Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

am i infected or missing stuff after running the OTL thingy

Started by rupertdigby , Jan 29 2011 11:19 AM

  • This topic is locked This topic is locked

#1
rupertdigby
Posted 29 January 2011 - 11:19 AM

rupertdigby

    Member

  • Member
  • PipPipPip
  • 113 posts
i hope i can get help here. my machine had been attacked by a security shield and some other virus or spyware or malware of the same. it placed an icon in the tray and pop ups that constantly appeared and couldn't open defender for a scan. at 1 time i could not go to any antivirus web site. i was able to run safe mode and got avast, fix cleaner, tdsskiller, malarebytes, and a couple of others. it seems to have removed the malware or spyware. i used the free download of fix cleaner to scan and repair the registry, what ever that is.
i use fire fox browser and can't open a link inside of 1 website to get to a dept store account but i can use explorer to get there. my mouse pad has been jumping a lot, key strokes are not responding as easily and explorer browser gets directed elswhere . i also have a couple of rndll error windows at start up stating module can't be found. i can close them and it doesn't appear again until next boot up.
i'm in no way computer tech and have no idea of a lot of the terminology being used when i research how to tune up or clean up this machine. i have the free avast antivirus on the system and when running the otl it says it blokced some window32 file.
i tried the otm download along with the goored fix and erunt as described in google redirect.



OTL logfile created on: 1/29/2011 10:34:59 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Rnady Barron\Desktop\repairs
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 569.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.44 Gb Total Space | 44.91 Gb Free Space | 65.62% Space Free | Partition Type: NTFS

Computer Name: D35W7X91 | User Name: Rnady Barron | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Rnady Barron\Desktop\repairs\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\winlogon.exe ()
PRC - C:\WINDOWS\explorer.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Rnady Barron\Desktop\repairs\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Alwil Software\Avast5\snxhk.dll (AVAST Software)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\Temp\logishrd\LVPrcInj04.dll (Logitech Inc.)


========== Win32 Services (SafeList) ==========

SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (HidServ) -- File not found
SRV - (CLTNetCnService) -- File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (WLANKEEPER) Intel® -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel® Corporation)
SRV - (S24EventMonitor) Intel® -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (EvtEng) Intel® -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel® -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam S5500(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (usbaudio) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (w39n51) Intel® -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (Palm, Inc.)
DRV - (sonyhcs) -- C:\WINDOWS\system32\drivers\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.c...rietta GA 30062
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8893

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.charter.net/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64061
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/20 22:20:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/12 00:02:29 | 000,000,000 | ---D | M]

[2008/12/16 13:29:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Extensions
[2011/01/28 18:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions
[2010/06/30 14:05:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/28 09:53:26 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Documents and Settings\Rnady Barron\Application Data\Mozilla\Firefox\Profiles\8yq4rf2r.default\extensions\[email protected]
[2011/01/28 18:00:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 22:14:47 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011/01/28 08:51:50 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2009/04/23 08:17:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2011/01/20 20:07:12 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/01/26 08:28:56 | 000,000,258 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.7.33free.grisoft.com
O1 - Hosts: 127.0.7.33cert.org
O1 - Hosts: 127.0.7.33www.cert.org
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [Njuga] File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Npunife] File not found
O4 - HKCU..\Run: [System Display] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1194310281453 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 97.81.22.195 24.177.176.38 24.178.162.3
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/29 10:25:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\IECompatCache
[2011/01/28 17:48:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Desktop\GooredFix Backups
[2011/01/28 17:38:56 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/01/28 17:33:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/28 17:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Desktop\repairs
[2011/01/28 13:12:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\PrivacIE
[2011/01/28 10:19:53 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\IETldCache
[2011/01/28 10:11:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/01/28 10:07:42 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/01/26 13:38:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\DriverCure
[2011/01/26 13:38:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\ParetoLogic
[2011/01/26 13:38:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/01/26 10:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/01/26 10:58:29 | 000,294,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/26 10:58:29 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/26 10:58:27 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/26 10:58:26 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/26 10:58:26 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/26 10:58:26 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/26 10:58:25 | 000,029,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/26 10:58:05 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/26 10:58:04 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/25 10:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\AVG8
[2011/01/21 12:52:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\Application Data\FixCleaner
[2011/01/21 12:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FixCleaner
[2011/01/21 12:51:39 | 000,000,000 | ---D | C] -- C:\Program Files\FixCleaner
[2011/01/21 12:50:23 | 000,000,000 | ---D | C] -- C:\Program Files\Downloaded Installers
[2011/01/20 20:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2011/01/20 20:07:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2011/01/20 17:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/20 17:04:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2011/01/20 16:19:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/01/20 16:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/01/20 13:50:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/01/20 13:47:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/01/20 13:37:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Rnady Barron\Application Data\Desktop
[2011/01/20 12:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rnady Barron\My Documents\Computer Repairs
[2011/01/12 21:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2011/01/12 21:55:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PIXELA
[2011/01/12 21:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/29 10:18:58 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/29 10:00:09 | 000,036,316 | ---- | M] () -- C:\WINDOWS\System32\dll
[2011/01/29 09:55:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/01/29 09:52:26 | 000,000,320 | -HS- | M] () -- C:\WINDOWS\tasks\VYKMMLYOB.job
[2011/01/29 09:52:26 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\fbalg.job
[2011/01/29 09:52:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/29 09:52:18 | 1063,714,816 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/28 22:12:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/01/28 17:39:02 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Rnady Barron\NTUSER.bak
[2011/01/28 14:19:29 | 000,060,416 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\Payment Info.doc
[2011/01/28 12:00:16 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/01/28 10:19:51 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/26 15:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/26 10:58:31 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/26 10:58:26 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/01/26 10:56:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hzivanoxozoqu.dat
[2011/01/26 08:35:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Slizilizodo.bin
[2011/01/26 08:28:56 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\net.bat
[2011/01/26 08:28:56 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\net.vbs
[2011/01/26 08:28:56 | 000,000,258 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/01/25 08:54:27 | 000,447,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/25 08:54:27 | 000,074,050 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/23 11:33:57 | 000,002,221 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/01/20 23:17:43 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/20 21:22:29 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/20 20:32:07 | 000,009,003 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\60DE.EC9
[2011/01/20 18:00:11 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\delme.bat
[2011/01/20 17:47:00 | 000,609,566 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/20 14:04:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\chrtmp
[2011/01/20 13:44:45 | 000,000,019 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\lovely.ini
[2011/01/20 13:38:10 | 000,000,058 | -HS- | M] () -- C:\WINDOWS\System32\User.ini
[2011/01/20 13:37:02 | 000,000,047 | ---- | M] () -- C:\WINDOWS\NxQK1
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\SnAF2h
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\sGVbix
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\Hvo7kUU
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\TOx3x5Y
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\k1atV
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\8xuuEFl
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\1cUWTTc4e
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\WXtYjgGvWB
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\tNbbFn
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\hkwRCVmf3P
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\GcCSso
[2011/01/20 13:37:02 | 000,000,042 | ---- | M] () -- C:\WINDOWS\gUu2n5
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\r7WdPkmtN
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\7TtKhaDt2e
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\1euCH41Y2
[2011/01/20 13:37:02 | 000,000,040 | ---- | M] () -- C:\WINDOWS\XJ5lf4C
[2011/01/20 13:37:02 | 000,000,040 | ---- | M] () -- C:\WINDOWS\pyxFWS2S
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\VQJPHi
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\qRgYu374
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\oHjigD3tfi
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\Gniqh2
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\eDFchX7Gu
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\dTU6n3qcO
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\7msMUWiACu
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\FtuUKI7tLO
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\8UHe2P
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\74eKv
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\1fQKO
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\VfboROYGFY
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\oemKQGlTS
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\eVOOvF
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\wkxxch3S
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\tfHvVM
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\l2X358N
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\2Qvsv
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\RCLHfsoVKo
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\DGweBm
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\CVkCg6GGje
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\5hJOk1N
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\3tvJyeq
[2011/01/20 13:37:02 | 000,000,034 | ---- | M] () -- C:\WINDOWS\Y4uGYpB
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\nJtf64j
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\dWmqNQboc
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\ABrHyOQF
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\1Vi1Y22E
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\SL4Gxd
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\dVgu63
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\bnGVMejdQS
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\5pmmsMdNFo
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WtQPnivy6
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\sXQAwehfl
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\csaYl7Vra4
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Sg8JQhcb
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\hwvfAj
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\GJX5lU7
[2011/01/20 13:37:02 | 000,000,029 | ---- | M] () -- C:\WINDOWS\uhbYm
[2011/01/20 13:37:02 | 000,000,029 | ---- | M] () -- C:\WINDOWS\pA8P1O
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\VQjKpNoC
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Mv8FNpV2hK
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Iul4M
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\GDfBH3qm
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\aPGWPE
[2011/01/20 13:37:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\mrq5K4P
[2011/01/20 13:37:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\4IWYB
[2011/01/20 13:37:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\mYDaRfcd
[2011/01/20 13:37:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\lnE1ok7SVo
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\T8X7Pr8
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\OmW4hGUmrl
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\bMgNPtp6
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\W2CS2
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\a1PWcH
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\8nngEoL
[2011/01/18 09:58:06 | 000,000,000 | RH-- | M] () -- C:\2332b25bnet
[2011/01/13 03:47:35 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/01/13 03:47:32 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/01/13 03:41:16 | 000,294,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/01/13 03:40:16 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/01/13 03:40:04 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/01/13 03:39:50 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/01/13 03:37:30 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/01/13 03:37:11 | 000,029,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/01/13 03:37:09 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/01/12 21:55:39 | 000,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PIXELA ImageMixer Ver.1.0 for Sony.lnk
[2011/01/05 23:05:09 | 000,067,834 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\leonard gutters.pdf
[2011/01/03 19:19:04 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Desktop\MANUAL INVOICE2.xls
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/29 10:00:07 | 000,036,316 | ---- | C] () -- C:\WINDOWS\System32\dll
[2011/01/28 17:28:07 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Rnady Barron\NTUSER.tmp.LOG
[2011/01/28 10:19:51 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/01/26 10:58:31 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/01/21 12:52:28 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\FixCleaner Scan.job
[2011/01/21 12:51:49 | 000,002,221 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FixCleaner.lnk
[2011/01/20 22:26:54 | 1063,714,816 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/20 17:46:46 | 000,609,566 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/20 17:07:08 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\delme.bat
[2011/01/20 14:04:19 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\chrtmp
[2011/01/20 13:44:45 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\net.bat
[2011/01/20 13:44:45 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\net.vbs
[2011/01/20 13:44:45 | 000,000,019 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\lovely.ini
[2011/01/20 13:42:23 | 000,009,003 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\60DE.EC9
[2011/01/20 13:39:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hzivanoxozoqu.dat
[2011/01/20 13:39:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Slizilizodo.bin
[2011/01/20 13:38:10 | 000,000,058 | -HS- | C] () -- C:\WINDOWS\System32\User.ini
[2011/01/20 13:37:38 | 000,000,320 | -HS- | C] () -- C:\WINDOWS\tasks\VYKMMLYOB.job
[2011/01/20 13:37:38 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\fbalg.job
[2011/01/20 13:37:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NxQK1
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\SnAF2h
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\sGVbix
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Hvo7kUU
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\TOx3x5Y
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\k1atV
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\8xuuEFl
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\1cUWTTc4e
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WXtYjgGvWB
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\tNbbFn
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hkwRCVmf3P
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\GcCSso
[2011/01/20 13:37:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\gUu2n5
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\r7WdPkmtN
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\7TtKhaDt2e
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\1euCH41Y2
[2011/01/20 13:37:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\XJ5lf4C
[2011/01/20 13:37:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\pyxFWS2S
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VQJPHi
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\qRgYu374
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\oHjigD3tfi
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Gniqh2
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\eDFchX7Gu
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\dTU6n3qcO
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\7msMUWiACu
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\FtuUKI7tLO
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\8UHe2P
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\74eKv
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\1fQKO
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\VfboROYGFY
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\oemKQGlTS
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\eVOOvF
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wkxxch3S
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\tfHvVM
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\l2X358N
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\2Qvsv
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\RCLHfsoVKo
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\DGweBm
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\CVkCg6GGje
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\5hJOk1N
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\3tvJyeq
[2011/01/20 13:37:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Y4uGYpB
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\nJtf64j
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\dWmqNQboc
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\ABrHyOQF
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\1Vi1Y22E
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\SL4Gxd
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\dVgu63
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\bnGVMejdQS
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\5pmmsMdNFo
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WtQPnivy6
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sXQAwehfl
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\csaYl7Vra4
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Sg8JQhcb
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\hwvfAj
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\GJX5lU7
[2011/01/20 13:37:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\uhbYm
[2011/01/20 13:37:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\pA8P1O
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\VQjKpNoC
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Mv8FNpV2hK
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Iul4M
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\GDfBH3qm
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\aPGWPE
[2011/01/20 13:37:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\mrq5K4P
[2011/01/20 13:37:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\4IWYB
[2011/01/20 13:37:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\mYDaRfcd
[2011/01/20 13:37:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\lnE1ok7SVo
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\T8X7Pr8
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\OmW4hGUmrl
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\bMgNPtp6
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\W2CS2
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\a1PWcH
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\8nngEoL
[2011/01/18 09:58:06 | 000,000,000 | RH-- | C] () -- C:\2332b25bnet
[2011/01/12 21:55:39 | 000,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PIXELA ImageMixer Ver.1.0 for Sony.lnk
[2011/01/12 21:52:08 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2011/01/05 23:05:07 | 000,067,834 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\leonard gutters.pdf
[2011/01/03 19:19:02 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Desktop\MANUAL INVOICE2.xls
[2009/12/11 10:41:15 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\prvlcl.dat
[2009/10/26 13:28:13 | 000,011,848 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2009/08/30 09:26:46 | 000,014,848 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 11:59:56 | 000,000,183 | ---- | C] () -- C:\WINDOWS\3DHOME.INI
[2009/04/15 17:48:24 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/02/08 17:11:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2008/07/26 07:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/04/09 10:17:57 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/04/09 06:38:17 | 000,037,084 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Svclog.log
[2007/02/23 18:18:55 | 000,003,712 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/12 10:53:05 | 000,000,187 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/07/30 22:10:27 | 000,162,286 | ---- | C] () -- C:\Program Files\Porter Paints.QIF
[2006/07/30 13:16:20 | 000,000,880 | ---- | C] () -- C:\Program Files\cash.QIF
[2006/07/20 15:50:16 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\0093CE428B.sys
[2006/06/25 22:14:04 | 000,134,464 | ---- | C] () -- C:\Program Files\Homedepot
[2006/05/30 20:20:24 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\PFP120JPR.{PB
[2006/05/30 20:20:24 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\PFP120JCM.{PB
[2006/05/15 22:23:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2006/05/15 22:05:23 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\8B42CE9300.sys
[2006/05/15 22:05:14 | 000,007,518 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/05/08 22:27:49 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/05/05 15:09:47 | 000,000,218 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/05/05 14:35:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/05/05 13:38:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/05/03 15:27:38 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Local Settings\Application Data\fusioncache.dat
[2006/04/27 13:38:12 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/04/27 13:26:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/04/27 13:20:59 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/04/27 12:55:14 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/04/27 12:54:54 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/04/09 17:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 07:00:00 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\ms.dll
[2004/08/09 23:11:42 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/01/26 10:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/01/20 20:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/04/17 17:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2005/08/16 20:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/04/15 16:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiWired
[2008/08/27 22:37:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2011/01/26 14:01:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/02/19 16:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2011/01/20 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/09 10:17:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\tkvsporq
[2007/10/07 09:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/30 11:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2011/01/20 22:03:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Rnady Barron\Application Data\Desktop
[2011/01/26 13:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\DriverCure
[2011/01/27 12:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\FixCleaner
[2009/02/09 20:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2010/02/15 10:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\GetRightToGo
[2008/08/27 22:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\HotSync
[2008/12/30 18:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\Leadertech
[2011/01/26 13:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\ParetoLogic
[2008/04/06 13:28:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\TmpRecentIcons
[2009/02/25 17:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\Uniblue
[2007/10/07 09:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rnady Barron\Application Data\Viewpoint
[2011/01/29 09:52:26 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\fbalg.job
[2011/01/28 12:00:16 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\FixCleaner Scan.job
[2011/01/29 09:55:29 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/01/29 09:52:26 | 000,000,320 | -HS- | M] () -- C:\WINDOWS\Tasks\VYKMMLYOB.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 30 January 2011 - 10:51 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. ;)

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


I'm reviewing your log, and will post back with instructions for you shortly.
  • 0

#3
SweetTech
Posted 30 January 2011 - 11:09 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello rupertdigby,

Do you have your Windows XP disc?


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
:OTL
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (CLTNetCnService) -- File not found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8893
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 64061
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Njuga] File not found
O4 - HKCU..\Run: [Npunife] File not found
O4 - HKCU..\Run: [System Display] File not found
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O24 - Desktop Components:0 () - 
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
[2011/01/20 20:07:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/01/29 09:52:26 | 000,000,320 | -HS- | M] () -- C:\WINDOWS\tasks\VYKMMLYOB.job
[2011/01/29 09:52:26 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\fbalg.job
[2011/01/26 10:56:44 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Hzivanoxozoqu.dat
[2011/01/26 08:35:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Slizilizodo.bin
[2011/01/26 08:28:56 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\net.bat
[2011/01/26 08:28:56 | 000,000,538 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\Application Data\net.vbs
[2011/01/20 18:00:11 | 000,000,217 | ---- | M] () -- C:\Documents and Settings\Rnady Barron\delme.bat
[2011/01/20 13:37:02 | 000,000,047 | ---- | M] () -- C:\WINDOWS\NxQK1
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\SnAF2h
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\sGVbix
[2011/01/20 13:37:02 | 000,000,045 | ---- | M] () -- C:\WINDOWS\Hvo7kUU
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\TOx3x5Y
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\k1atV
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\8xuuEFl
[2011/01/20 13:37:02 | 000,000,044 | ---- | M] () -- C:\WINDOWS\1cUWTTc4e
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\WXtYjgGvWB
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\tNbbFn
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\hkwRCVmf3P
[2011/01/20 13:37:02 | 000,000,043 | ---- | M] () -- C:\WINDOWS\GcCSso
[2011/01/20 13:37:02 | 000,000,042 | ---- | M] () -- C:\WINDOWS\gUu2n5
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\r7WdPkmtN
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\7TtKhaDt2e
[2011/01/20 13:37:02 | 000,000,041 | ---- | M] () -- C:\WINDOWS\1euCH41Y2
[2011/01/20 13:37:02 | 000,000,040 | ---- | M] () -- C:\WINDOWS\XJ5lf4C
[2011/01/20 13:37:02 | 000,000,040 | ---- | M] () -- C:\WINDOWS\pyxFWS2S
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\VQJPHi
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\qRgYu374
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\oHjigD3tfi
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\Gniqh2
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\eDFchX7Gu
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\dTU6n3qcO
[2011/01/20 13:37:02 | 000,000,039 | ---- | M] () -- C:\WINDOWS\7msMUWiACu
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\FtuUKI7tLO
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\8UHe2P
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\74eKv
[2011/01/20 13:37:02 | 000,000,038 | ---- | M] () -- C:\WINDOWS\1fQKO
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\VfboROYGFY
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\oemKQGlTS
[2011/01/20 13:37:02 | 000,000,037 | ---- | M] () -- C:\WINDOWS\eVOOvF
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\wkxxch3S
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\tfHvVM
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\l2X358N
[2011/01/20 13:37:02 | 000,000,036 | ---- | M] () -- C:\WINDOWS\2Qvsv
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\RCLHfsoVKo
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\DGweBm
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\CVkCg6GGje
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\5hJOk1N
[2011/01/20 13:37:02 | 000,000,035 | ---- | M] () -- C:\WINDOWS\3tvJyeq
[2011/01/20 13:37:02 | 000,000,034 | ---- | M] () -- C:\WINDOWS\Y4uGYpB
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\nJtf64j
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\dWmqNQboc
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\ABrHyOQF
[2011/01/20 13:37:02 | 000,000,033 | ---- | M] () -- C:\WINDOWS\1Vi1Y22E
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\SL4Gxd
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\dVgu63
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\bnGVMejdQS
[2011/01/20 13:37:02 | 000,000,032 | ---- | M] () -- C:\WINDOWS\5pmmsMdNFo
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\WtQPnivy6
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\sXQAwehfl
[2011/01/20 13:37:02 | 000,000,031 | ---- | M] () -- C:\WINDOWS\csaYl7Vra4
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Sg8JQhcb
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\hwvfAj
[2011/01/20 13:37:02 | 000,000,030 | ---- | M] () -- C:\WINDOWS\GJX5lU7
[2011/01/20 13:37:02 | 000,000,029 | ---- | M] () -- C:\WINDOWS\uhbYm
[2011/01/20 13:37:02 | 000,000,029 | ---- | M] () -- C:\WINDOWS\pA8P1O
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\VQjKpNoC
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Mv8FNpV2hK
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Iul4M
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\GDfBH3qm
[2011/01/20 13:37:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\aPGWPE
[2011/01/20 13:37:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\mrq5K4P
[2011/01/20 13:37:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\4IWYB
[2011/01/20 13:37:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\mYDaRfcd
[2011/01/20 13:37:02 | 000,000,026 | ---- | M] () -- C:\WINDOWS\lnE1ok7SVo
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\T8X7Pr8
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\OmW4hGUmrl
[2011/01/20 13:37:02 | 000,000,025 | ---- | M] () -- C:\WINDOWS\bMgNPtp6
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\W2CS2
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\a1PWcH
[2011/01/20 13:37:02 | 000,000,024 | ---- | M] () -- C:\WINDOWS\8nngEoL
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/01/29 10:00:07 | 000,036,316 | ---- | C] () -- C:\WINDOWS\System32\dll
[2011/01/20 17:07:08 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\delme.bat
[2011/01/20 13:44:45 | 000,001,042 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\net.bat
[2011/01/20 13:44:45 | 000,000,538 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\net.vbs
[2011/01/20 13:44:45 | 000,000,019 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\lovely.ini
[2011/01/20 13:42:23 | 000,009,003 | ---- | C] () -- C:\Documents and Settings\Rnady Barron\Application Data\60DE.EC9
[2011/01/20 13:39:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hzivanoxozoqu.dat
[2011/01/20 13:39:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Slizilizodo.bin
[2011/01/20 13:38:10 | 000,000,058 | -HS- | C] () -- C:\WINDOWS\System32\User.ini
[2011/01/20 13:37:38 | 000,000,320 | -HS- | C] () -- C:\WINDOWS\tasks\VYKMMLYOB.job
[2011/01/20 13:37:38 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\fbalg.job
[2011/01/20 13:37:02 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NxQK1
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\SnAF2h
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\sGVbix
[2011/01/20 13:37:02 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Hvo7kUU
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\TOx3x5Y
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\k1atV
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\8xuuEFl
[2011/01/20 13:37:02 | 000,000,044 | ---- | C] () -- C:\WINDOWS\1cUWTTc4e
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\WXtYjgGvWB
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\tNbbFn
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hkwRCVmf3P
[2011/01/20 13:37:02 | 000,000,043 | ---- | C] () -- C:\WINDOWS\GcCSso
[2011/01/20 13:37:02 | 000,000,042 | ---- | C] () -- C:\WINDOWS\gUu2n5
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\r7WdPkmtN
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\7TtKhaDt2e
[2011/01/20 13:37:02 | 000,000,041 | ---- | C] () -- C:\WINDOWS\1euCH41Y2
[2011/01/20 13:37:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\XJ5lf4C
[2011/01/20 13:37:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\pyxFWS2S
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\VQJPHi
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\qRgYu374
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\oHjigD3tfi
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Gniqh2
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\eDFchX7Gu
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\dTU6n3qcO
[2011/01/20 13:37:02 | 000,000,039 | ---- | C] () -- C:\WINDOWS\7msMUWiACu
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\FtuUKI7tLO
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\8UHe2P
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\74eKv
[2011/01/20 13:37:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\1fQKO
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\VfboROYGFY
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\oemKQGlTS
[2011/01/20 13:37:02 | 000,000,037 | ---- | C] () -- C:\WINDOWS\eVOOvF
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\wkxxch3S
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\tfHvVM
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\l2X358N
[2011/01/20 13:37:02 | 000,000,036 | ---- | C] () -- C:\WINDOWS\2Qvsv
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\RCLHfsoVKo
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\DGweBm
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\CVkCg6GGje
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\5hJOk1N
[2011/01/20 13:37:02 | 000,000,035 | ---- | C] () -- C:\WINDOWS\3tvJyeq
[2011/01/20 13:37:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Y4uGYpB
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\nJtf64j
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\dWmqNQboc
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\ABrHyOQF
[2011/01/20 13:37:02 | 000,000,033 | ---- | C] () -- C:\WINDOWS\1Vi1Y22E
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\SL4Gxd
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\dVgu63
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\bnGVMejdQS
[2011/01/20 13:37:02 | 000,000,032 | ---- | C] () -- C:\WINDOWS\5pmmsMdNFo
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\WtQPnivy6
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\sXQAwehfl
[2011/01/20 13:37:02 | 000,000,031 | ---- | C] () -- C:\WINDOWS\csaYl7Vra4
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Sg8JQhcb
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\hwvfAj
[2011/01/20 13:37:02 | 000,000,030 | ---- | C] () -- C:\WINDOWS\GJX5lU7
[2011/01/20 13:37:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\uhbYm
[2011/01/20 13:37:02 | 000,000,029 | ---- | C] () -- C:\WINDOWS\pA8P1O
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\VQjKpNoC
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Mv8FNpV2hK
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Iul4M
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\GDfBH3qm
[2011/01/20 13:37:02 | 000,000,028 | ---- | C] () -- C:\WINDOWS\aPGWPE
[2011/01/20 13:37:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\mrq5K4P
[2011/01/20 13:37:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\4IWYB
[2011/01/20 13:37:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\mYDaRfcd
[2011/01/20 13:37:02 | 000,000,026 | ---- | C] () -- C:\WINDOWS\lnE1ok7SVo
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\T8X7Pr8
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\OmW4hGUmrl
[2011/01/20 13:37:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\bMgNPtp6
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\W2CS2
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\a1PWcH
[2011/01/20 13:37:02 | 000,000,024 | ---- | C] () -- C:\WINDOWS\8nngEoL
[2011/01/29 09:52:26 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\fbalg.job
[2011/01/29 09:52:26 | 000,000,320 | -HS- | M] () -- C:\WINDOWS\Tasks\VYKMMLYOB.job

:Reg

:Files
dir /s /a "C:\2332b25bnet" /c
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Scanning with GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning.



NEXT:


OTL Custom Scan

We need to run an OTL Custom Scan
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.


    netsvcs
    drivers32
    /md5start
    explorer.exe
    winlogon.exe
    /md5stop
    %Windir%\pchealth\helpctr\System|*.exe;false;true;true /FP
    %appdata%\Local\Temp\DDM\*.* /s
    %FontsDir%\*.com /30
    %ALLUSERSPROFILE%\Favorites\*.*
    %PROGRAMFILES%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\*.bat
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %USERPROFILE%\Cookies\*.txt /x
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\Computers\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push the Posted Image button.
  • A report will open. Copy and Paste that report in your next reply.

  • 0

#4
rupertdigby
Posted 30 January 2011 - 11:46 AM

rupertdigby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
my machine went looping from dell screen to windows intro where the bar looks likes its running and back to dell. it will go to f8 screen . a blue screen appeared yesterday and i don't know what to do next to be able to load any thing. i don't think it came with an xp cd. i'm constantly looking at my post today to follow instructions using another computer. thank for responding to my problem
  • 0

#5
SweetTech
Posted 30 January 2011 - 11:49 AM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

So your accessing this thread from an alternative computer? If this is correct, do you have the ability to burn discs on it?

Try this to see if you'll be able to load properly.

Last Known Good Configuration

Start the computer by using the last known good configuration. To start the computer by using the last known good configuration, follow these steps:

  • Restart your computer.
  • As the computer starts to boot-up, Tap the F8 KEY repeatedly,
  • This will bring up a menu.
  • Use the Up and Down Arrow Keys to scroll to Last Known Good Configuration
  • Then press the Enter Key on your Keyboard
  • Go into your usual account

  • 0

#6
rupertdigby
Posted 30 January 2011 - 12:00 PM

rupertdigby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
i can burn from this computer or can i connect them together with an Ethernet cable? also is there a way to see your response without going to my email account?
  • 0

#7
rupertdigby
Posted 30 January 2011 - 12:13 PM

rupertdigby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
goes to blue screen when i tried last known good conf.
  • 0

#8
SweetTech
Posted 30 January 2011 - 12:17 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

You can view this thread directly by using this link: http://www.geekstogo...-the-otl-thingy

You may want to add it to your favorite/bookmarks.


---------

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :D

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached Fix.txt into the Custom scans and fixes box
    Attached File  fix.txt   13.12KB   384 downloads
  • Press Run Fix to start the scan.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the OTL fix log file in your reply.


NEXT:


  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Drag and drop this attached Attached File  Scan.txt   47bytes   410 downloads into the Custom scans and fixes box
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#9
rupertdigby
Posted 30 January 2011 - 12:50 PM

rupertdigby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
i may not have a clear cd to copy to. have cd-r. can i erase the info on there and use it?
  • 0

#10
SweetTech
Posted 30 January 2011 - 12:54 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Do you have a USB drive?
  • 0

Advertisements

#11
rupertdigby
Posted 30 January 2011 - 01:35 PM

rupertdigby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
the cd booting made no sense to me. loaded new burn cd and can hear it running on laptop. looking at safe mode screen what next.
  • 0

#12
SweetTech
Posted 30 January 2011 - 01:40 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
You need to download the OTLPENet.exe file onto your clean computer, and have the blank disc inserted. Did you do this?
  • 0

#13
rupertdigby
Posted 30 January 2011 - 02:06 PM

rupertdigby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
downloaded otlpen and burned to cd. put cd into laptop dvd drive. turned on laptop and pressed f12 as the dell screen flashed f12=boot. enter bios set up and changed cd/dvd/cd-rw drive to #1 and internal hdd to #2. still reading the how to set bios from cdrom link to try and understand
  • 0

#14
SweetTech
Posted 30 January 2011 - 02:13 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay.
  • 0

#15
rupertdigby
Posted 30 January 2011 - 02:35 PM

rupertdigby

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 113 posts
should i go to the safe mode screen and choose something. after making the changes and esc it still goes to blue screen
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP