Page 2 of 6 FirstFirst 123456 LastLast
Results 11 to 20 of 55

Thread: can't get rid of win32.fraudload.edt

  1. #11
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    ok I can't remember what the ad was that popped up but had another one earlier also for like an airline ad or something that just opened up in another window. Sorry about not knowing should have written it down I guess. here is the logs you requested:

    OTL logfile created on: 9/23/2010 5:07:46 PM - Run 1
    OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Me\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
    4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
    Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 10.78 Gb Free Space | 28.93% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 25.21 Gb Total Space | 16.37 Gb Free Space | 64.93% Space Free | Partition Type: FAT32
    Drive F: | 2.72 Gb Total Space | 0.91 Gb Free Space | 33.31% Space Free | Partition Type: FAT32
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: HP1
    Current User Name: Me
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Me\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
    PRC - C:\Program Files\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
    PRC - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
    PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
    PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard)
    PRC - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
    PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Me\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


    ========== Win32 Services (SafeList) ==========

    SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


    ========== Driver Services (SafeList) ==========

    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
    DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
    DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
    DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
    DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
    DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2010/09/22 20:58:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
    O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
    O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
    O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
    O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
    O4 - Startup: C:\Documents and Settings\Me\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gameda...ler.cab?v=1044 (SonyOnlineInstallerX)
    O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...1F/wmvadvd.cab (Reg Error: Key error.)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.59/ttinst.cab (Toontown Installer ActiveX Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
    O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/07/20 14:50:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2006/06/18 15:18:14 | 000,000,262 | ---- | M] () - E:\AUTOEXEC.BAK -- [ FAT32 ]
    O32 - AutoRun File - [2000/06/20 16:58:32 | 000,000,027 | -H-- | M] () - E:\AUTOEXEC.DOS -- [ FAT32 ]
    O32 - AutoRun File - [2006/06/18 15:18:14 | 000,000,194 | ---- | M] () - E:\autoexec.bat -- [ FAT32 ]
    O32 - AutoRun File - [2006/06/18 13:16:32 | 000,000,194 | ---- | M] () - E:\AUTOEXEC.001 -- [ FAT32 ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/09/23 17:06:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
    [2010/09/23 13:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\gmer
    [2010/09/23 08:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/09/23 07:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Malwarebytes
    [2010/09/23 07:43:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/09/23 07:43:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/09/23 07:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/09/23 07:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/09/23 07:40:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/09/23 07:37:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Me\Desktop\mbam-setup.exe
    [2010/09/23 07:33:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\TFC.exe
    [2010/09/22 20:35:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/09/22 20:32:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/09/22 20:32:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/09/22 20:32:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/09/22 20:32:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/09/22 20:31:01 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/09/21 09:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
    [2010/09/21 01:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/09/21 01:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2010/09/21 01:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS(2)
    [2010/09/20 03:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe(3)
    [2010/09/20 00:47:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/09/20 00:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
    [2010/09/20 00:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(5)
    [2010/09/19 01:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(4)
    [2010/09/18 19:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/09/18 19:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/09/18 08:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(3)
    [2010/09/17 16:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
    [2010/09/17 16:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(2)
    [2010/09/17 15:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe(2)
    [2010/09/17 15:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
    [2010/09/17 15:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/09/16 08:20:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/09/15 11:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual

    ========== Files - Modified Within 30 Days ==========

    [2010/09/23 17:08:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/09/23 17:06:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
    [2010/09/23 16:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/09/23 15:48:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/09/23 15:48:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/09/23 15:48:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/09/23 15:48:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/09/23 15:45:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Me\ntuser.ini
    [2010/09/23 15:45:41 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Me\ntuser.dat
    [2010/09/23 15:45:04 | 004,836,196 | -H-- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\IconCache.db
    [2010/09/23 13:20:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\gmer.zip
    [2010/09/23 10:01:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/09/23 07:43:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/23 07:37:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Me\Desktop\mbam-setup.exe
    [2010/09/23 07:33:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\TFC.exe
    [2010/09/22 21:00:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/09/22 20:58:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/09/22 20:36:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
    [2010/09/22 20:31:52 | 003,850,032 | R--- | M] () -- C:\Documents and Settings\Me\Desktop\ComboFix.exe
    [2010/09/20 17:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/09/20 01:02:01 | 000,004,167 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Attach.zip
    [2010/09/20 00:09:06 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/19 22:44:57 | 000,103,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/27 14:49:37 | 000,001,323 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Shortcut to DSCN1185[1].JPG.lnk
    [2010/08/25 14:04:03 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\CM_Pee_Wee_Football_Schedule_2010.doc

    ========== Files Created - No Company Name ==========

    [2010/09/23 13:20:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\gmer.zip
    [2010/09/23 07:43:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/09/22 20:36:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/09/22 20:36:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/09/22 20:32:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/09/22 20:32:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/09/22 20:32:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/09/22 20:32:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/09/22 20:32:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/09/22 20:25:22 | 003,850,032 | R--- | C] () -- C:\Documents and Settings\Me\Desktop\ComboFix.exe
    [2010/09/20 01:02:01 | 000,004,167 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Attach.zip
    [2010/09/19 23:52:56 | 000,007,168 | -HS- | C] () -- C:\Documents and Settings\Me\Thumbs.db
    [2010/09/09 21:10:37 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Me\ntuser.dat
    [2010/08/27 14:49:37 | 000,001,323 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Shortcut to DSCN1185[1].JPG.lnk
    [2010/08/25 14:04:03 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\CM_Pee_Wee_Football_Schedule_2010.doc
    [2010/05/02 09:57:06 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2009/08/01 18:03:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2009/07/14 20:39:10 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
    [2009/01/25 14:03:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
    [2008/05/22 13:49:45 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
    [2008/02/19 07:50:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2008/01/06 13:40:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
    [2008/01/06 13:14:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
    [2007/12/10 07:27:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/11/20 18:56:31 | 000,010,605 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
    [2007/09/29 11:18:11 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\fusioncache.dat
    [2007/07/21 17:01:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
    [2006/10/22 12:22:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2006/10/22 12:22:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
    [2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
    [2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS

    ========== LOP Check ==========

    [2010/07/03 11:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
    [2010/07/03 10:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
    [2008/09/28 00:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
    [2008/09/28 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
    [2010/05/01 20:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
    [2010/04/19 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2007/11/24 10:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
    [2010/03/26 07:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\LPECommon
    [2008/01/06 13:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Panasonic
    [2010/07/03 10:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\SecretIslandUSA
    [2010/07/10 15:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Sony Online Entertainment

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2009/10/02 13:46:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2009/10/02 13:46:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS

    < MD5 for: ATAPI.SYS >
    [2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2009/10/02 13:46:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2009/10/02 13:46:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
    [2004/08/03 18:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
    [2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2007/07/20 09:29:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2007/07/20 09:29:55 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2007/07/20 09:29:55 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D17C178
    < End of report >

  2. #12
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    for some reason it isn't letting me post the extras log; keeps saying there is a problem and get the diagnosis screen?

  3. #13
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Not a problem on the extras. Looks like your host file was reset a few times.

    Download the HostsXpert 4.3 - Hosts File Manager.
    • Unzip HostsXpert 4.2.0.0 - Hosts File Manager to a convenient folder such as C:\HostsXpert
    • Click HostsXpert.exe to Run HostsXpert - Hosts File Manager from its new home
    • Click "Make Hosts Writable?" in the upper left corner.
    • Click Restore Microsoft's Hosts file and then click OK.
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.



    Let me know if the pop up windows has stopped ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  4. #14
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    ok I reset the host files then exited out. I brought up explorer and ran a few searches and didn't get no redirects but did get another explorer window open up with a birthday card site, (one of the searches I did do was for cards) so not sure what could be wrong with that.

  5. #15
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Lets see what this finds

    Download OTS.exe by OldTimer to your Desktop.
    1. Close any open browsers.
    2. Double-click on OTS.exe to start the program.
    3. Leave all settings as they appear as default, except for the following:
      • Under Drivers, select "All".
      • Under Additional Scans, click on the "Extra" button.
    4. Now click the Run Scan button on the toolbar.
    5. The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
    6. When the scan is complete Notepad will open with the report file loaded in it.
    7. Save that notepad file
    Use the Reply button and attach the notepad file here (Do not copy and paste in a reply, rather attach it to it).
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  6. #16
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    ok I ran the ots program. It didn't take very long at all thought so I don't know if that is a bad thing. I am attaching the log file to this. Again I appreciate all the help you are giving me. I had to zip the file to attach it so I hope that is ok.

  7. #17
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Good Morning,

    OTS does not take long, not to worry.

    Start OTS.

    Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
    [Unregister Dlls]
    [Alternate Data Streams]
    NY -> @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D17C178
    [Purity]
    [Empty Temp Folders]
    [Start Explorer]


    The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTS log.





    Copy and paste these lines in Note pad.

    @Echo on
    pushd\windows\system32\drivers\etc
    attrib -h -s -r hosts
    echo 127.0.0.1 localhost>HOSTS
    attrib +r +h +s hosts
    popd
    ipconfig /release
    ipconfig /renew
    ipconfig /flushdns
    netsh winsock reset all
    netsh int ip reset all
    shutdown -r -t 1
    del %0


    Save as flush.bat to your desktop. Double click to run.
    *** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.



    Let me know if your still getting that extra window
    Last edited by ken545; 2010-09-24 at 13:00.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  8. #18
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    Good morning. I ran OTS again and after it ran it had to reboot my computer, when it came back on I had the notepad log but it did not create a new OTS log though. Here is the other though:

    All Processes Killed
    [Alternate Data Streams]
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D17C178 deleted successfully.
    [Purity]
    Purity scan complete.
    [Empty Temp Folders]


    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8485936 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 5954 bytes

    User: Me
    ->Temp folder emptied: 139167 bytes
    ->Temporary Internet Files folder emptied: 5156826 bytes
    ->Java cache emptied: 9287 bytes
    ->Flash cache emptied: 1492 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 60114540 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 8215 bytes

    User: program files for Edrive

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1113810 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 120 bytes

    Total Files Cleaned = 72.00 mb

    < End of fix log >
    OTS by OldTimer - Version 3.1.38.1 fix logfile created on 09242010_070909

    Files\Folders moved on Reboot...
    File\Folder C:\Documents and Settings\Me\Local Settings\Temp\~DF1295.tmp not found!
    File\Folder C:\Documents and Settings\Me\Local Settings\Temp\~DF12A4.tmp not found!
    File\Folder C:\Documents and Settings\Me\Local Settings\Temp\~DF136C.tmp not found!
    File\Folder C:\Documents and Settings\Me\Local Settings\Temp\~DF14B3.tmp not found!
    File\Folder C:\Documents and Settings\Me\Local Settings\Temp\~DFF42.tmp not found!
    File\Folder C:\Documents and Settings\Me\Local Settings\Temp\~DFF58.tmp not found!
    C:\Documents and Settings\Me\Local Settings\Temporary Internet Files\Content.IE5\MGNUFXE3\showthread[1].htm moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VZB7260K\PortalServe[1].htm moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\VZB7260K\search1[2].htm moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JBXE0PRV\breakingnews[1].txt moved successfully.
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JBXE0PRV\mevio_com[1].txt not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\JBXE0PRV\sitetvratings[1].html not found!
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HFW9MD9W\;subTagID=100;subTagName=;clickTrack=;impactTrack=;cb=318012186[1].htm not found!
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HFW9MD9W\fw-nonplayer-banner[4].htm moved successfully.
    File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HFW9MD9W\login_status[2].php not found!
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HFW9MD9W\mucinex_monsterrevision_us_450x360_h264[1].mp4 moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\HFW9MD9W\na[1].htm moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FVEZW0TQ\fw-nonplayer-banner[1].htm moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FVEZW0TQ\news[1].aspx moved successfully.
    File\Folder C:\WINDOWS\temp\fla7.tmp not found!

    Registry entries deleted on Reboot...

  9. #19
    Junior Member
    Join Date
    Sep 2010
    Posts
    27

    Default

    I ran the flush.bat and it restarted my computer, when I got back on explorer the first thing I did was search for this site and it redirected me to another spyware blocker site. I clicked on the spybot home page and it took me to a spyware hunter blocker site.

    Thanks for your help I really appreciate it.

  10. #20
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Open Internet Explorer and do this.

    Go to Tools > Internet Options > Advanced Tab > Reset Internet Explorer Setting > Reset.....if will take a few seconds...then ok your way out , close IE and reopen it and see if this helped
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •