Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

can't install antivirus on one computer.. the other wont start

Started by ckb0118 , Dec 20 2010 08:50 PM

  • This topic is locked This topic is locked

#1
ckb0118
Posted 20 December 2010 - 08:50 PM

ckb0118

    Member

  • Member
  • PipPip
  • 75 posts
Hi, Just wanted to start off by saying this is the best website ever and has been so helpful in the past.

So my #1 computer, one day decided to catch a virus and not restart into windows. It just starts and does nothing. But more about that later on.

So i went to computer #2 to download the avg rescue cd, and realized that I cannot access avg site, nor any other helpful antivirus sites. My malware bytes is 2 years out of date and cannot update.

I have done Rkill, exe helper, ATF, tried combo fix but guess I should have waited, it appears to freeze my clock after about 20 mins, so i was assuming that something went wrong?

I tried burning AVG rescue to a cd from a good computer, but i think the cd might have been bad. Anyways I have limited access, but access non the less, to a good computer.

Whats my next step?
Thanks a million!
  • 0

Advertisements

#2
mitch8
Posted 21 December 2010 - 09:33 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hello ckb0118, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:
  • Please post your logs, don't attach them unless stated.
  • Please read my posts carefully and if you have any questions ask.
  • Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

What computer are we going to work on first? Once we are finish cleaning one computer you will have to start a new topic for the other one.

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :D

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
ckb0118
Posted 23 December 2010 - 08:33 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Hi, I got a message saying the INFfile txtsetup.sif is corrupt or missing, status 1024. Setup cannot continue press any key to exit.

any idea?
  • 0

#4
mitch8
Posted 23 December 2010 - 10:08 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi

Did you download this on the infected computer?

Did you delete the file and try again?
  • 0

#5
mitch8
Posted 28 December 2010 - 01:37 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
ckb0118
Posted 04 January 2011 - 01:43 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
OTL logfile created on: 1/1/2011 7:48:19 PM - Run
OTLPE by OldTimer - Version 3.1.43.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.00 Mb Total Physical Memory | 185.00 Mb Available Physical Memory | 48.00% Memory free
327.00 Mb Paging File | 206.00 Mb Available in Paging File | 63.00% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.90 Gb Total Space | 10.17 Gb Free Space | 36.45% Space Free | Partition Type: NTFS
Drive X: | 434.99 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- C:\Documents and Settings\Chris Brooks\Application Data\hyiecmsu.dll -- (vvbsi)
SRV - File not found [Auto] -- C:\Program Files\Movie Maker\hyiecmsu.dll -- (uweshqx)
SRV - File not found [Auto] -- C:\Program Files\Internet Explorer\hyiecmsu.dll -- (sqpkzw)
SRV - File not found [Auto] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [Auto] -- C:\Program Files\Internet Explorer\hyiecmsu.dll -- (blufmlexi)
SRV - File not found [Disabled] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/04/14 09:16:16 | 000,078,104 | ---- | M] (iWin Inc.) [Auto] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (tfgpkuf)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (rrncwn)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (mqoiqrel)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (etkdj)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (butsmcrwh)
SRV - [2006/12/21 06:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2006/08/22 00:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)
SRV - [2004/01/09 13:11:36 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/01/09 13:10:00 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/04/29 17:29:54 | 000,139,264 | ---- | M] (Intel® Corporation) [On_Demand] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2008/07/23 19:09:44 | 000,038,472 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2006/12/21 06:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/21 06:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/03/27 20:20:28 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/03/26 17:24:25 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2004/10/26 15:01:00 | 002,830,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/03/15 04:04:00 | 000,100,597 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/03/15 04:04:00 | 000,098,580 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/03/15 04:04:00 | 000,085,972 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/03/15 04:04:00 | 000,034,837 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/03/15 04:04:00 | 000,025,685 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/03/15 04:04:00 | 000,014,229 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/03/15 04:04:00 | 000,006,357 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/03/15 04:04:00 | 000,004,117 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/03/15 04:04:00 | 000,002,233 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/02/27 05:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/02/13 13:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI)
DRV - [2004/02/13 06:21:00 | 000,086,160 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/01/19 20:28:48 | 000,256,688 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2004/01/14 22:18:16 | 000,005,621 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/01/14 22:18:04 | 000,023,219 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/01/13 05:41:46 | 002,482,176 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel®
DRV - [2004/01/09 12:49:52 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/08/29 08:59:24 | 001,101,696 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem)
DRV - [2003/08/21 22:25:52 | 000,094,600 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/05/15 21:09:32 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2002/11/22 23:01:26 | 000,020,096 | ---- | M] (Intel Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2002/11/18 21:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Chris_Brooks_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Chris_Brooks_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0849}:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.5

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\Program Files\iWin Games\firefox\ [2010/06/17 21:38:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/13 14:35:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/09 21:28:51 | 000,000,000 | ---D | M]

[2009/09/13 19:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris Brooks\Application Data\Mozilla\Extensions
[2010/12/31 14:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris Brooks\Application Data\Mozilla\Firefox\Profiles\huua0jji.default\extensions
[2010/09/09 20:26:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris Brooks\Application Data\Mozilla\Firefox\Profiles\huua0jji.default\extensions\[email protected]
[2009/09/13 19:24:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/06 10:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/06 10:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2009/10/14 20:26:50 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2010/12/16 21:52:29 | 000,000,698 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (iGive Toolbar) - {FA73AE1B-4BA9-4E8B-832B-54A287FF1B7F} - C:\Program Files\iGive_Toolbar\igvtb.dll File not found
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WIND0WS.EXE (Leithauser Research)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Chris_Brooks_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Chris_Brooks_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akama...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} http://dlmanager.aka...vex-2.0.4.4.cab (DownloadManager Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://www.hotwaxsur...sCamControl.cab (CamImage Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/26 02:29:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{660c58f1-a565-11df-a8c2-000f1f1c2958}\Shell - "" = AutoRun
O33 - MountPoints2\{660c58f1-a565-11df-a8c2-000f1f1c2958}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87b2e230-9d4d-11dc-bb33-000f1f1c2958}\Shell - "" = AutoRun
O33 - MountPoints2\{87b2e230-9d4d-11dc-bb33-000f1f1c2958}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b2cea7e0-c4c8-11dd-bc7b-000f1f1c2958}\Shell - "" = AutoRun
O33 - MountPoints2\{b2cea7e0-c4c8-11dd-bc7b-000f1f1c2958}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 12:19:44 | 000,021,704 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmn7.dll
[2011/01/01 12:19:44 | 000,018,632 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmi7.dll
[2011/01/01 11:58:38 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2010/12/31 14:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/12/31 14:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris Brooks\Application Data\Softland
[2010/12/31 14:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2010/12/23 20:44:38 | 127,353,979 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Chris Brooks\Desktop\OTLPENet.exe
[2010/12/22 17:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris Brooks\Desktop\tree pics
[2010/12/20 19:03:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/12/17 19:59:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/12/16 21:56:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/16 21:56:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/16 21:56:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/16 21:56:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/16 21:55:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/16 21:54:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/14 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Chris Brooks\My Documents\HostsXpert
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Chris Brooks\Desktop\*.tmp files -> C:\Documents and Settings\Chris Brooks\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/01 17:33:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 16:40:51 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/01 16:40:45 | 000,011,618 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/01/01 16:40:43 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/01/01 16:40:31 | 001,052,647 | ---- | M] () -- C:\WINDOWS\winwm.rws
[2011/01/01 16:40:31 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/01 16:40:23 | 401,911,808 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/01 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2011/01/01 00:04:39 | 000,011,618 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/12/31 20:40:05 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010/12/31 18:43:39 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/12/31 15:31:01 | 000,359,419 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\Cosmos.pdf
[2010/12/31 15:29:58 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\Cosmos.doc
[2010/12/31 09:18:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010/12/24 23:39:47 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/24 23:39:47 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/23 20:53:48 | 127,353,979 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Chris Brooks\Desktop\OTLPENet.exe
[2010/12/20 19:33:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\defogger_reenable
[2010/12/18 21:16:56 | 000,038,818 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\pinkhill pups.JPG
[2010/12/18 18:44:51 | 000,009,708 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\Willetts_Estimate_Interstate_Granite.pdf
[2010/12/18 17:47:10 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\Willetts Estimate Interstate Granite.xls
[2010/12/17 21:57:01 | 000,055,296 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\Mubarak.doc
[2010/12/17 19:52:23 | 003,993,691 | R--- | M] () -- C:\Documents and Settings\Chris Brooks\Desktop\ComboFix.exe
[2010/12/17 10:58:50 | 000,391,841 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\Desktop\clayton homes plan.jpg
[2010/12/17 10:58:01 | 000,084,667 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\Desktop\clayton homes.jpg
[2010/12/14 21:25:38 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/12/14 10:10:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/12/09 08:56:15 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\Final Exam RTT 220.doc
[2010/12/08 17:49:14 | 000,218,610 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\Pitt Community College- Sur...tif
[2010/12/07 07:57:38 | 000,054,892 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\My Documents\Cape Fear Public Utility Au...tif
[2010/12/03 21:43:09 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Chris Brooks\Desktop\Chernobyl.doc
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Chris Brooks\Desktop\*.tmp files -> C:\Documents and Settings\Chris Brooks\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/31 17:50:39 | 401,911,808 | -HS- | C] () -- C:\hiberfil.sys
[2010/12/31 15:30:57 | 000,359,419 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\Cosmos.pdf
[2010/12/31 15:29:58 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\Cosmos.doc
[2010/12/31 14:09:36 | 000,007,549 | ---- | C] () -- C:\WINDOWS\System32\dopdf7.ctm
[2010/12/20 19:33:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\defogger_reenable
[2010/12/18 21:16:56 | 000,038,818 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\pinkhill pups.JPG
[2010/12/18 18:44:51 | 000,009,708 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\Willetts_Estimate_Interstate_Granite.pdf
[2010/12/18 17:47:10 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\Willetts Estimate Interstate Granite.xls
[2010/12/17 21:25:55 | 000,055,296 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\Mubarak.doc
[2010/12/17 19:59:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/12/17 19:59:16 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/12/17 10:58:48 | 000,391,841 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\Desktop\clayton homes plan.jpg
[2010/12/17 10:57:55 | 000,084,667 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\Desktop\clayton homes.jpg
[2010/12/16 21:56:18 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/16 21:56:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/16 21:56:18 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/16 21:56:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/16 21:56:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/08 21:19:15 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\Final Exam RTT 220.doc
[2010/12/08 17:49:13 | 000,218,610 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\Pitt Community College- Sur...tif
[2010/12/07 07:57:38 | 000,054,892 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\My Documents\Cape Fear Public Utility Au...tif
[2010/12/03 21:33:33 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\Desktop\Chernobyl.doc
[2010/11/04 15:08:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\render.ini
[2009/09/12 19:20:19 | 000,015,498 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\.recently-used.xbel
[2009/08/13 06:42:05 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/04/07 16:59:27 | 000,060,744 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\g2mdlhlpx.exe
[2008/03/29 18:32:34 | 000,000,070 | ---- | C] () -- C:\WINDOWS\zxcvrsv.ini
[2008/02/19 01:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/11/25 18:05:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/12 21:57:36 | 000,163,484 | RHS- | C] () -- C:\WINDOWS\System32\hyiecmsu.dll
[2007/04/26 21:56:18 | 000,106,496 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/26 17:13:40 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/03/26 16:46:18 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\Application Data\PFP120JPR.{PB
[2006/03/26 16:46:18 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Chris Brooks\Application Data\PFP120JCM.{PB
[2006/03/26 15:14:35 | 000,000,520 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/03/25 18:12:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/14 21:21:46 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\AQalphaGL.dll
[2004/03/26 17:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/01/09 13:10:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 05:17:24 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 05:17:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009/09/12 19:20:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris Brooks\Application Data\gtk-2.0
[2009/04/13 14:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris Brooks\Application Data\Image Zone Express
[2006/11/01 18:00:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris Brooks\Application Data\Leadertech
[2009/04/13 14:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris Brooks\Application Data\Printer Info Cache
[2010/12/31 14:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Chris Brooks\Application Data\Softland
[2010/12/31 14:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/12/14 10:10:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2010/12/31 20:40:05 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2010/12/31 09:18:02 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/01/01 14:00:01 | 000,000,464 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job

========== Purity Check ==========


< End of report >
  • 0

#7
mitch8
Posted 04 January 2011 - 04:28 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
SRV - File not found [Auto] -- C:\Documents and Settings\Chris Brooks\Application Data\hyiecmsu.dll -- (vvbsi)
SRV - File not found [Auto] -- C:\Program Files\Movie Maker\hyiecmsu.dll -- (uweshqx)
SRV - File not found [Auto] -- C:\Program Files\Internet Explorer\hyiecmsu.dll -- (sqpkzw)
SRV - File not found [Auto] -- C:\Program Files\Internet Explorer\hyiecmsu.dll -- (blufmlexi)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (tfgpkuf)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (rrncwn)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (mqoiqrel)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (etkdj)
SRV - [2009/03/21 09:06:58 | 000,163,484 | RHS- | M] () [Auto] -- C:\WINDOWS\system32\hyiecmsu.dll -- (butsmcrwh)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\Chris_Brooks_ON_C\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

:Services

:Reg

:Files
C:\WINDOWS\Tasks\At*.job

:Commands
[emptytemp]
[EMPTYFLASH]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Next,

Post C:\ComboFix.txt here.
  • 0

#8
ckb0118
Posted 05 January 2011 - 03:13 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Here is what came up after re-boot. You said to post combofix.txt, did you want me to run combofix? I don't see that file.
And, YAY! i can get to the anti-virus websites now!

All processes killed
========== OTL ==========
Service vvbsi stopped successfully!
Service vvbsi deleted successfully!
File C:\Documents and Settings\Chris Brooks\Application Data\hyiecmsu.dll not found.
Service uweshqx stopped successfully!
Service uweshqx deleted successfully!
File C:\Program Files\Movie Maker\hyiecmsu.dll not found.
Service sqpkzw stopped successfully!
Service sqpkzw deleted successfully!
File C:\Program Files\Internet Explorer\hyiecmsu.dll not found.
Service blufmlexi stopped successfully!
Service blufmlexi deleted successfully!
File C:\Program Files\Internet Explorer\hyiecmsu.dll not found.
Service tfgpkuf stopped successfully!
Service tfgpkuf deleted successfully!
File move failed. C:\WINDOWS\system32\hyiecmsu.dll scheduled to be moved on reboot.
Service rrncwn stopped successfully!
Service rrncwn deleted successfully!
File move failed. C:\WINDOWS\system32\hyiecmsu.dll scheduled to be moved on reboot.
Service mqoiqrel stopped successfully!
Service mqoiqrel deleted successfully!
File move failed. C:\WINDOWS\system32\hyiecmsu.dll scheduled to be moved on reboot.
Service etkdj stopped successfully!
Service etkdj deleted successfully!
File move failed. C:\WINDOWS\system32\hyiecmsu.dll scheduled to be moved on reboot.
Service butsmcrwh stopped successfully!
Service butsmcrwh deleted successfully!
File move failed. C:\WINDOWS\system32\hyiecmsu.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.
Registry key HKEY_USERS\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_USERS\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_USERS\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry key HKEY_USERS\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry key HKEY_USERS\Chris_Brooks_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Chris Brooks
->Temp folder emptied: 1458829 bytes
->Temporary Internet Files folder emptied: 1171814 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 134442042 bytes
->Apple Safari cache emptied: 9133056 bytes
->Flash cache emptied: 857349 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 480 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1166865 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 63370 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 85070 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 142.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Chris Brooks
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.4 log created on 01052011_160137

Files\Folders moved on Reboot...
C:\WINDOWS\system32\hyiecmsu.dll moved successfully.

Registry entries deleted on Reboot...
  • 0

#9
mitch8
Posted 05 January 2011 - 03:28 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Ok, I guess run ComboFix then. If it asks to update say yes.


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

  • 0

#10
ckb0118
Posted 06 January 2011 - 05:34 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
so when i run combo fix, within the first 10 or so mins, it appears to freeze the computer. I left it alone or over an hour and still nothing. any thoughts?
  • 0

#11
mitch8
Posted 06 January 2011 - 08:06 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
OK, obviously ComboFix is not working. Can you turn your computer on? Does C:\ComboFix.txt exist?
  • 0

#12
ckb0118
Posted 07 January 2011 - 12:24 PM

ckb0118

    Member

  • Topic Starter
  • Member
  • PipPip
  • 75 posts
Ran (updated!) Malwarebytes, then tried combofix again, same thing happened. No .txt file.
This is all on computer #1. Works great except for the combofix thing.
Now computer #2 needs help. Does not go past start up. I was originally going to try the avg rescue cd, should I do the Reatogo CD instead? Thanks!!
  • 0

#13
mitch8
Posted 07 January 2011 - 07:56 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
OK, if your good on your first computer then you can remove the tools we used.

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  • After that you can delete anything else on your desktop that you downloaded.

If you are ready to work on your other computer please start a new topic with a quick scan from the CD you made.
  • 0

#14
mitch8
Posted 18 January 2011 - 04:19 PM

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :D

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP