Hello again,
OTL FixWe need to run an OTL Fix- Please reopen on your desktop.
- Copy and Paste the following code into the textbox. Do not include the word "Code"
:Services
:OTL
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O2 - BHO: (no name) - {1FD79A59-37B1-459B-9097-09F9FAB8A523} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2010/09/02 19:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\raekircxo
[2010/09/02 19:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\tmikiapga
[2010/08/29 20:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Local Settings\Application Data\{3DF7E812-BE07-4FF6-8556-2054F51FAE99}
[2010/08/16 07:17:45 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\MSKITGRRJS
[2010/08/16 07:17:32 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\d33f0d2
[2010/08/15 15:31:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\rbbiqhuvi
[2010/07/11 11:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Anxyom
[2010/07/07 17:14:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Ziekok
[2010/06/28 05:07:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Application Data\Miyniw
[2010/09/02 19:54:11 | 000,000,005 | ---- | M] () -- C:\zrpt.xml
[2010/09/02 07:41:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Scoto.bin
[2010/09/01 17:04:17 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Fnumalo.dat
[2010/08/02 16:23:06 | 000,002,155 | ---- | M] () -- C:\rapport.txt
[2010/08/20 19:16:04 | 000,000,444 | ---- | M] () -- C:\rkill.log
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
- Push
- OTL may ask to reboot the machine. Please do so if asked.
- Click .
- A report will open. Copy and Paste that report in your next reply.
- If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
NEXT:Running ComboFixDownload
ComboFix from one of the following locations:
Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your
Desktop *
IMPORTANT -
Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
here - Double click on ComboFix.exe & follow the prompts.
As part of it's process,
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's
strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
- Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
- Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you.
Please include the C:\ComboFix.txt in your next reply.Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now