dslreports logo
site
    All Forums Hot Topics Gallery
spc
Search Topic:
uniqs
12
share rss forum feed


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:26
Reviews:
·Comcast

1 recommendation

reply to ez2cy

Re: [Trojan] can't connect to PostgreSQL

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, copy and paste the contents of the following box:


:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - Reg Error: Value error. File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
[2012/07/24 11:21:20 | 000,232,960 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000008.@
[2012/07/24 11:20:54 | 000,092,160 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000032.@
[2012/07/24 11:20:54 | 000,080,896 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000064.@
[2012/07/24 11:20:49 | 000,016,896 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000000.@
[2012/07/24 11:20:48 | 000,002,048 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000004.@
[2012/07/24 11:20:47 | 000,001,632 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\000000cb.@
[2012/07/22 20:08:54 | 000,000,804 | ---- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\L\00000004.@
[2012/01/11 09:24:16 | 000,002,048 | -HS- | C] () -- C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\@

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[Reboot]


[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Once you see a message box "Fix complete! Click OK to open the fix log."
[*]Click the OK button
[*]The log will open in Notepad (your default text editor).
{*]Save the log. Post a copy of that log in your next reply.


Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start-All Programs-Accessories-Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

ez2cy

join:2008-03-05
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000008.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000032.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000064.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\80000000.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\00000004.@ not found.
File C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\U\000000cb.@ not found.
C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\L\00000004.@ moved successfully.
C:\Users\Jim\AppData\Local\{bf21be16-7285-8f2e-354e-0a56b348d6cc}\@ moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jim
->Temp folder emptied: 2034685 bytes
->Temporary Internet Files folder emptied: 267047369 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3648 bytes

User: postgres
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC.001
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC.002
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: postgres.Jim-PC.003
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Wilson
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23960 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 257.00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: Jim
->Flash cache emptied: 0 bytes

User: postgres

User: postgres.Jim-PC

User: postgres.Jim-PC.000

User: postgres.Jim-PC.001

User: postgres.Jim-PC.002

User: postgres.Jim-PC.003

User: Public

User: Wilson
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08022012_160838

Files\Folders moved on Reboot...
C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Temp\~DF1CD1B101BEE6EDEF.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DF7758918FC9B3CE2F.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFC419BE376699A5F5.TMP not found!
File\Folder C:\Users\Jim\AppData\Local\Temp\~DFD87372E73CDC2C33.TMP not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\843262[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\adloader[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\ads[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\Banner[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\c[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\default[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[3].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[4].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\xmlProxy[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\xmlProxy[2].htm moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\ADSAdClient31[1].htm not found!
File\Folder C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\Banner[1].htm not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\si[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\ads[3].htm moved successfully.
File\Folder C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\default[1].htm not found!
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\EditMessageLight[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\flextag[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\LocalStorage[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\xmlProxy[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\ads[2].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\ads[3].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\Messenger[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\resourcespreload[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\RteFrame_16.2.6148.0723[1].htm moved successfully.
C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\watch[1].htm moved successfully.

PendingFileRenameOperations files...
File C:\Users\Jim\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Jim\AppData\Local\Temp\~DF1CD1B101BEE6EDEF.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DF7758918FC9B3CE2F.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFC419BE376699A5F5.TMP not found!
File C:\Users\Jim\AppData\Local\Temp\~DFD87372E73CDC2C33.TMP not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\843262[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\adloader[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\ads[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\Banner[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\c[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\default[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[3].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\si[4].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\xmlProxy[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SYDJR39Z\xmlProxy[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\ADSAdClient31[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\Banner[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ROK5O96A\si[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\ads[3].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\default[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\EditMessageLight[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\flextag[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\LocalStorage[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30C0RBLZ\xmlProxy[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\ads[2].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\ads[3].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\AjaxHistoryFrame[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\Messenger[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\resourcespreload[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\RteFrame_16.2.6148.0723[1].htm not found!
File C:\Users\Jim\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1BG3ND1S\watch[1].htm not found!

Registry entries deleted on Reboot...