Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

have the flu but my computer has a virus [Solved]


  • This topic is locked This topic is locked
21 replies to this topic

#1 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 04 January 2012 - 09:05 AM

You guys did such a great job the last time I was here,
I would appricate any help. I'm not felling well and my computer is just as bad. Not sure what happened just doing the usual browsing this mornig comodo kicked in I wasn't thinking and hit alow.Next security alerts and at the task bar window update has an x thru it and i can't turn it on again have tried running malwarebytes and found nothing. comodonothing. I can't find ccleaner.

Thanks again


this is what OTL says

OTL Extras logfile created on: 1/4/2012 12:06:02 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\PacKratZ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 74.48% Memory free
3.85 Gb Paging File | 3.38 Gb Available in Paging File | 87.76% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 447.51 Gb Free Space | 96.08% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: PACKRATZ-F57A48 | User Name: PacKratZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C91E12-74A4-45E1-9D3F-C3DD7D6FECAE}" = 5700_Help
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0E92A5AC-05AB-48c2-9227-9AD504EAF4EA}" = J5700
"{11655C91-EF58-4aab-BF09-E8F205324FBF}" = BPDSoftware
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3D30BAC1-C250-4F10-9C78-C379D05A445E}" = BPDSoftware_Ini
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{746B3247-FEFC-4C04-0087-E87636B0B1D3}" = NASCAR Thunder TM 2004
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 267.24
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.50
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B929776E-7527-4F98-AE4D-BEBCF0BEA669}" = BPD_HPSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C897FCB3-2F8B-4185-8035-79E2AF3A92A4}" = iTunes
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = BPDfax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F2CA5A0D-5F2F-4d99-89F0-2D1358218A7A}" = ProductContext
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Dell Dock" = Dell Dock
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hoyle Card Games 2011" = Hoyle Card Games 2011 (remove only)
"Hoyle Puzzle and Board Games 2011" = Hoyle Puzzle and Board Games 2011 (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Officejet All-In-One Series" = HP Officejet All-In-One Series
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PROSet" = Intel® PRO Network Connections Drivers
"Sierra Utilities" = Sierra Utilities
"WET7Cable" = Windows Easy Transfer for Windows 7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = att.net Toolbar
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2011 9:49:19 PM | Computer Name = PACKRATZ-F57A48 | Source = Application Error | ID = 1000
Description = Faulting application hoyle card games.exe, version 0.0.0.0, faulting
module unknown, version 0.0.0.0, fault address 0x0d0d0d0b.

Error - 10/4/2011 4:11:16 PM | Computer Name = PACKRATZ-F57A48 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/23/2011 11:33:51 PM | Computer Name = PACKRATZ-F57A48 | Source = Application Error | ID = 1000
Description = Faulting application hoyle card games.exe, version 0.0.0.0, faulting
module hoyle card games.exe, version 0.0.0.0, fault address 0x003ea98f.

Error - 10/27/2011 8:28:45 AM | Computer Name = PACKRATZ-F57A48 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module unknown, version 0.0.0.0, fault address 0x02020619.

Error - 11/8/2011 2:40:24 PM | Computer Name = PACKRATZ-F57A48 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/14/2011 9:23:58 AM | Computer Name = PACKRATZ-F57A48 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/30/2011 12:17:34 PM | Computer Name = PACKRATZ-F57A48 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jvm.dll, version 19.0.0.9, fault address 0x000ca9b2.

Error - 11/30/2011 12:17:39 PM | Computer Name = PACKRATZ-F57A48 | Source = Application Error | ID = 1001
Description = Fault bucket -2083662064.

Error - 12/9/2011 2:24:38 PM | Computer Name = PACKRATZ-F57A48 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module jvm.dll, version 19.0.0.9, fault address 0x000ca9b2.

Error - 12/9/2011 2:24:40 PM | Computer Name = PACKRATZ-F57A48 | Source = Application Error | ID = 1001
Description = Fault bucket -2083662064.

[ System Events ]
Error - 7/23/2011 11:27:17 AM | Computer Name = PACKRATZ-F57A48 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 11:27:17 AM | Computer Name = PACKRATZ-F57A48 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 11:27:18 AM | Computer Name = PACKRATZ-F57A48 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 11:27:18 AM | Computer Name = PACKRATZ-F57A48 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 11:27:18 AM | Computer Name = PACKRATZ-F57A48 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 7/23/2011 11:27:18 AM | Computer Name = PACKRATZ-F57A48 | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 8/4/2011 9:46:15 AM | Computer Name = PACKRATZ-F57A48 | Source = Print | ID = 6161
Description = The document http://www.crochetme.../november4.html
owned by PacKratZ failed to print on printer CutePDF Writer. Data type: NT EMF
1.008. Size of the spool file in bytes: 1572864. Number of bytes printed: 0. Total
number of pages in the document: 2. Number of pages printed: 0. Client machine:
\\PACKRATZ-F57A48. Win32 error code returned by the print processor: 6 (0x6).

Error - 8/4/2011 9:57:07 AM | Computer Name = PACKRATZ-F57A48 | Source = Print | ID = 6161
Description = The document http://www.crochetpa...ead/Auriga.html
owned by PacKratZ failed to print on printer CutePDF Writer. Data type: NT EMF
1.008. Size of the spool file in bytes: 682192. Number of bytes printed: 0. Total
number of pages in the document: 3. Number of pages printed: 0. Client machine:
\\PACKRATZ-F57A48. Win32 error code returned by the print processor: 6 (0x6).

Error - 8/4/2011 10:17:46 AM | Computer Name = PACKRATZ-F57A48 | Source = Print | ID = 6161
Description = The document http://www.forthelov...patterns/spring
owned by PacKratZ failed to print on printer CutePDF Writer. Data type: NT EMF
1.008. Size of the spool file in bytes: 2326420. Number of bytes printed: 0. Total
number of pages in the document: 4. Number of pages printed: 0. Client machine:
\\PACKRATZ-F57A48. Win32 error code returned by the print processor: 6 (0x6).

Error - 8/4/2011 1:02:32 PM | Computer Name = PACKRATZ-F57A48 | Source = Print | ID = 6161
Description = The document http://www.crochet-w...m...e&article_i
owned by PacKratZ failed to print on printer CutePDF Writer. Data type: NT EMF
1.008. Size of the spool file in bytes: 589824. Number of bytes printed: 0. Total
number of pages in the document: 2. Number of pages printed: 0. Client machine:
\\PACKRATZ-F57A48. Win32 error code returned by the print processor: 6 (0x6).


< End of report >

Edited by oops!!, 04 January 2012 - 12:27 PM.

Advertisement


#2 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 04 January 2012 - 05:27 PM

Hi oops, welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.


  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • In the window under Custom Scans/Fixes copy and paste the following


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %temp%\smtmp\*.* /s
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    consrv.dll
    /md5stop

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open a notepad window. OTL.Txt no Extras.Txt this time.


Next

If asked when running this next tool to download Avasts database please do so.
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Please posy back with
  • OTL.txt
  • aswMBR log
  • mbr.zip (attached)
Please describe any and all symptoms.

Thanks

#3 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 04 January 2012 - 06:07 PM

Hi oldman960 Thanks for taking the time to help me. I am not sure about this stuff but will do exactly as you say. Before I go to step 2 did you want me to send you each time I do parts of the steps? Just fininshed the OTL.txt

#4 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 04 January 2012 - 06:16 PM

Hi oops!!, Please post all the logs requested at the same time. Do all the steps as posted in each reply I make.

#5 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 04 January 2012 - 06:19 PM

No problem Thank you.

#6 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 04 January 2012 - 07:19 PM

OTL logfile created on: 1/4/2012 5:55:45 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\PacKratZ\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.48 Gb Available Physical Memory | 73.87% Memory free
3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.48% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 447.49 Gb Free Space | 96.08% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 465.66 Gb Free Space | 99.98% Space Free | Partition Type: NTFS

Computer Name: PACKRATZ-F57A48 | User Name: PacKratZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\PacKratZ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\Yahoo!\Companion\att\ToolbarSvr.exe (AT&T Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MenuSkinning\3865344305597da7ed3e9544b571f22a\MenuSkinning.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\902efb74af0a111bb7cbbb0ad445eb58\VistaBridgeLibrary.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\DellDock\380c6e03994729e26a87541a3bce0d16\DellDock.ni.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MyDock.Util\80b2203762ef423ecc60e2bd59d5c52e\MyDock.Util.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\WINDOWS\system32\cpwmon2k.dll ()
MOD - C:\Program Files\Yahoo!\Companion\att\zlib1.dll ()


========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)


========== Driver Services (SafeList) ==========

DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmderd) -- C:\WINDOWS\system32\drivers\cmderd.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\PacKratZ\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\PacKratZ\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}source
id=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2004/08/04 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (att.net Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - Startup: C:\Documents and Settings\PacKratZ\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1325599537421 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{204C42F0-3197-4CC4-A0C4-3F934D79406D}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\PacKratZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PacKratZ\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/08 18:59:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/04 12:02:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PacKratZ\Desktop\OTL.exe
[2012/01/04 07:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PacKratZ\Application Data\ElevatedDiagnostics
[2012/01/04 07:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/01/04 07:49:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2011/12/18 15:01:39 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\HIDSwvd.sys
[2011/12/18 15:01:39 | 000,002,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidswvd.sys
[2011/12/18 15:01:38 | 000,059,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\gckernel.sys
[2011/12/18 15:01:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\SWPIDFLT.DLL
[2011/12/18 15:01:30 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\swpidflt.dll
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/04 17:51:07 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2012/01/04 17:44:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2139871995-682003330-1004UA.job
[2012/01/04 12:02:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PacKratZ\Desktop\OTL.exe
[2012/01/04 12:01:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/04 01:44:01 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2139871995-682003330-1004Core.job
[2012/01/03 21:31:55 | 000,000,163 | ---- | M] () -- C:\WINDOWS\entpack.ini
[2012/01/03 07:01:17 | 000,012,892 | -HS- | M] () -- C:\Documents and Settings\PacKratZ\Local Settings\Application Data\608lm04jv46n56440475pngete0e645kib2yo23770a
[2012/01/03 07:01:17 | 000,012,892 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\608lm04jv46n56440475pngete0e645kib2yo23770a
[2012/01/02 03:01:46 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/12/29 18:33:09 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/15 03:22:04 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/03 06:56:40 | 000,012,892 | -HS- | C] () -- C:\Documents and Settings\PacKratZ\Local Settings\Application Data\608lm04jv46n56440475pngete0e645kib2yo23770a
[2012/01/03 06:56:40 | 000,012,892 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\608lm04jv46n56440475pngete0e645kib2yo23770a
[2011/07/23 09:24:13 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2011/06/29 20:43:40 | 000,000,163 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2011/06/28 20:43:48 | 000,000,804 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2011/06/26 16:13:33 | 000,000,571 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/06/26 14:36:37 | 000,128,903 | ---- | C] () -- C:\WINDOWS\hpwins10.dat
[2011/06/26 14:36:37 | 000,000,771 | ---- | C] () -- C:\WINDOWS\hpwmdl10.dat
[2011/06/26 12:05:05 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/06/09 18:01:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2011/06/09 15:10:01 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/09 15:09:04 | 000,252,316 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/09 15:09:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/06/08 19:23:51 | 001,474,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2011/06/08 19:01:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 18:56:10 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/08 13:27:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/08 13:25:49 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/23 01:57:00 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2006/12/11 00:29:33 | 000,008,558 | ---- | C] () -- C:\WINDOWS\hpwscr10.dat
[2006/07/30 23:59:36 | 000,000,338 | ---- | C] () -- C:\WINDOWS\scrub2k.ini
[2006/07/30 23:59:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\scrub2k.exe
[2005/03/22 12:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 12:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 04:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 04:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012/01/04 18:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATTYToolbar
[2011/06/09 17:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2011/06/12 08:27:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/12 08:15:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CBCE2F73-24E4-481F-84B2-1A5EB720D187}
[2012/01/04 07:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PacKratZ\Application Data\ElevatedDiagnostics
[2012/01/03 22:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PacKratZ\Application Data\Hoyle
[2011/08/20 16:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PacKratZ\Application Data\Hoyle FaceCreator
[2011/12/04 18:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PacKratZ\Application Data\Hoyle Puzzle and Board Games
[2011/09/09 16:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PacKratZ\Application Data\Image Zone Express

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/10/24 10:12:44 | 000,000,268 | ---- | M] () -- C:\ab_1.gif
[2011/06/08 18:59:10 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/10/24 10:12:40 | 000,001,406 | ---- | M] () -- C:\cayas2.ico
[2011/06/08 18:59:10 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/10/24 10:12:44 | 000,000,103 | ---- | M] () -- C:\del_1.gif
[2011/10/24 10:12:44 | 000,000,304 | ---- | M] () -- C:\dir.bmp
[2011/10/24 10:12:44 | 000,000,380 | ---- | M] () -- C:\edu.bmp
[2011/10/24 10:12:44 | 000,000,138 | ---- | M] () -- C:\flk2.gif
[2011/10/24 10:12:44 | 000,000,279 | ---- | M] () -- C:\hj_1.gif
[2011/06/08 18:59:10 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/06/26 17:08:41 | 000,003,580 | ---- | M] () -- C:\mombi.log
[2011/10/24 10:12:45 | 000,000,277 | ---- | M] () -- C:\mov_1.gif
[2011/06/08 18:59:10 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/01/04 12:01:12 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/10/24 10:25:55 | 000,000,256 | ---- | M] () -- C:\qsy.bmp
[2011/10/24 10:25:49 | 000,000,288 | ---- | M] () -- C:\qsyma.bmp
[2011/10/24 10:12:44 | 000,000,235 | ---- | M] () -- C:\srch_1.gif
[2011/10/24 10:12:44 | 000,000,265 | ---- | M] () -- C:\srch_ans_1.gif
[2011/10/24 10:12:44 | 000,000,113 | ---- | M] () -- C:\srch_aud_1.gif
[2011/10/24 10:12:44 | 000,000,112 | ---- | M] () -- C:\srch_img_1.gif
[2011/10/24 10:12:44 | 000,000,131 | ---- | M] () -- C:\srch_loc_1.gif
[2011/10/24 10:12:44 | 000,000,284 | ---- | M] () -- C:\srch_map_1.gif
[2011/10/24 10:12:44 | 000,000,121 | ---- | M] () -- C:\srch_nws_1.gif
[2011/10/24 10:12:44 | 000,000,123 | ---- | M] () -- C:\srch_sh_1.gif
[2011/10/24 10:12:45 | 000,000,240 | ---- | M] () -- C:\srch_site_1.gif
[2011/10/24 10:12:45 | 000,000,273 | ---- | M] () -- C:\srch_stk_1.gif
[2011/10/24 10:12:44 | 000,000,112 | ---- | M] () -- C:\srch_vid_1.gif
[2011/10/24 10:12:45 | 000,000,274 | ---- | M] () -- C:\trav_1.gif

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2011/06/08 18:58:48 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/07/03 10:54:12 | 000,091,648 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp4sa.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 04:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2011/06/08 13:24:46 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011/06/08 13:24:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011/06/08 13:24:46 | 000,901,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lk /x >
[2011/06/08 21:18:05 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2011/06/08 21:18:05 | 000,001,563 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
[2011/06/28 20:45:34 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Sierra Utilities.lnk
[2011/06/09 17:42:28 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2012/01/04 12:02:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PacKratZ\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-02 09:01:46

< %USERPROFILE%\..|smtmp;true;true;true /FP >

< %temp%\smtmp\*.* /s >


< MD5 for: EXPLORER.EXE >
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 04:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: EXPLORER.SCF >
[2004/08/04 04:00:00 | 000,000,080 | ---- | M] () MD5=A3975A7D2C98B30A2AE010754FFB9392 -- C:\WINDOWS\explorer.scf

< MD5 for: IEXPLORE.CHM >
[2009/02/21 00:21:24 | 000,529,818 | ---- | M] () MD5=1435F4731719DF5F57D17DC38196245D -- C:\WINDOWS\Help\iexplore.chm
[2004/08/04 04:00:00 | 000,204,810 | ---- | M] () MD5=60858526AAD1CC55F5F0055B8E3B66FE -- C:\WINDOWS\ie8\iexplore.chm

< MD5 for: IEXPLORE.EXE >
[2008/04/13 18:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ie8\iexplore.exe
[2008/04/13 18:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=55794B97A7FAABD2910873C85274F409 -- C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe
[2009/03/08 13:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\WINDOWS\system32\dllcache\iexplore.exe
[2004/08/04 04:00:00 | 000,093,184 | ---- | M] (Microsoft Corporation) MD5=E7484514C0464642BE7B4DC2689354C8 -- C:\WINDOWS\$NtServicePackUninstall$\iexplore.exe

< MD5 for: IEXPLORE.EXE.HDMP >
[2011/11/14 07:23:19 | 006,809,599 | ---- | M] () MD5=06149A652BADF716C1D9A370512BF113 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERd4fe.dir00\iexplore.exe.hdmp
[2011/10/27 13:38:56 | 021,097,139 | ---- | M] () MD5=0BD89A539997351F6C58DF46AA6B0FCB -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERc8f3.dir00\iexplore.exe.hdmp
[2011/11/14 07:22:34 | 006,809,599 | ---- | M] () MD5=0F3EE60F0B2E99ACB5353FA3F21DC47A -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER6183.dir00\iexplore.exe.hdmp
[2011/10/04 14:10:17 | 005,508,296 | ---- | M] () MD5=29B0E2D9ADA5F40D05D31503160A552F -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER8620.dir00\iexplore.exe.hdmp
[2011/10/06 15:55:07 | 010,730,363 | ---- | M] () MD5=330B11F737C421349AAB39DC6214F020 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER2e5b.dir00\iexplore.exe.hdmp
[2011/10/06 15:54:01 | 010,730,363 | ---- | M] () MD5=3BE3E54DE89DD65BA115D84800E8F8E3 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERb170.dir00\iexplore.exe.hdmp
[2011/08/10 06:28:29 | 007,025,826 | ---- | M] () MD5=3C79DB5A11A86EE13F347BDFE9DB12B8 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER499f.dir00\iexplore.exe.hdmp
[2011/09/02 17:05:01 | 007,168,651 | ---- | M] () MD5=42E489988A8B105E4ACF9D23274FB2EB -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER128e.dir00\iexplore.exe.hdmp
[2011/10/04 14:11:15 | 005,589,196 | ---- | M] () MD5=47232F8A2D1B9A5246FD89C63009B812 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERd1df.dir00\iexplore.exe.hdmp
[2011/09/02 17:05:01 | 004,536,712 | ---- | M] () MD5=5989D56FC1A3ECAFBCC9951DB78EB1A5 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER31a9.dir00\iexplore.exe.hdmp
[2011/09/02 17:07:08 | 007,304,403 | ---- | M] () MD5=5FB0BF89AE757A0B74571BD1EBF3C649 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER9a38.dir00\iexplore.exe.hdmp
[2011/08/10 06:27:40 | 007,025,826 | ---- | M] () MD5=631F99EE74DDA096EEE7FAAB0D163506 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERfbd0.dir00\iexplore.exe.hdmp
[2011/08/10 06:28:14 | 007,025,826 | ---- | M] () MD5=63756BD086CF220CAA57938F942AF906 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER10e5.dir00\iexplore.exe.hdmp
[2011/08/10 06:28:54 | 007,025,826 | ---- | M] () MD5=63D69784CA331BE957AA2F6011DDBBB5 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERae33.dir00\iexplore.exe.hdmp
[2011/09/02 17:07:34 | 007,304,403 | ---- | M] () MD5=6859022AE5352513BB8ACD09B97A8C3F -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER3eb8.dir00\iexplore.exe.hdmp
[2011/09/02 17:06:17 | 007,304,403 | ---- | M] () MD5=725DE780AACE2036BB34F850C2EA1EA3 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERf48d.dir00\iexplore.exe.hdmp
[2011/10/06 15:54:21 | 010,730,363 | ---- | M] () MD5=749D05DA4D4D871FAA423651B558B5DB -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER0f7e.dir00\iexplore.exe.hdmp
[2011/09/02 17:04:55 | 004,536,712 | ---- | M] () MD5=910AA28492ABE83D1F32ACB782D9C750 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERcf62.dir00\iexplore.exe.hdmp
[2011/10/06 15:54:28 | 010,730,363 | ---- | M] () MD5=9495011A16F8B896E511E754D1849938 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER15eb.dir00\iexplore.exe.hdmp
[2011/10/06 15:56:01 | 010,730,363 | ---- | M] () MD5=950BACE63206F1BB13E0E375DECD50ED -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERb0bb.dir00\iexplore.exe.hdmp
[2011/10/04 14:10:44 | 005,508,296 | ---- | M] () MD5=98A9AD476CDFD995F41B3C4CA3ECF5AB -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER91a1.dir00\iexplore.exe.hdmp
[2011/11/14 07:23:58 | 006,853,327 | ---- | M] () MD5=9ABF5BA9678ABDD12A432D56A0A6759C -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER78a7.dir00\iexplore.exe.hdmp
[2011/10/06 15:55:48 | 010,730,363 | ---- | M] () MD5=A1D48718E252B4E1D184311F95679579 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER98e0.dir00\iexplore.exe.hdmp
[2011/10/27 06:28:45 | 091,060,315 | ---- | M] () MD5=A5F32555BEB4C20592BD779AACEF1B3E -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER1c11.dir00\iexplore.exe.hdmp
[2011/10/06 15:54:46 | 010,730,363 | ---- | M] () MD5=ADF955595870FF17BD6D4DC43F63431F -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER3ed7.dir00\iexplore.exe.hdmp
[2011/11/08 12:39:39 | 008,298,182 | ---- | M] () MD5=B9641845CD3AB026D912969AD5EB88E7 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER812f.dir00\iexplore.exe.hdmp
[2011/08/10 06:29:06 | 007,025,826 | ---- | M] () MD5=C35E5AACDCFFA52E22F86B341EE14A99 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER9090.dir00\iexplore.exe.hdmp
[2011/10/04 14:10:08 | 005,508,296 | ---- | M] () MD5=C7CC7385AF5B390E4D2426763AA10D01 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER6590.dir00\iexplore.exe.hdmp
[2011/08/10 06:27:45 | 007,025,826 | ---- | M] () MD5=C88E30AB30D1233A585F17A71B0C3826 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER0c07.dir00\iexplore.exe.hdmp
[2011/09/02 17:05:07 | 004,536,712 | ---- | M] () MD5=E0CA2B67EFF55198ECE5EF5DFC8D8844 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WEReffb.dir00\iexplore.exe.hdmp
[2011/09/02 17:08:37 | 007,304,403 | ---- | M] () MD5=E48F0B31E6EE5BF2391E30F84BFFE0C4 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER7602.dir00\iexplore.exe.hdmp
[2011/09/02 17:05:59 | 004,536,712 | ---- | M] () MD5=F2256495C8D7A06B6C11D0E8A6A9E39E -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERfac6.dir00\iexplore.exe.hdmp
[2011/10/06 15:56:02 | 010,730,363 | ---- | M] () MD5=F4A27CD176131866E3F74C8B11ABAA15 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERaece.dir00\iexplore.exe.hdmp
[2011/10/06 15:55:20 | 010,730,363 | ---- | M] () MD5=FD099D30946E8AF211D7E02AE1462E6F -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER47ea.dir00\iexplore.exe.hdmp
[2011/11/08 12:40:24 | 010,393,486 | ---- | M] () MD5=FD5A59F7929ECCBD03062502C5FCB669 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER00b7.dir00\iexplore.exe.hdmp

< MD5 for: IEXPLORE.EXE.MDMP >
[2011/09/02 17:04:35 | 000,069,041 | ---- | M] () MD5=0926F03052B2FCF50F802693E609CA64 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER128e.dir00\iexplore.exe.mdmp
[2011/10/06 15:55:16 | 000,074,605 | ---- | M] () MD5=0C003C52A562FBF6016CE92C73B63150 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERb0bb.dir00\iexplore.exe.mdmp
[2011/09/02 17:04:32 | 000,069,070 | ---- | M] () MD5=0E8F92A171BEE61AB099D03157B2809A -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERcf62.dir00\iexplore.exe.mdmp
[2011/09/02 17:04:45 | 000,069,070 | ---- | M] () MD5=14A6542644B3067CC96F7E3AAAC9A347 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER31a9.dir00\iexplore.exe.mdmp
[2011/09/02 17:04:41 | 000,069,070 | ---- | M] () MD5=17A7735F4AD459DE0497D8C13855B4F9 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WEReffb.dir00\iexplore.exe.mdmp
[2011/11/08 12:39:38 | 000,082,696 | ---- | M] () MD5=29F5FA6111DFD69AA54D0C7822455BC1 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER812f.dir00\iexplore.exe.mdmp
[2011/08/10 06:27:39 | 000,076,544 | ---- | M] () MD5=33A0A90F5FD50B03EDC9BEEFB22AF70A -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERfbd0.dir00\iexplore.exe.mdmp
[2011/10/06 15:54:20 | 000,074,605 | ---- | M] () MD5=35DDC9EF9D00E221E0344C507AF2BE40 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER0f7e.dir00\iexplore.exe.mdmp
[2011/10/06 15:54:48 | 000,074,605 | ---- | M] () MD5=3EBBD55108690A014E55D575B92680A9 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER47ea.dir00\iexplore.exe.mdmp
[2011/10/04 14:10:29 | 000,069,534 | ---- | M] () MD5=418056A5E92F1D3230522D4C3A57DDC0 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER91a1.dir00\iexplore.exe.mdmp
[2011/08/10 06:28:26 | 000,076,544 | ---- | M] () MD5=4837B9D299A9F0FAF37751F21D824D21 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER9090.dir00\iexplore.exe.mdmp
[2011/09/02 17:03:22 | 000,069,041 | ---- | M] () MD5=49B8FF94DBF320944DDF3B424F5EA7EE -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERf48d.dir00\iexplore.exe.mdmp
[2011/10/06 15:54:24 | 000,074,605 | ---- | M] () MD5=5593641642D373005A40CB6BF9E45C30 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER15eb.dir00\iexplore.exe.mdmp
[2011/09/02 17:05:40 | 000,069,070 | ---- | M] () MD5=5604967224CF2871620CFD4B61F57B60 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERfac6.dir00\iexplore.exe.mdmp
[2011/08/10 06:28:33 | 000,076,544 | ---- | M] () MD5=5945CD0860C7D600BBAE4558E5E573B9 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERae33.dir00\iexplore.exe.mdmp
[2011/08/10 06:28:06 | 000,076,544 | ---- | M] () MD5=6AFF073A4649CD20AA19FF1FC829361F -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER499f.dir00\iexplore.exe.mdmp
[2011/11/08 12:39:11 | 000,082,696 | ---- | M] () MD5=6E01F320667B370A7E367A1C07112688 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER00b7.dir00\iexplore.exe.mdmp
[2011/10/06 15:54:00 | 000,074,605 | ---- | M] () MD5=73CFD21DC0ACF8DEA1A46D39DA34DBEE -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERb170.dir00\iexplore.exe.mdmp
[2011/10/06 15:54:40 | 000,074,605 | ---- | M] () MD5=8457B960C1FAA901E54EC139A87B0774 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER2e5b.dir00\iexplore.exe.mdmp
[2011/08/10 06:27:53 | 000,076,544 | ---- | M] () MD5=8CBEFA5CC4CB8CAC249136214402CDD6 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER10e5.dir00\iexplore.exe.mdmp
[2011/09/02 17:04:03 | 000,069,041 | ---- | M] () MD5=9226E6ADFA4B98DA87533765E76CD50E -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER9a38.dir00\iexplore.exe.mdmp
[2011/09/02 17:03:55 | 000,069,041 | ---- | M] () MD5=9C898ACB84D375FBDAF3F8A58FF9261E -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER7602.dir00\iexplore.exe.mdmp
[2011/10/04 14:10:07 | 000,069,534 | ---- | M] () MD5=9D7585A9F2546BFD6EEFCF79172E2DC1 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER6590.dir00\iexplore.exe.mdmp
[2011/10/04 14:09:30 | 000,069,534 | ---- | M] () MD5=A206C53A22C44B1D6EF0398007745CDA -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERd1df.dir00\iexplore.exe.mdmp
[2011/11/14 07:23:00 | 000,075,333 | ---- | M] () MD5=A4E95FEAC22D12710A2D35E972A6EDDC -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERd4fe.dir00\iexplore.exe.mdmp
[2011/10/04 14:10:14 | 000,069,534 | ---- | M] () MD5=A4EE966C50C1042EBE31D5EC6112D1BC -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER8620.dir00\iexplore.exe.mdmp
[2011/10/06 15:55:14 | 000,074,605 | ---- | M] () MD5=AE8445C695849C666E462CF3FD980678 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERaece.dir00\iexplore.exe.mdmp
[2011/09/02 17:03:39 | 000,069,041 | ---- | M] () MD5=C41CCE346C9FE42E4512F99F0761D8D3 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER3eb8.dir00\iexplore.exe.mdmp
[2011/10/27 06:27:40 | 000,096,182 | ---- | M] () MD5=C5787CA3E1147F526E4D0548B87CFD74 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER1c11.dir00\iexplore.exe.mdmp
[2011/11/14 07:22:34 | 000,075,333 | ---- | M] () MD5=C957ED5177E4812A9FE31A9AA265E70D -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER78a7.dir00\iexplore.exe.mdmp
[2011/10/06 15:54:37 | 000,074,605 | ---- | M] () MD5=D17ED140BC4C1AC0829D999DCDCBC16E -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER3ed7.dir00\iexplore.exe.mdmp
[2011/10/27 13:37:50 | 000,084,374 | ---- | M] () MD5=D190A7CFC04F88B8ECC47937B26346C8 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WERc8f3.dir00\iexplore.exe.mdmp
[2011/11/14 07:22:33 | 000,075,333 | ---- | M] () MD5=EA0C56204DAABC0318C40DB1E1B5BF86 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER6183.dir00\iexplore.exe.mdmp
[2011/08/10 06:27:44 | 000,076,544 | ---- | M] () MD5=ECA1E021D757A0AC3C2B4954F0F88D77 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER0c07.dir00\iexplore.exe.mdmp
[2011/10/06 15:55:06 | 000,074,605 | ---- | M] () MD5=ECAED28A60451D8F0D986908733C7675 -- C:\Documents and Settings\PacKratZ\Local Settings\Temp\WER98e0.dir00\iexplore.exe.mdmp

< MD5 for: IEXPLORE.EXE.MUI >
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2009/03/08 13:21:44 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=943030B55FDB56FB8B8FCC086071E119 -- C:\Program Files\Internet Explorer\iexplore.exe.mui

< MD5 for: IEXPLORE.EXE-2D97EBE6.PF >
[2012/01/04 13:58:48 | 000,112,392 | ---- | M] () MD5=20D3A62AFD3C0515B765971A50730D2D -- C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf

< MD5 for: IEXPLORE.HLP >
[2004/08/04 04:00:00 | 000,180,335 | ---- | M] () MD5=3F19AF1B745140DAFAC6F78F561A3C62 -- C:\WINDOWS\Help\iexplore.hlp

< MD5 for: WINLOGON.EXE >
[2004/08/04 04:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 18:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< >

Attached Files



#7 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 04 January 2012 - 07:33 PM

Hi oops!!,

There should also be a file on your desktop named aswMBR.txt. Please post it also.

Thanks

#8 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 04 January 2012 - 08:32 PM

I don't see it.

#9 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 04 January 2012 - 08:35 PM

aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software Run date: 2012-01-04 18:13:52 ----------------------------- 18:13:52.093 OS Version: Windows 5.1.2600 Service Pack 3 18:13:52.093 Number of processors: 2 586 0x407 18:13:52.093 ComputerName: PACKRATZ-F57A48 UserName: PacKratZ 18:13:53.062 Initialize success 18:19:40.046 AVAST engine defs: 12010401 18:20:32.015 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 18:20:32.015 Disk 0 Vendor: WDC_WD50 12.0 Size: 476940MB BusType: 3 18:20:32.015 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-1 18:20:32.015 Disk 1 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3 18:20:32.046 Disk 1 MBR read successfully 18:20:32.046 Disk 1 MBR scan 18:20:32.109 Disk 1 Windows XP default MBR code 18:20:32.125 Disk 1 Partition 1 00 07 HPFS/NTFS NTFS 476929 MB offset 63 18:20:32.140 Disk 1 scanning sectors +976752000 18:20:32.250 Disk 1 scanning C:\WINDOWS\system32\drivers 18:20:41.484 Service scanning 18:20:42.546 Modules scanning 18:20:46.687 Disk 1 trace - called modules: 18:20:46.718 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 18:20:46.734 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a60aab8] 18:20:46.734 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a5cc030] 18:20:47.671 AVAST engine scan C:\WINDOWS 18:20:59.531 AVAST engine scan C:\WINDOWS\system32 18:22:35.421 AVAST engine scan C:\WINDOWS\system32\drivers 18:22:57.546 AVAST engine scan C:\Documents and Settings\PacKratZ 18:54:55.796 AVAST engine scan C:\Documents and Settings\All Users 18:55:55.765 Scan finished successfully 18:56:08.187 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\PacKratZ\Desktop\MBR.dat" 18:56:08.187 The log file has been saved successfully to "C:\Documents and Settings\PacKratZ\Desktop\aswMBR.txt" Is it this?

#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 04 January 2012 - 09:56 PM

Hi oops!!,

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Advertisement


#11 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 05 January 2012 - 07:40 AM

ComboFix 12-01-05.01 - PacKratZ 01/05/2012 7:24.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1380 [GMT -6:00]
Running from: c:\documents and settings\PacKratZ\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\f02ah0jp@i126be10b^d4j_o\us_sres.data
c:\documents and settings\PacKratZ\WINDOWS
c:\windows\system32\drivers\1028_DELL_XPS_Dell DXP051 .MRK
c:\windows\system32\drivers\DELL_XPS_Dell DXP051 .MRK
.
.
((((((((((((((((((((((((( Files Created from 2011-12-05 to 2012-01-05 )))))))))))))))))))))))))))))))
.
.
2012-01-04 13:52 . 2012-01-04 13:52 -------- d-----w- c:\documents and settings\PacKratZ\Application Data\ElevatedDiagnostics
2011-12-18 21:01 . 2001-08-17 20:02 2688 -c--a-w- c:\windows\system32\dllcache\hidswvd.sys
2011-12-18 21:01 . 2001-08-17 20:02 2688 ----a-w- c:\windows\system32\drivers\HIDSwvd.sys
2011-12-18 21:01 . 2008-04-13 19:45 59136 -c--a-w- c:\windows\system32\dllcache\gckernel.sys
2011-12-18 21:01 . 2008-04-13 19:45 59136 ----a-w- c:\windows\system32\drivers\GcKernel.sys
2011-12-18 21:01 . 2001-08-18 04:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2011-12-18 21:01 . 2001-08-18 04:36 10240 ----a-w- c:\windows\system32\SWPIDFLT.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-10 21:24 . 2011-06-09 23:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-02 13:03 . 2011-12-02 13:03 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-11-29 20:25 . 2011-11-29 20:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-29 20:25 . 2011-11-29 20:26 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-23 13:25 . 2004-08-04 10:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-04 10:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-04 10:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-04 10:00 385024 ------w- c:\windows\system32\html.iec
2011-11-03 02:37 . 2011-06-10 00:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-01 16:07 . 2004-08-04 10:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-04 10:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-18 11:13 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-06-09 00:56 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn\YTNavAssist.dll" [2011-07-18 214840]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 339968]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-07-14 2554696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-23 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-23 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
c:\documents and settings\PacKratZ\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-10-12 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [5/2/2011 7:36 PM 17416]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 7:36 PM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 7:36 PM 29400]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [1/11/2010 12:20 PM 155648]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2139871995-682003330-1004Core.job
- c:\documents and settings\PacKratZ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 01:24]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-2139871995-682003330-1004UA.job
- c:\documents and settings\PacKratZ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-14 01:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://dsl.sbc.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-05 07:37
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1390067357-2139871995-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(736)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\guard32.dll
.
Completion time: 2012-01-05 07:39:20
ComboFix-quarantined-files.txt 2012-01-05 13:39
.
Pre-Run: 480,339,906,560 bytes free
Post-Run: 482,139,463,680 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2AF6056EC7B1EAE63BFCAE8E434D8FFC

#12 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 05 January 2012 - 10:43 AM

Hi oop!!,

How's the computer?


Your java is out of date. Click your start button, open Control panel.
  • Locate the Java icon (it looks like a coffee cup)
  • double click it to open it
  • click the Update tab
  • Click update now


Next

Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Services

:Files
ipconfig /flushdns /c
C:\Documents and Settings\PacKratZ\Local Settings\Application Data\608lm04jv46n56440475pngete0e645kib2yo23770a
C:\Documents and Settings\All Users\Application Data\608lm04jv46n56440475pngete0e645kib2yo23770a

:Commands
[createrestorepoint]
[emptytemp]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
  • Reboot your computer
Please post the OTL fix log


Next

You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with
  • OTL fix log
  • MBAM log
Thanks

#13 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 05 January 2012 - 11:24 AM

< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\PacKratZ\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\PacKratZ\Desktop\cmd.txt deleted successfully.
C:\Documents and Settings\PacKratZ\Local Settings\Application Data\608lm04jv46n56440475pngete0e645kib2yo23770a moved successfully.
C:\Documents and Settings\All Users\Application Data\608lm04jv46n56440475pngete0e645kib2yo23770a moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: PacKratZ
->Temp folder emptied: 18163521 bytes
->Temporary Internet Files folder emptied: 13620780 bytes
->Java cache emptied: 1175707 bytes
->Google Chrome cache emptied: 6253029 bytes
->Flash cache emptied: 22016 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 40.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01052012_111127

Files\Folders moved on Reboot...
C:\Documents and Settings\PacKratZ\Local Settings\Temp\~DFCE6D.tmp moved successfully.
C:\Documents and Settings\PacKratZ\Local Settings\Temporary Internet Files\Content.IE5\V39CMX9G\iframe[1].htm moved successfully.
C:\Documents and Settings\PacKratZ\Local Settings\Temporary Internet Files\Content.IE5\6EHJUPGJ\index[1].php moved successfully.
C:\Documents and Settings\PacKratZ\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.05.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
PacKratZ :: PACKRATZ-F57A48 [administrator]

1/5/2012 11:19:07 AM
mbam-log-2012-01-05 (11-19-07).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 164054
Time elapsed: 3 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#14 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,668 posts
  • MVP

Posted 05 January 2012 - 05:12 PM

Hi oops!!, How's the computer?

#15 oops!!

oops!!

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 05 January 2012 - 05:15 PM

Seems back to normal. Thanks

Advertisement




Similar Topics: have the flu but my computer has a virus [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users