free
    3.34 Gb Paging File | 3.12 Gb Available in Paging File | 93.35% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 64.52 Gb Total Space | 18.73 Gb Free Space | 29.03% Space Free | Partition Type: NTFS
    Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

    Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .scr [@ = DWGTrueViewScriptFile] -- "" "%1"

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\WINDOWS\SMINST\Scheduler.exe" = C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
    "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service
    "C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe" = C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe:*:Enabled:panasonic Communications Utility -- (Panasonic Communications Co., Ltd.)
    "C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
    "C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{111A3D14-7596-43B0-92BA-418435C90672}" = Intel(R) PRO Network Connections
    "{13E3F00B-2C9F-48B1-8FAF-3EACCEF2300E}" = Read Me First
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2CD6BBA0-17C8-4789-9B9B-B36F7E815F6A}" = DWG TrueView 2007
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
    "{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{695603EE-5D13-4406-A034-B1346652CC4D}" = Windows Firewall Setting Tool
    "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
    "{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{938B1CD7-7C60-491E-AA90-1F1888168240}" = Roxio MyDVD Basic v9
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A2CE9587-4442-4A3D-BB4D-2C36CB69707D}" = Panasonic Software Version Information
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
    "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
    "{B03954CC-E130-4E57-BC83-869978685902}" = LG United Mobile Drivers
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B5D80887-7F80-4A4D-94CE-64944BEF5525}" = Panasonic Document Management System
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe 1.8.13.1
    "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
    "{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
    "{DEA90EEC-CA16-4092-9604-25B2ACC5273B}" = Communications Utility
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "avast" = avast! Free Antivirus
    "Citrix ICA Client" = Citrix ICA Client
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CutePDF Writer Installation" = CutePDF Writer 2.3
    "DWG TrueView 2011" = DWG TrueView 2011
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HECI" = Intel(R) Management Engine Interface
    "HP-LaserJet 1020 series" = LaserJet 1020 series
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{695603EE-5D13-4406-A034-B1346652CC4D}" = Panasonic Windows Firewall Setting Tool
    "InstallShield_{B5D80887-7F80-4A4D-94CE-64944BEF5525}" = Panasonic Document Management System
    "InstallShield_{DEA90EEC-CA16-4092-9604-25B2ACC5273B}" = Panasonic Communications Utility
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "UnityWebPlayer" = Unity Web Player

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I'm just realizing that I don't have the 2 logs from DDS. Did you run that scan? I went back but didn't see it. Please go ahead and run, leave the 2 logs..Do you have Spybot S&D on the system, with the Immunize feature enabled?
  8. khastings

    khastings TS Rookie Topic Starter Posts: 36

    Hi Bobbye,
    I couldn't run that scan initially because I couldn't disable AVG, never went back and ran it. I know in one post you were considering have me run it after reviewing a couple of logs, but we got sidetracked because of all the issues that popped up along the way. I figured out how to remove script blocking protection in avast. When i double-click on the dds icon after downloading it, it is asking me what program with which to open it, it is a .scr file, not a .exe file?

    I used to have spybot but the computer was "cleaned" by an it tech and I think he removed it. Please advise and thank you!
  9. khastings

    khastings TS Rookie Topic Starter Posts: 36

    Hi again - I got dds.pif downloaded and ran without script blocking, but the DOS screen eventually froze after about 25 "#" accumulated. Then my whole screen froze, this happened twice. I had to hard-shutdown to do anything. Therefore, I can't get any DDS logs for you to post.
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The Host files indicate that some type of program is running that blocked bad domains. Basically, this is a good thing. But I have never seen them display as yours do in OTL, let alone say there are 1500 more of them! And many do have Spybot S&D but don't have the blacklisted host files strung out.
    ---------------------------------
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:

      Code:
      :OTL
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...smb&pf=desktop
      IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
      O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
      O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell - "" = AutoRun
      O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{4835cc22-5994-11dd-b999-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
      O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell - "" = AutoRun
      O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{6172501e-1b97-11e1-af1d-0017a4efff8e}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
      O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell - "" = AutoRun
      O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun - "" = Auto&Play
      O33 - MountPoints2\{8ec6e122-3539-11de-a4b7-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe
      [2011/12/27 11:54:44 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
      [2011/12/25 09:12:36 | 000,000,432 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\zNM2RymvUAnRzE
      [2011/12/25 09:12:01 | 000,000,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzE
      [2011/12/25 09:12:00 | 000,000,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~zNM2RymvUAnRzEr
      [2011/12/24 10:33:53 | 000,000,849 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
      [2008/02/15 06:04:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
      regfile [merge] -- Reg Error: Key error.
      txtfile [edit] -- Reg Error: Key error.
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [resethosts]
      [clearjavacache]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    ======================================================
    Please download Farbar Service Scanner
    • Check Include all files option
    • Press the Scan button
    • Log named FSS.txt will be created in the same directory as the tool
    • Please paste the log into your next reply
    ===================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ===================================
    Hopefully there will be some improvement after the OTL Fix.

    Please go back to Folder Options in the Control Panel> View tab> Check 'don't show hidden files and folders'> Check 'hide protected system files (Recommended)> Apply> OK

    I think they are still showing from when you wanted to 'see' the fils.
  11. khastings

    khastings TS Rookie Topic Starter Posts: 36

    OTL Log

    Hi there Bobbeye!

    OTL logfile created on: 1/21/2012 5:07:33 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.49 Gb Total Physical Memory | 1.02 Gb Available Physical Memory | 68.43% Memory free
    3.34 Gb Paging File | 3.08 Gb Available in Paging File | 92.26% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 64.52 Gb Total Space | 17.82 Gb Free Space | 27.62% Space Free | Partition Type: NTFS
    Drive D: | 10.01 Gb Total Space | 8.21 Gb Free Space | 81.97% Space Free | Partition Type: NTFS

    Computer Name: MARTY | User Name: Administrator | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
    PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    PRC - C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files\AVAST Software\Avast\defs\12012101\algo.dll ()
    MOD - C:\WINDOWS\system32\cpwmon2k.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
    SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
    SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
    SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
    DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
    DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
    DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
    DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
    DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
    DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
    DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
    DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
    DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
    DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
    DRV - (HECI) Intel(R) -- C:\WINDOWS\system32\drivers\HECI.sys (Intel Corporation)
    DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
    DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
    DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
    DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
    DRV - (IFXTPM) -- C:\WINDOWS\system32\drivers\ifxtpm.sys (Infineon Technologies AG)
    DRV - (iAimFP4) -- C:\WINDOWS\system32\drivers\wVchNTxx.sys (Intel(R) Corporation)
    DRV - (iAimFP3) -- C:\WINDOWS\system32\drivers\wSiINTxx.sys (Intel(R) Corporation)
    DRV - (iAimTV5) -- C:\WINDOWS\system32\drivers\wATV10nt.sys (Intel(R) Corporation)
    DRV - (iAimTV4) -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys (Intel(R) Corporation)
    DRV - (iAimTV6) -- C:\WINDOWS\system32\drivers\wATV06nt.sys (Intel(R) Corporation)
    DRV - (iAimTV3) -- C:\WINDOWS\system32\drivers\wATV04nt.sys (Intel(R) Corporation)
    DRV - (iAimTV1) -- C:\WINDOWS\system32\drivers\wATV02NT.sys (Intel(R) Corporation)
    DRV - (iAimTV0) -- C:\WINDOWS\system32\drivers\wATV01nt.sys (Intel(R) Corporation)
    DRV - (iAimFP7) -- C:\WINDOWS\system32\drivers\wADV09NT.sys (Intel(R) Corporation)
    DRV - (iAimFP5) -- C:\WINDOWS\system32\drivers\wADV07nt.sys (Intel(R) Corporation)
    DRV - (iAimFP6) -- C:\WINDOWS\system32\drivers\wADV08NT.sys (Intel(R) Corporation)
    DRV - (i81x) -- C:\WINDOWS\system32\drivers\i81xnt5.sys (Intel(R) Corporation)
    DRV - (iAimFP0) -- C:\WINDOWS\system32\drivers\wADV01nt.sys (Intel(R) Corporation)
    DRV - (iAimFP1) -- C:\WINDOWS\system32\drivers\wADV02NT.sys (Intel(R) Corporation)
    DRV - (iAimFP2) -- C:\WINDOWS\system32\drivers\wADV05NT.sys (Intel(R) Corporation)
    DRV - (Symmpi) -- C:\WINDOWS\system32\DRIVERS\symmpi.sys (LSI Logic)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



    O1 HOSTS File: ([2012/01/21 17:04:39 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [BYRUA_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe (LG Electronics)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275512446515 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275512437234 (MUWebControl Class)
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C976CFF-FA86-4F59-87AA-30F302690AB9}: DhcpNameServer = 192.168.1.1 71.243.0.12
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/06/03 06:51:44 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 21:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/01/21 17:03:29 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/01/12 15:01:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/01/12 15:00:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Citrix
    [2012/01/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/01/10 11:47:00 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2012/01/10 11:28:14 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
    [2011/12/30 18:41:07 | 000,000,000 | --SD | C] -- C:\friday26551f
    [2011/12/30 16:44:34 | 000,000,000 | --SD | C] -- C:\friday
    [2011/12/30 11:05:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/12/30 11:05:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/12/30 11:05:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/12/30 11:05:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/12/30 11:04:46 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/12/28 16:35:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2011/12/27 21:15:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\avg
    [2011/12/27 17:24:53 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/12/27 17:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/12/27 16:12:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
    [2011/12/27 16:08:51 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2011/12/27 16:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
    [2011/12/27 16:08:50 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2011/12/27 16:08:47 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2011/12/27 16:08:47 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2011/12/27 16:08:46 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
    [2011/12/27 16:08:46 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2011/12/27 16:08:46 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2011/12/27 16:08:45 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2011/12/27 16:08:29 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
    [2011/12/27 16:08:28 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/12/27 16:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/12/27 11:57:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
    [2011/12/27 11:57:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/12/27 11:55:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
    [2011/12/25 00:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/23 22:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\System Fix

    ========== Files - Modified Within 30 Days ==========

    [2012/01/21 17:10:42 | 000,445,538 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2012/01/21 17:10:42 | 000,072,970 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2012/01/21 17:06:48 | 000,002,413 | ---- | M] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2012/01/21 17:06:28 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2012/01/21 17:06:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2012/01/21 17:04:39 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
    [2012/01/21 10:29:55 | 000,001,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
    [2012/01/21 10:11:00 | 000,000,357 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Presque Isle, Maine SkyCam.url
    [2012/01/15 18:26:31 | 000,000,324 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
    [2012/01/15 12:26:16 | 000,394,368 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2012/01/13 00:17:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2012/01/13 00:10:59 | 000,000,129 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
    [2012/01/12 15:07:26 | 000,001,507 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
    [2012/01/12 15:01:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
    [2012/01/10 17:48:57 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
    [2012/01/10 11:25:04 | 000,000,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
    [2011/12/30 20:28:53 | 000,000,263 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Subscription Received.url
    [2011/12/30 20:23:37 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/27 21:15:27 | 055,659,611 | ---- | M] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
    [2011/12/27 17:25:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2011/12/27 16:08:51 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/25 09:10:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/12/25 09:10:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/12/25 00:02:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2011/12/23 09:45:22 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VERIZON EMAIL.url

    ========== Files Created - No Company Name ==========

    [2012/01/21 10:29:55 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
    [2012/01/15 18:26:31 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\spider.sav
    [2012/01/13 00:10:59 | 000,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2012/01/12 15:00:45 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2012/01/12 15:00:44 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/01/12 15:00:44 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2012/01/12 15:00:44 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
    [2012/01/12 15:00:40 | 000,001,890 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN.lnk
    [2012/01/12 15:00:40 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
    [2012/01/12 15:00:40 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2012/01/12 15:00:40 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\ATI Catalyst Control Center Setup.lnk
    [2012/01/12 15:00:40 | 000,001,684 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Install Altiris Aclient.lnk
    [2012/01/12 15:00:40 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Acrobat.com.lnk
    [2012/01/12 15:00:40 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Movie Maker.lnk
    [2012/01/12 15:00:40 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
    [2012/01/10 17:48:57 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Indoor Climbing Gym Rates MetroRock.com.url
    [2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
    [2011/12/30 11:05:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/12/30 11:05:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/12/30 11:05:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/12/30 11:05:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/12/30 10:38:11 | 000,001,507 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Notepad.lnk
    [2011/12/28 21:46:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2011/12/27 21:15:24 | 055,659,611 | ---- | C] () -- C:\WINDOWS\System32\drivers\avg\incavi.avm.prepare
    [2011/12/27 17:25:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak
    [2011/12/27 17:24:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/12/27 16:08:51 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2011/12/25 09:11:02 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2011/12/25 09:10:48 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
    [2011/12/25 09:10:48 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
    [2011/12/21 11:42:23 | 000,002,413 | ---- | C] () -- C:\WINDOWS\System32\lgAxconfig.ini
    [2011/09/07 12:55:41 | 000,394,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/05/22 10:23:57 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/05/22 10:23:57 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/03/17 21:03:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
    [2011/03/12 21:36:39 | 000,086,084 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/12/29 23:21:21 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1020.exe
    [2010/12/29 23:21:21 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1020.dll
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
    [2008/07/08 12:39:26 | 000,000,022 | ---- | C] () -- C:\Program Files\InstSuccess.ini
    [2008/07/08 09:24:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2008/07/08 09:24:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\uninscpw.exe
    [2008/07/08 09:07:45 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
    [2008/07/08 09:03:41 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2008/07/07 13:29:16 | 001,174,000 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
    [2008/07/07 13:29:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4864.dll
    [2008/07/07 13:29:16 | 000,104,636 | ---- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
    [2008/02/15 06:14:19 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2008/02/15 06:05:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2008/02/15 06:05:03 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2008/02/15 06:05:03 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2008/02/15 06:05:03 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2008/02/15 06:05:03 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2008/02/15 05:49:12 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
    [2007/07/03 14:22:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/09/24 22:02:34 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/24 22:02:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2006/04/25 13:05:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2006/04/25 12:43:54 | 000,445,538 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2006/04/25 12:43:54 | 000,072,970 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2006/04/25 12:31:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2006/04/25 12:27:12 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2006/02/27 21:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/02/27 21:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/02/27 21:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/02/27 21:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/02/27 21:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/02/27 21:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/02/27 21:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2006/02/27 21:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [2002/05/28 02:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2002/05/28 02:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2002/05/08 05:12:22 | 000,000,781 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [1998/05/06 22:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

    ========== LOP Check ==========

    [2010/06/03 06:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk
    [2011/12/25 08:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICAClient
    [2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
    [2008/02/15 06:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
    [2010/12/30 20:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Unity
    [2010/06/03 06:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
    [2011/12/27 16:08:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
    [2011/08/20 17:03:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/02/15 06:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
    [2011/12/24 21:21:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LGMOBILEAX
    [2011/07/04 14:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2011/12/27 21:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2011/12/27 12:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/12/29 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
     
  12. khastings

    khastings TS Rookie Topic Starter Posts: 36

    FSS Log

    There was no "include all files" checkbox, so I checked all the boxes myself, I hope what I did was correct. Here is the log:

    Farbar Service Scanner Version: 18-01-2012 01
    Ran by Administrator (administrator) on 21-01-2012 at 17:14:05
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ===========
    BITS Service is not running. Checking service configuration:
    The start type of BITS service is set to Demand. The default start type is Auto.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS: "C:\WINDOWS\system32\qmgr.dll".


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    aswTdi(11) Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3)
    0x0C000000040000000100000002000000030000000B00000008000000090000000A0000000C000000050000000600000007000000
    IpSec Tag value is correct.

    **** End of log ****
  13. khastings

    khastings TS Rookie Topic Starter Posts: 36

    other info.

    I uninstalled Java then installed, it is now Java 6 Update 30.
    I had checked "don't show hidden files and folders" then downloaded unhide.exe and ran it, I thought before I did my last postings 5 days ago. I did go and check those two settings and they match what you told me. Hopefully we're progressing! Thank you so much!
    Karen
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    There are some entries in the log that I wouldn't expect to see logged. They are puzzling, but not necessarily bad.

    System is getting better, but not clean yet: Have you noticed any improvement?

    OTL Custom Scan Fixes
    • Run OTL
    • Copy the contents of the Code box and paste in the Custom Scans/Fixes box at the bottom:
      Code:
      :OTL
      @Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
      O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
      O15 - HKCU\..Trusted Domains: jfwhite.com ([]* in Trusted sites)
      O15 - HKCU\..Trusted Domains: webex.com ([]* in Trusted sites)
      [2012/01/21 10:29:55 | 000,001,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url
      [2012/01/10 11:25:04 | 000,000,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url
      :Files
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [emptyjava]
      [resethosts]
      [CreateRestorePoint]
      [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run uninterrupted, reboot the PC when it is done
    • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
    =========================================
    Please run this after OTL Fix: MGA Diagnostics tool
    • You will be prompted to either “Run” or “Save” the tool. Choose to “Run” the tool and follow the on-screen prompts.
    • You will receive an Internet Explorer-Security Warning dialog box for the Windows Genuine Advantage Diagnostic Tool>
    • You must choose to Run this tool when prompted.
    • Once you are presented with the Diagnostics tool choose Continue to run the diagnostic report.
    • If the RESOLVE button is available after running the diagnostics, please click RESOLVE to allow the diagnostic tool to attempt a repair.
    • After running the MGA Diagnostic tool, click on the Windows tab and then click on Copy
    • Please return to this thread and Paste the results here for review.
    ------------------------------------------
    This tool will is to look on the computer itself, in the documentation you received with the computer or with your retail purchase of Windows to see if you have a Certificate of Authenticity (COA). If you have one, tell us about the COA. Tell us:

    1. What edition of Windows XP is it for, Home, Pro, or Media Center, or another version of Windows?
    2. Does it read "OEM Software" or "OEM Product" in black lettering?
    3. Or, does it have the computer manufacturer's name in black lettering?
    4. DO NOT post the Product Key.

    NOTE: The data collected with the Genuine Diagnostics Tool does NOT contain any information that can personally identify you and can be fully reviewed, by you, before being posted.
    ========================================
    Edit: Forgot this: Click on start> Run> type in services.msc> Enter> Find and double click on Background Intelligent Transfer Service (BITS)> Set Startup type to Manual.
  15. khastings

    khastings TS Rookie Topic Starter Posts: 36

    OTL Log

    All processes killed
    Error: Unable to interpret <Code:> in the current context!
    ========== OTL ==========
    Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 .
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\jfwhite.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webex.com\ deleted successfully.
    File C:\Documents and Settings\Administrator\Desktop\Remove System Check (Uninstall Guide).url not found.
    C:\Documents and Settings\Administrator\Desktop\Hard drive clusters are partly damaged message - Page 2 - TechSpot OpenBoards.url moved successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 148828 bytes
    ->Temporary Internet Files folder emptied: 1142270 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 483 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 1365002 bytes

    Total Files Cleaned = 3.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: LogMeInRemoteUser

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb


    [EMPTYJAVA]

    User: Administrator
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default User

    User: LocalService

    User: LogMeInRemoteUser

    User: NetworkService

    Total Java Files Cleaned = 0.00 mb

    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully
    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.31.0 log created on 01222012_140655

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ZM3UH6LH\topic175275-2[1].html moved successfully.
    File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  16. khastings

    khastings TS Rookie Topic Starter Posts: 36

    MGA

    Diagnostic Report (1.9.0027.0):
    -----------------------------------------
    Windows Validation Data-->
    Validation Status: Genuine
    Validation Code: 0
    Cached Validation Code: N/A
    Windows Product Key: *****-*****-2MDY9-F6J9M-K42BQ
    Windows Product Key Hash: jY+nlE0RT38EEXpeUqSdQPABSQc=
    Windows Product ID: 76487-OEM-2211906-00101
    Windows Product ID Type: 2
    Windows License Type: OEM SLP
    Windows OS version: 5.1.2600.2.00010100.3.0.pro
    ID: {A0C3CF82-BDCD-4879-8068-9CA1EB8BBE5B}(1)
    Is Admin: Yes
    TestCab: 0x0
    LegitcheckControl ActiveX: Registered, 1.9.40.0
    Signed By: Microsoft
    Product Name: N/A
    Architecture: N/A
    Build lab: N/A
    TTS Error: N/A
    Validation Diagnostic: 025D1FF3-230-1
    Resolution Status: N/A

    Vista WgaER Data-->
    ThreatID(s): N/A
    Version: N/A

    Windows XP Notifications Data-->
    Cached Result: 0
    File Exists: Yes
    Version: 1.9.40.0
    WgaTray.exe Signed By: Microsoft
    WgaLogon.dll Signed By: Microsoft

    OGA Notifications Data-->
    Cached Result: N/A, hr = 0x80070002
    Version: 2.0.48.0
    OGAExec.exe Signed By: Microsoft
    OGAAddin.dll Signed By: Microsoft

    OGA Data-->
    Office Status: 100 Genuine
    Microsoft Office Professional Edition 2003 - 100 Genuine
    OGA Version: Registered, 2.0.48.0
    Signed By: Microsoft
    Office Diagnostics: 025D1FF3-230-1_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

    Browser Data-->
    Proxy settings: N/A
    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
    Default Browser: C:\Program Files\Internet Explorer\IEXPLORE.exe
    Download signed ActiveX controls: Prompt
    Download unsigned ActiveX controls: Disabled
    Run ActiveX controls and plug-ins: Allowed
    Initialize and script ActiveX controls not marked as safe: Disabled
    Allow scripting of Internet Explorer Webbrowser control: Disabled
    Active scripting: Allowed
    Script ActiveX controls marked as safe for scripting: Allowed

    File Scan Data-->

    Other data-->
    Office Details: <GenuineResults><MachineData><UGUID>{A0C3CF82-BDCD-4879-8068-9CA1EB8BBE5B}</UGUID><Version>1.9.0027.0</Version><OS>5.1.2600.2.00010100.3.0.pro</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-K42BQ</PKey><PID>76487-OEM-2211906-00101</PID><PIDType>2</PIDType><SID>S-1-5-21-3684139542-1093763568-3255329030</SID><SYSTEM><Manufacturer>Hewlett-Packard</Manufacturer><Model>HP Compaq dc7600 Small Form Factor</Model></SYSTEM><BIOS><Manufacturer>Hewlett-Packard</Manufacturer><Version>786D1 v01.03</Version><SMBIOSVersion major="2" minor="4"/><Date>20050518000000.000000+000</Date><SLPBIOS>Compaq,Hewlett,Hewlett,Compaq</SLPBIOS></BIOS><HWID>B99B3A7F0184E07C</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>2</stat><msppid></msppid><name>Hewlett-Packard</name><model>HP Compaq dc7700 Small Form Factor</model></SBID><OEM/><GANotification><File Name="WgaTray.exe" Version="1.9.40.0"/><File Name="WgaLogon.dll" Version="1.9.40.0"/><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>13D0F7C0C850D00</Val><Hash>y2/TmYa3GO/I8NpCX+9pFRxaakw=</Hash><Pid>73931-640-0043284-57628</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="100"/><App Id="16" Version="11" Result="100"/><App Id="18" Version="11" Result="100"/><App Id="19" Version="11" Result="100"/><App Id="1A" Version="11" Result="100"/><App Id="1B" Version="11" Result="100"/><App Id="44" Version="11" Result="100"/></Applications></Office></Software></GenuineResults>

    Licensing Data-->
    N/A

    Windows Activation Technologies-->
    N/A

    HWID Data-->
    N/A

    OEM Activation 1.0 Data-->
    BIOS string matches: yes
    Marker string from BIOS: 8C19:Compaq Computer Corporation|116FC:Compaq Computer Corporation|1FFEA:Compaq Computer Corporation|EB58:Compaq Computer Corporation|11723:Compaq Computer Corporation|11723:Compaq Computer Corporation|1FFEA:Hewlett-Packard Company|EB58:Hewlett-Packard Company
    Marker string from OEMBIOS.DAT: Compaq,Hewlett,Hewlett,Compaq

    OEM Activation 2.0 Data-->
    N/A
  17. khastings

    khastings TS Rookie Topic Starter Posts: 36

    MSC services

    I believe the BITS was already set to manual, but I didn't see a save key, and I did not click on Start Service, am I all set with this part? Thanks!
    Karen
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    All you would do if you had to change a Service is make the change, click on Apply> OK. You do not need to start the Service.

    The MGA looks okay. I don't know what you're referring to in the PM. I thought there might be a problem with Validation or License since you're having so much problem. You're not showing a block for Volume Licensing.

    Have you noticed any improvement since running the 2 OTL fixes?
  19. khastings

    khastings TS Rookie Topic Starter Posts: 36

    Hi - I see improvement in that I am no longer getting the fake error messages from the original virus, and I can see my start menu programs and desktop is blue and all the icons are there. So on my end, things seem fine, not sure if you can see anything else in those logs, but operationally it appears back to normal. Thank you so much for your help.
    Karen
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Well, that makes my day! Howabout these 2 quickies, then we'll close up (hopefully!)

    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ====================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
  21. khastings

    khastings TS Rookie Topic Starter Posts: 36

    HijackThis Log

    Good morning!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:27:32 AM, on 1/25/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BYRUA_AGENT] C:\Documents and Settings\All Users\Application Data\LGMOBILEAX\BYR_Client\VZWUAAgent.exe
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1275512446515
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1275512437234
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 6241 bytes
  22. khastings

    khastings TS Rookie Topic Starter Posts: 36

    Eset

    Eset found no threats. Wahoo!
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Oh yes- that a good thing! One more step:

    Please reopen HijackThis to 'do system scan only.' Check each of the following if present:

    O1 - Hosts: ÿþ127.0.0.1 localhost
    O1 - Hosts: ::1 localhost


    Close all Windows except HijackThis and click on "Fix Checked"
    =============================
    You can free-up some resources by re-setting the following Services:
    Click on Start> Run> type in services.msc> Enter> Double click on each to open and set as given:

    1. Bonjour Service > Set to Manual Startup Type> If not using now> Stop the Service
    2. iPod Service< Set to Manual Startup Type> if not using now> Stop the Service
    3. Java Quick Starter (jqs]> Set to Disabled Startup Type> Stop the Service if running. This is a useless function that is not needed and uses system resources.
    Exit Services when through.

    You've done a good job, Karen. It was a pleasure to help you!
    ---------------------------------
    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    ============================================
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner]
      or
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.

    Let me know if you have any questions.
  24. khastings

    khastings TS Rookie Topic Starter Posts: 36

    questions

    Thanks Bobbye!
    I do have a few questions - I couldn't find combofix, I must have uninstalled it previously?
    When you say to delete backups of files combofix deleted, how do I find those files if they exist?
    The link to OTC wasn't titled OTCleanit.exe, it is just OTC, is this the correct file?
    I did the hijack this fix but will await the OTC info. before proceeding, not sure if the order of operations is important. Thanks again! I'm looking forward to seeing Mr. Clean on my screen.
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If you used the Combofix uninstall directions I gave you, that will remove Combofix (the program) and all the backups and logs from it. That line is meant to be one function.

    OTC is fine. We use several "OT" programs. They start with 'OT' and add the last letter of that particular program. The 'C' is for cleanup. Okay to use the link I have for "Old Timer's Cleanup' as just OTC.

    Karen I don't use the Mr. Clean gif. It is difficult to find a gif that is safe and clean, with no extra content in it.

    But your system IS CLEAN! [​IMG]Peace


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.