Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer troubles


  • Please log in to reply
11 replies to this topic

#1 jerseydevil

jerseydevil

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 11 January 2013 - 10:03 PM

Hello, I was directed to start a thread here, and to post the following DDS log. I recieved help from a very helpful indevidual. Here is a link to my original thread http://www.bleepingcomputer.com/forums/topic480207.html/page__p__2934702__fromsearch__1#entry2934702
I started it because I have the following issues: Internet Explorer opens, then immediatly closes, system restore will not open, I can not open several other programs, but I forget which ones. I am suspicious of two programs that I can not remove from the computer. I tried through add remove programs, and system files. Cant get rid of them.They are: strongvault,shop to win, and qwiklinx. Thank you for your time, and effort.
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 19:41:04 on 2013-01-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2022.1583 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [windows] c:\documents and settings\owner\application data\bsade.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [UIUCU] c:\docume~1\owner\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab
TCP: NameServer = 192.168.1.1 71.242.0.12
TCP: Interfaces\{459D57ED-58E4-4FEC-B6B3-EAFEF15885A9} : DHCPNameServer = 192.168.1.1 71.242.0.12
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpudrv;cpudrv;\??\c:\program files\systemrequirementslab\cpudrv.sys --> c:\program files\systemrequirementslab\cpudrv.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-01-08 13:24:06 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{de62e2ac-3b6e-4574-ba8c-b0fdfd73be50}\offreg.dll
2013-01-08 02:08:42 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{de62e2ac-3b6e-4574-ba8c-b0fdfd73be50}\mpengine.dll
2013-01-06 00:06:20 -------- d-----w- c:\windows\ERUNT
2013-01-06 00:00:23 -------- d-----w- C:\JRT
2013-01-05 21:59:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-01-02 02:05:18 -------- d-----w- c:\program files\FLV_Runner
2013-01-02 01:34:07 -------- d-----w- c:\program files\ESET
2012-12-31 05:20:04 109248 ----a-w- c:\documents and settings\owner\application data\MSWINSCK.OCX
2012-12-31 05:02:10 -------- d-----w- C:\37833957bac7202389c09215c9a965be
2012-12-31 03:10:15 -------- d-----w- c:\program files\Yahoo!
2012-12-28 03:34:27 -------- d-----w- C:\photos
2012-12-28 03:19:51 -------- d-----w- c:\windows\system32\NtmsData
2012-12-27 05:40:04 -------- d-----w- C:\downloads
2012-12-27 04:45:06 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-12-27 04:45:06 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-12-27 04:45:05 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-12-27 04:45:05 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-12-27 02:55:23 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-27 02:54:55 -------- d-----w- c:\program files\iPod
2012-12-27 02:54:51 -------- d-----w- c:\program files\iTunes
2012-12-27 02:54:51 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-27 02:54:38 5989776 ----a-w- c:\windows\system32\usbaaplrc.dll
2012-12-27 02:54:38 44544 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2012-12-27 02:54:23 -------- d-----w- c:\program files\Bonjour
2012-12-27 02:28:15 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-12-27 02:28:15 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
.
==================== Find3M ====================
.
2013-01-03 04:53:47 90112 ----a-w- c:\windows\DUMP422a.tmp
2013-01-03 04:41:31 90112 ----a-w- c:\windows\DUMP40d1.tmp
2013-01-03 04:29:18 90112 ----a-w- c:\windows\DUMP448a.tmp
2013-01-03 04:17:03 90112 ----a-w- c:\windows\DUMP41ac.tmp
2013-01-03 04:04:48 90112 ----a-w- c:\windows\DUMP4229.tmp
2013-01-03 03:52:32 90112 ----a-w- c:\windows\DUMP423a.tmp
2013-01-03 03:40:17 90112 ----a-w- c:\windows\DUMP418d.tmp
2013-01-03 03:28:01 90112 ----a-w- c:\windows\DUMP4161.tmp
2013-01-03 03:15:47 90112 ----a-w- c:\windows\DUMP4160.tmp
2013-01-03 03:03:31 90112 ----a-w- c:\windows\DUMP4110.tmp
2013-01-03 02:51:17 90112 ----a-w- c:\windows\DUMP443c.tmp
2013-01-03 02:39:24 90112 ----a-w- c:\windows\DUMP4219.tmp
2013-01-03 02:27:09 90112 ----a-w- c:\windows\DUMP417d.tmp
2013-01-03 02:14:44 90112 ----a-w- c:\windows\DUMP411f.tmp
2013-01-03 02:02:29 90112 ----a-w- c:\windows\DUMP46ad.tmp
2013-01-03 01:50:12 90112 ----a-w- c:\windows\DUMP4093.tmp
2013-01-03 01:37:57 90112 ----a-w- c:\windows\DUMP449a.tmp
2013-01-03 01:25:42 90112 ----a-w- c:\windows\DUMP42d5.tmp
2013-01-03 01:13:26 90112 ----a-w- c:\windows\DUMP40a2.tmp
2013-01-02 04:48:42 90112 ----a-w- c:\windows\DUMP4323.tmp
2013-01-02 04:36:26 90112 ----a-w- c:\windows\DUMP40e1.tmp
2013-01-02 04:24:12 90112 ----a-w- c:\windows\DUMP415f.tmp
2013-01-02 04:11:55 90112 ----a-w- c:\windows\DUMP42b6.tmp
2013-01-02 03:59:40 90112 ----a-w- c:\windows\DUMP419c.tmp
2013-01-02 03:47:24 90112 ----a-w- c:\windows\DUMP413f.tmp
2013-01-02 03:35:08 90112 ----a-w- c:\windows\DUMP415e.tmp
2013-01-02 03:22:53 90112 ----a-w- c:\windows\DUMP4035.tmp
2013-01-02 03:10:38 90112 ----a-w- c:\windows\DUMP420a.tmp
2013-01-02 02:58:23 90112 ----a-w- c:\windows\DUMP4352.tmp
2013-01-02 02:46:08 90112 ----a-w- c:\windows\DUMP3f89.tmp
2013-01-02 02:33:53 90112 ----a-w- c:\windows\DUMP412f.tmp
2013-01-02 02:21:38 90112 ----a-w- c:\windows\DUMP4630.tmp
2013-01-02 02:09:21 90112 ----a-w- c:\windows\DUMP4239.tmp
2013-01-02 01:57:05 90112 ----a-w- c:\windows\DUMP41fa.tmp
2013-01-02 01:44:50 90112 ----a-w- c:\windows\DUMP40b2.tmp
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 19:42:07.17 ===============

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:00 AM

Posted 12 January 2013 - 11:12 AM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

OTL Custom Scan

We need to run an OTL Custom Scan

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Copy and Paste the following code into the Posted Image textbox.


    netsvcs
    drivers32
    %systemroot%\*. /rp /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.


NEXT:



Running aswMBR.exe

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image



NEXT:



Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. OTL.txt & Extras.txt log files.
3. aswMBR.txt log file.
4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 15 January 2013 - 07:43 AM

Please don't close out, I'm working on this.

#4 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 15 January 2013 - 09:24 PM

OTL logfile created on: 1/15/2013 7:58:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = J:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 77.28% Memory free
3.83 Gb Paging File | 3.52 Gb Available in Paging File | 92.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 125.33 Gb Free Space | 81.71% Space Free | Partition Type: NTFS
Drive D: | 31.50 Gb Total Space | 5.60 Gb Free Space | 17.78% Space Free | Partition Type: NTFS
Drive J: | 960.72 Mb Total Space | 285.73 Mb Free Space | 29.74% Space Free | Partition Type: FAT

Computer Name: IU-611DF5E7B7E7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/15 07:57:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- J:\OTL.exe
PRC - [2012/02/16 14:44:24 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/10 20:07:20 | 000,413,696 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- c:\docume~1\owner\locals~1\temp\cdm\{c2db5841-b484-42f9-a6db-8b6035648b9c}\STacSV.exe -- (STacSV)
SRV - [2012/02/16 14:44:24 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\igdkmd32.sys -- (igfx)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2008/04/10 20:10:10 | 001,271,032 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/08/29 13:27:00 | 000,043,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes,DefaultScope = {F78E08A4-D00A-4B0E-8207-EE993451AFA9}
IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{8B260764-FEAF-4110-8C5A-FCD7C353ED61}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{B2A738E7-4342-4783-AF37-3E3094F07ABD}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{F78E08A4-D00A-4B0E-8207-EE993451AFA9}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,136,0_0,Search,20121253,6901,0,8,0
IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



O1 HOSTS File: ([2001/08/23 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O3 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [UIUCU] C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S File not found
O4 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003..\Run: [windows] C:\Documents and Settings\Owner\Application Data\bsade.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.242.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{459D57ED-58E4-4FEC-B6B3-EAFEF15885A9}: DhcpNameServer = 192.168.1.1 71.242.0.12
O18 - Protocol\Handler\mhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/02/15 16:30:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/10 19:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Videos
[2013/01/10 19:41:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
[2013/01/05 19:06:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/01/05 19:00:23 | 000,000,000 | ---D | C] -- C:\JRT
[2013/01/05 16:59:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/01/02 20:02:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2013/01/02 20:02:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2013/01/01 21:05:18 | 000,000,000 | ---D | C] -- C:\Program Files\FLV_Runner
[2013/01/01 20:34:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/12/31 00:20:04 | 000,109,248 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Application Data\MSWINSCK.OCX
[2012/12/31 00:02:10 | 000,000,000 | ---D | C] -- C:\37833957bac7202389c09215c9a965be
[2012/12/30 23:10:32 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/12/30 22:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/12/30 22:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ShopToWin
[2012/12/30 22:10:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2012/12/30 22:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2012/12/30 22:10:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2012/12/30 22:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2012/12/27 22:34:27 | 000,000,000 | ---D | C] -- C:\photos
[2012/12/27 22:19:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012/12/27 00:40:04 | 000,000,000 | ---D | C] -- C:\downloads
[2012/12/26 21:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/12/26 21:54:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/26 21:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/26 21:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/26 21:54:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2012/12/26 21:54:23 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[35 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/15 19:47:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2013/01/15 19:44:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/15 19:42:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/10 22:09:57 | 000,405,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/10 22:09:57 | 000,054,560 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/04 23:02:22 | 000,002,070 | ---- | M] () -- C:\scu.dat
[2013/01/04 22:51:59 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2013/01/02 20:02:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/01/01 19:58:42 | 000,000,149 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\hidden
[2012/12/31 12:21:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\mail.dat
[2012/12/31 12:21:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\mess.dat
[2012/12/31 12:21:07 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Owner\ffpw.dat
[2012/12/31 12:21:07 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Owner\chro.dat
[2012/12/30 10:16:12 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/27 21:24:43 | 000,344,579 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\The Mullusk-Ween.m4r
[2012/12/27 20:52:12 | 000,617,956 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Jambi-TOOL.m4r
[2012/12/27 03:18:07 | 000,090,296 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/12/27 03:02:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/12/26 21:55:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[35 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/04 23:02:22 | 000,002,070 | ---- | C] () -- C:\scu.dat
[2013/01/04 22:51:59 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2012/12/31 12:21:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\mail.dat
[2012/12/31 12:21:08 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\mess.dat
[2012/12/31 12:21:07 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Owner\ffpw.dat
[2012/12/31 12:21:07 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Owner\chro.dat
[2012/12/30 22:17:56 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\hidden
[2012/12/27 21:24:43 | 000,344,579 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\The Mullusk-Ween.m4r
[2012/12/27 20:52:12 | 000,617,956 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Jambi-TOOL.m4r
[2012/12/27 20:26:52 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/26 21:55:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2012/02/15 20:15:38 | 001,481,884 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2012/02/15 20:15:37 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll
[2012/02/15 19:49:13 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/02/15 19:47:51 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 18:07:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/15 16:32:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/02/15 16:27:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/02/14 13:51:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/02/14 13:50:10 | 000,090,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/12/19 03:53:33 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/12/26 21:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

========== Purity Check ==========



========== Custom Scans ==========

< %systemroot%\*. /rp /s >

< C:\Program Files\Common Files\ComObjects\*.* /s >
[2012/02/15 16:28:25 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2012/02/15 17:28:17 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2012/02/16 15:11:47 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/02/16 18:13:50 | 000,000,284 | ---- | C] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/10/31 19:35:35 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2013-01-11 03:10:38

< >

< >

< >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction

< End of report >

OTL Extras logfile created on: 1/15/2013 7:58:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = J:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 77.28% Memory free
3.83 Gb Paging File | 3.52 Gb Available in Paging File | 92.08% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 153.38 Gb Total Space | 125.33 Gb Free Space | 81.71% Space Free | Partition Type: NTFS
Drive D: | 31.50 Gb Total Space | 5.60 Gb Free Space | 17.78% Space Free | Partition Type: NTFS
Drive J: | 960.72 Mb Total Space | 285.73 Mb Free Space | 29.74% Space Free | Partition Type: FAT

Computer Name: IU-611DF5E7B7E7 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Shop to Win 27\TroubleShooter.exe" = C:\Program Files\Shop to Win 27\TroubleShooter.exe:*:Enabled:Shop to Win 27 (Helper)
"C:\Documents and Settings\Owner\Application Data\bsade.exe" = C:\Documents and Settings\Owner\Application Data\bsade.exe:*:Enabled:Windows Messanger
"C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for TeenBurg - Glorietta by Hiddenseek.zip\TeenBurg - Glorietta by Hiddenseek.exe" = C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for TeenBurg - Glorietta by Hiddenseek.zip\TeenBurg - Glorietta by Hiddenseek.exe:*:Enabled:Windows Messanger


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{3002C8EB-2A7E-419B-B77F-5AD7E9F54A5A}" = Strongvault Online Backup
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{C792A75A-2A1F-4991-9B85-291745478A79}" = NetAssistant
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"DefaultTab" = DefaultTab
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel® Graphics Media Accelerator Driver
"HECI" = Intel® Management Engine Interface
"ie8" = Windows Internet Explorer 8
"MESOL" = Intel® Active Management Technology LMS Service and SOL Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"PROSet" = Intel® PRO Network Connections Drivers
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1482476501-1563985344-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant 3.8.3" = W3i NetAssistant

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/1/2013 7:23:59 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 7:36:15 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 7:48:29 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 8:00:45 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 8:12:56 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 8:25:11 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 8:37:30 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 8:49:42 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 8:52:19 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

Error - 1/1/2013 9:28:52 PM | Computer Name = IU-611DF5E7B7E7 | Source = STacSV | ID = 268435455
Description =

[ System Events ]
Error - 12/31/2012 12:50:10 AM | Computer Name = IU-611DF5E7B7E7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 12/31/2012 12:58:13 AM | Computer Name = IU-611DF5E7B7E7 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-15 20:09:54
-----------------------------
20:09:54.296 OS Version: Windows 5.1.2600 Service Pack 3
20:09:54.296 Number of processors: 2 586 0xF06
20:09:54.296 ComputerName: IU-611DF5E7B7E7 UserName: Owner
20:09:54.937 Initialize success
20:18:49.562 AVAST engine defs: 13011501
20:28:36.015 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-7
20:28:36.015 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 32253MB BusType: 3
20:28:36.015 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-1a
20:28:36.015 Disk 1 Vendor: Hitachi_HDS721616PLA380 P22OAB3A Size: 157066MB BusType: 3
20:28:36.015 Disk 1 MBR read successfully
20:28:36.015 Disk 1 MBR scan
20:28:36.046 Disk 1 Windows XP default MBR code
20:28:36.046 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 157065 MB offset 63
20:28:36.062 Disk 1 scanning sectors +321669495
20:28:36.125 Disk 1 scanning C:\WINDOWS\system32\drivers
20:28:45.093 Service scanning
20:28:52.343 Service MpKslf51277ef c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{53D99B4A-6936-4A9E-BC4A-B673F41DBFAE}\MpKslf51277ef.sys **LOCKED** 32
20:29:01.750 Modules scanning
20:29:04.890 Disk 1 trace - called modules:
20:29:04.890 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
20:29:04.890 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x89b8cab8]
20:29:04.906 3 CLASSPNP.SYS[f7657fd7] -> nt!IofCallDriver -> \Device\00000061[0x89b8f9e8]
20:29:04.906 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-1a[0x89b43d98]
20:29:05.390 AVAST engine scan C:\WINDOWS
20:29:11.109 AVAST engine scan C:\WINDOWS\system32
20:30:58.921 AVAST engine scan C:\WINDOWS\system32\drivers
20:31:08.828 AVAST engine scan C:\Documents and Settings\Owner
20:31:36.203 AVAST engine scan C:\Documents and Settings\All Users
20:32:26.156 Scan finished successfully
20:40:34.859 Disk 1 MBR has been saved successfully to "J:\MBR.dat"
20:40:34.875 The log file has been saved successfully to "J:\aswMBR.txt"


Thank you for your time and effort. As far as I can tell, nothing has changd since my first post.

#5 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:00 AM

Posted 16 January 2013 - 12:57 AM

Hi!

Do you happen to recognize these files?

[2013/01/01 19:58:42 | 000,000,149 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\hidden
[2012/12/31 12:21:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\mail.dat
[2012/12/31 12:21:08 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\mess.dat
[2012/12/31 12:21:07 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Owner\ffpw.dat
[2012/12/31 12:21:07 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Owner\chro.dat


ERUNT - Emergency Recovery Utility NT
Modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
This is a free program that allows you to keep a complete backup of your registry and restore it when needed.

ERUNT utility program
Download:

  • Please download ERUNT...by Lars Hederer. Save it to your desktop.
  • Double-click erunt-setup-exe to start the install process. Follow the install prompts.
  • Use the default install settings...
    say "NO" to the section that asks you to add ERUNT to the Start-Up folder. Enable this option later if desired.
  • Start ERUNT by opting to start the program at the end of setup -or- double click the desktop icon.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK ... Then click on "YES" to create the folder.
Run:
  • Please navigate to Start >> All Programs >> ERUNT. Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!



NEXT:



Download the adwCleaner
  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.


NEXT:



OTL Fix

We need to run an OTL Fix

Note: If you have MalwareBytes Anti-Malware 1.6 or higher installed and are using the Pro version or trial version, please temporarily disable it for the duration of this fix as it may interfere with the successfully execution of the script below.

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - File not found [Auto | Stopped] -- c:\docume~1\owner\locals~1\temp\cdm\{c2db5841-b484-42f9-a6db-8b6035648b9c}\STacSV.exe -- (STacSV)
    IE - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\SearchScopes\{8B260764-FEAF-4110-8C5A-FCD7C353ED61}: "URL" = http://www.mysearchresults.com/search?&c=2652&t=03&q={searchTerms}
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\Toolbar\ShellBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
    O3 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - No CLSID value found.
    O4 - HKLM..\Run: [UIUCU] C:\DOCUME~1\Owner\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S File not found
    O4 - HKU\S-1-5-21-1482476501-1563985344-1801674531-1003..\Run: [windows] C:\Documents and Settings\Owner\Application Data\bsade.exe File not found
    [2012/12/30 22:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ShopToWin
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Shop to Win 27\TroubleShooter.exe"=-
    "C:\Documents and Settings\Owner\Application Data\bsade.exe"=-
    "C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for TeenBurg - Glorietta by Hiddenseek.zip\TeenBurg - Glorietta by Hiddenseek.exe"=-
    :Files
    C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for TeenBurg - Glorietta by Hiddenseek.zip
    C:\Documents and Settings\Owner\Application Data\bsade.exe
    dir /s /a "C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1" /c
    C:\Program Files\Shop to Win 27
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [emptytemp]
    [EMPTYFLASH]
    [EMPTYJAVA]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:


Please provide me with the requested logs above, as well as an update on how your computer is currently performing.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#6 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 16 January 2013 - 07:56 AM

Hi, I don't recognize those files. I will perform the scans after work. Thank you!

#7 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:00 AM

Posted 17 January 2013 - 12:48 AM

Okay, I'll await your response with the requested log files.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#8 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 18 January 2013 - 08:20 PM

OK, here are the logs. I had a wierd issue with Erunt; i kept getting the message "cocreationinstance failed; code 0x80040154", but it seemed to work. I think... I still see no difference in the machines behavior. I am wondering if it possible to reload explorer without an xp cd. I also cant run media player. does microsoft offer free versions of these? I am also considering considering firefox.
Sorry this is taking so long, but it seems to be hopeless:( Of course, the good news is, I can take it back to work(where I purchased it) and have them wipe and reload it (for free:0). So its not so bad:) I really appreciate all of your help, and am willing to keep trying with you. I actually would prefer to fix it ourselves rather than take it in.
OK, have a nice weekend, Marc
# AdwCleaner v2.106 - Logfile created 01/17/2013 at 21:48:23
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - IU-611DF5E7B7E7
# Boot Mode : Normal
# Running from : J:\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\FCTB000100565
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Deleted : HKLM\SOFTWARE\FCTB000100565
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [3876 octets] - [05/01/2013 17:22:47]
AdwCleaner[R2].txt - [1801 octets] - [17/01/2013 21:47:45]
AdwCleaner[S2].txt - [1756 octets] - [17/01/2013 21:48:23]

########## EOF - C:\AdwCleaner[S2].txt - [1816 octets] ##########

All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Service STacSV stopped successfully!
Service STacSV deleted successfully!
File c:\docume~1\owner\locals~1\temp\cdm\{c2db5841-b484-42f9-a6db-8b6035648b9c}\STacSV.exe not found.
Registry key HKEY_USERS\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\SearchScopes\{8B260764-FEAF-4110-8C5A-FCD7C353ED61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8B260764-FEAF-4110-8C5A-FCD7C353ED61}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
Registry value HKEY_USERS\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\UIUCU deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1482476501-1563985344-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Run\\windows deleted successfully.
Folder C:\Documents and Settings\Owner\My Documents\ShopToWin\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Shop to Win 27\TroubleShooter.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Owner\Application Data\bsade.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for TeenBurg - Glorietta by Hiddenseek.zip\TeenBurg - Glorietta by Hiddenseek.exe deleted successfully.
========== FILES ==========
File\Folder C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for TeenBurg - Glorietta by Hiddenseek.zip not found.
File\Folder C:\Documents and Settings\Owner\Application Data\bsade.exe not found.
< dir /s /a "C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1" /c >
Volume in drive C has no label.
Volume Serial Number is AC6E-681B
Directory of C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
12/26/2012 09:55 PM <DIR> .
12/26/2012 09:55 PM <DIR> ..
08/21/2012 01:01 PM 1,977,816 GEARDIFx.exe
12/26/2012 09:55 PM <DIR> x86
1 File(s) 1,977,816 bytes
Directory of C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86
12/26/2012 09:55 PM <DIR> .
12/26/2012 09:55 PM <DIR> ..
08/21/2012 01:01 PM 323,464 DIFxAPI.dll
08/21/2012 01:01 PM 115,672 DifXInst32.exe
12/26/2012 09:55 PM 3,246 DIFxInstallLog.txt
08/21/2012 01:01 PM 106,928 GEARAspi.dll
08/21/2012 01:01 PM 2,704 GEARAspiWDM.inf
08/21/2012 01:01 PM 7,587 gearaspiwdmx86.cat
12/26/2012 09:55 PM <DIR> x86
6 File(s) 559,601 bytes
Directory of C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1\x86\x86
12/26/2012 09:55 PM <DIR> .
12/26/2012 09:55 PM <DIR> ..
08/21/2012 01:01 PM 26,840 GEARAspiWDM.sys
1 File(s) 26,840 bytes
Total Files Listed:
8 File(s) 2,564,257 bytes
8 Dir(s) 134,527,926,272 bytes free
J:\cmd.bat deleted successfully.
J:\cmd.txt deleted successfully.
File\Folder C:\Program Files\Shop to Win 27 not found.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
Are you sure (Y/N)?processed file: C:\WINDOWS\system32\drivers\etc\hosts
J:\cmd.bat deleted successfully.
J:\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
J:\cmd.bat deleted successfully.
J:\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 77921771 bytes
->Temporary Internet Files folder emptied: 75386749 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 802420 bytes
->Temporary Internet Files folder emptied: 669150 bytes

User: Owner
->Temp folder emptied: 89142075 bytes
->Temporary Internet Files folder emptied: 88309 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3153920 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119885305 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10302560 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 360.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Owner
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Owner
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01172013_220915

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\TMP00000001548272DF12FEA392 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
THANK YOU!

Edited by jerseydevil, 18 January 2013 - 08:26 PM.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:00 AM

Posted 19 January 2013 - 10:24 PM

Hi!

I just wanted to sign on real quick and let you know that I won't be able to respond to your latest reply until tomorrow afternoon sometime.


-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:00 AM

Posted 20 January 2013 - 04:00 PM

Hi!

Sorry for the delay, I've been a bit busy with work.

Let's try running this fix to see what it does in terms of the issues you're experiencing;

Download Windows Repair by Tweaking.com to your desktop.

  • Double-click tweaking.com_windows_repair_aio.zip and extract the Tweaking.com - Windows Repair folder to your desktop.
  • Now open this folder and double-click Repair_Windows.exe.
  • Click the Start Repairs tab on the far right.
  • Click the Start button (bottom right)

    Note: When asked if you would like to create a restore point. It is recommended just in-case something does not go as planned.
  • Click Unselect All
  • Put a checkmark in the following items:
    • Reset Registry Permissions
    • Reset File Permissions
    • Reset System Files
    • Repair WMI
    • Repair Windows Firewall
    • Repair Internet Explorer
    • Repair MDAC/MS Jet
    • Repair Host File
    • Remove Policies Set By Infections
    • Repair Missing Start Menu Icons Removed by Infections
    • Repair Icons
    • Repair Winsock && DNS Cache
    • Remove Temp Files
    • Repair Proxy Settings
    • Unhide Non System Files
    • Repair Windows Updates
    • Repair CD/DVD Missing/Not Working
    • Repair Volume Shadow Copy Service
    • Repair Windows Sidebar/Gadgets
    • Set Windows Services to Default Startup
    • Repair MSI (Windows Installer)

    Note: Leave everything else unchecked
  • Put a checkmark in Restart System When Finished
  • Now click the Start button (bottom right)

Let me know how the above goes.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#11 jerseydevil

jerseydevil
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:00 AM

Posted 25 January 2013 - 11:23 PM

I am able to use explorer now. I still can't seem to open media player, or system restore. My oppologys, as I have been away from that pc for a few days. Any other ideas?

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:04:00 AM

Posted 27 January 2013 - 02:58 PM

Hi!

No worries on the delay, I know how real life can be.

Please give this Microsoft FixIT here: http://support.microsoft.com/mats/windows_media_player_diagnostic/a try and see if that addresses the issue with Windows Media Player.

In regards to the System Restore issue, please try the suggestions in this site here: http://bertk.mvps.org/html/reinstall.html

Please let me know how the above goes.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users