Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

fake hardware please help!

Started by esdn , Mar 03 2011 12:31 PM

  • This topic is locked This topic is locked

#1
esdn
Posted 03 March 2011 - 12:31 PM

esdn

    Member

  • Member
  • PipPip
  • 18 posts
hi:)

so I'd really like to get this fixed, mostly because I'm locked out of my main account (only lets me in using guest) and ALL of my daughters pics are on there and I've been slacking and don't have backups for the most recent ones.

I can only access anything at all in guest mode. I've tried safe mode and I just keep getting messages saying access for administrator only. It will let me run malwarebytes and spybot in guest mode, and says that the problems been taken care of, but when i restart immediately it just starts all over again and if I don't restart immediately it gives me anywhere from like 20 minutes to a half an hour before it comes up with an error code and then restarts itself. I'm not really technologically savvy so at this point I've completely exhausted my limited ablities. short of throwing it out the window. I would really really appreciate any help.

heres the oldtimers thingy:

OTL logfile created on: 3/3/2011 12:18:13 PM - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\Guest\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.64 Gb Total Space | 508.86 Gb Free Space | 72.84% Space Free | Partition Type: NTFS
Drive E: | 573.86 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 6.42 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 697.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 599.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 713.41 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 414.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 740.78 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive L: | 406.23 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive M: | 413.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 2.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive O: | 6.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: YOUR-6C1F87708D | User Name: Guest | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/03 12:18:05 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe
PRC - [2011/03/01 20:10:16 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/25 04:09:07 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/11/24 18:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/10/30 18:08:26 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
PRC - [2008/08/21 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 11:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (SafeList) ==========

MOD - [2011/03/03 12:18:05 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Guest\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {F76EDD7E-76D0-4EDD-A245-80B389B2D510}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{36253578-F354-476D-A8E1-39B9D005CBC1}: C:\Documents and Settings\Randi\Local Settings\Application Data\{36253578-F354-476D-A8E1-39B9D005CBC1}
FF - HKLM\software\mozilla\Firefox\Extensions\\{9C510257-B83A-423B-9CCE-C267E01A1B26}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{9C510257-B83A-423B-9CCE-C267E01A1B26}
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/01 20:10:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/01 20:10:23 | 000,000,000 | ---D | M]

[2011/02/04 19:18:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Extensions
[2011/02/06 02:51:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\16iu3bdn.default\extensions
[2011/02/06 02:51:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\16iu3bdn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/03 15:07:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/07 17:51:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\APPLICATION DATA\{F76EDD7E-76D0-4EDD-A245-80B389B2D510}
[2010/07/30 03:32:30 | 001,923,464 | ---- | M] (ArtistScope) -- C:\Program Files\Mozilla Firefox\plugins\npArtistScope.dll
[2010/05/25 11:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2011/02/25 19:26:55 | 000,430,092 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14807 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/09/25 13:35:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/02/15 03:53:04 | 000,000,000 | R--D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2005/02/15 03:49:04 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/02/15 00:53:16 | 000,618,496 | R--- | M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2005/02/15 03:52:54 | 000,000,152 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/03/23 08:34:39 | 000,000,000 | R--D | M] - G:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2006/09/09 10:01:57 | 000,704,512 | R--- | M] (Electronic Arts Inc.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/09/09 02:13:17 | 000,634,880 | R--- | M] (Electronic Arts Inc.) - G:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2006/09/09 10:05:49 | 000,000,146 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/03/23 11:01:35 | 000,000,000 | R--D | M] - H:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2006/02/06 21:28:25 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2006/02/06 19:46:43 | 000,630,784 | R--- | M] (Electronic Arts Inc.) - H:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2006/02/06 21:31:24 | 000,000,159 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/10/23 18:56:12 | 000,000,000 | R--D | M] - I:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2008/10/23 18:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - I:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/10/23 18:58:07 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - I:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2008/10/23 18:57:48 | 000,000,166 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/05/27 17:27:45 | 000,000,000 | R--D | M] - J:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2008/05/27 17:29:19 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - J:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/05/27 17:29:19 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - J:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2008/05/27 17:29:01 | 000,000,158 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/03/23 10:50:49 | 000,000,000 | R--D | M] - K:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2007/01/26 03:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - K:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/01/26 02:06:20 | 000,651,264 | R--- | M] (Electronic Arts Inc.) - K:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2007/01/26 03:40:58 | 000,000,149 | R--- | M] () - K:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/04/14 12:31:08 | 000,000,000 | R--D | M] - L:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2008/03/11 23:03:12 | 000,703,552 | R--- | M] (Electronic Arts Inc.) - L:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/03/11 21:58:10 | 000,662,592 | R--- | M] (Electronic Arts Inc.) - L:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2008/03/11 23:02:54 | 000,000,178 | R--- | M] () - L:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2007/05/14 22:01:23 | 000,000,000 | R--D | M] - M:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2007/05/14 22:01:23 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - M:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/05/14 20:55:32 | 000,651,264 | R--- | M] (Electronic Arts Inc.) - M:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2007/05/14 22:02:52 | 000,000,159 | R--- | M] () - M:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2005/07/05 14:05:52 | 001,019,904 | R--- | M] (Microsoft Corporation) - N:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/05/18 14:59:05 | 000,000,228 | R--- | M] () - N:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/09/21 02:23:57 | 000,054,544 | R--- | M] (Electronic Arts) - O:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010/06/27 04:12:50 | 000,000,049 | R--- | M] () - O:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005/02/15 03:49:04 | 000,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2006/09/09 10:01:57 | 000,704,512 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2006/02/06 21:28:25 | 000,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2008/10/23 18:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe -- [2008/05/27 17:29:19 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007/01/26 03:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRun.exe -- [2008/03/11 23:03:12 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll) - C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll (ACTS)
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/03 12:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\My Documents\Downloads
[2011/03/03 11:45:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\WinRAR
[2011/03/03 09:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Start Menu\Programs\Hard Drive
[2011/03/03 00:03:37 | 000,733,184 | ---- | C] (ACTS) -- C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll
[2011/02/24 19:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/24 19:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/24 19:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/23 09:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2011/02/21 03:18:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/21 03:18:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/21 03:18:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/21 03:18:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2011/02/21 02:58:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/20 23:35:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Identities
[2011/02/20 23:35:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\TuneUp Software
[2011/02/20 23:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Yahoo!
[2011/02/20 23:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Yahoo
[2011/02/10 21:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/02/10 21:21:29 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2011/02/10 21:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/02/10 21:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/02/10 21:20:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/10 21:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/02/10 21:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/10 21:19:00 | 004,184,352 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2011/02/10 21:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/10 21:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2011/02/06 03:03:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\My Documents\Electronic Arts
[2011/02/06 02:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pKnJfLg05200
[2011/02/04 19:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla
[2011/02/04 19:17:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Mozilla
[2011/02/04 18:52:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Guest\Application Data\Malwarebytes
[2011/02/02 12:07:37 | 000,000,000 | ---D | C] -- C:\swsetup
[2011/02/01 15:40:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/03 11:59:16 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/03 11:58:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/03 11:58:42 | 3210,883,072 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/03 11:41:04 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\111187.exe
[2011/03/03 11:38:36 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\186671
[2011/03/03 11:27:35 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~186671
[2011/03/03 11:27:35 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~186671r
[2011/03/03 09:44:01 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\587359
[2011/03/03 09:22:39 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~23515
[2011/03/03 09:22:38 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~23515r
[2011/03/03 09:21:58 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\23515
[2011/03/03 09:14:28 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\587359.exe
[2011/03/03 08:52:08 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\186671.exe
[2011/03/03 00:03:37 | 000,733,184 | ---- | M] (ACTS) -- C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll
[2011/02/25 19:26:55 | 000,430,092 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/23 16:01:29 | 001,112,064 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2011/02/23 16:01:29 | 000,647,168 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2011/02/21 02:51:05 | 000,005,612 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s
[2011/02/20 22:47:17 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/10 21:21:42 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/06 04:18:04 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/04 17:15:40 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/02 12:54:03 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/02/02 12:53:43 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/02 12:53:43 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/01 15:40:14 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/03 11:41:03 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\111187.exe
[2011/03/03 11:07:53 | 3210,883,072 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/03 09:22:38 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~23515
[2011/03/03 09:22:38 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~23515r
[2011/03/03 09:21:58 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23515
[2011/03/03 09:14:31 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\587359
[2011/03/03 09:14:28 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\587359.exe
[2011/03/03 08:52:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~186671r
[2011/03/03 08:52:21 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~186671
[2011/03/03 08:52:13 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\186671
[2011/03/03 08:52:08 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\186671.exe
[2011/02/20 20:46:44 | 000,005,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s
[2011/02/10 21:21:42 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/02/10 21:19:12 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Apple Software Update.lnk
[2011/02/06 04:18:03 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/02 12:53:43 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/02/02 12:53:43 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/02/01 15:40:14 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/11/08 12:56:13 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CSHelper.exe
[2010/10/11 01:30:11 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/10/03 11:07:34 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/06/27 23:04:40 | 000,102,262 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2010/06/27 23:04:40 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2010/05/07 17:51:24 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\Xledikov.dat
[2010/05/07 17:51:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\Pnibigokimakigej.bin
[2010/03/16 10:25:10 | 000,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010/03/15 22:11:04 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/03/15 22:11:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/15 22:07:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pnibigokimakigej.bin
[2010/02/16 09:04:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/09/25 16:24:42 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/09/25 13:39:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/09/25 13:34:04 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/25 13:22:56 | 000,000,418 | ---- | C] () -- C:\WINDOWS\System32\Oeminfo.ini
[2009/09/25 13:22:45 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/09/25 13:22:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/09/25 13:22:45 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/09/25 13:22:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/09/25 13:22:45 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/09/25 13:22:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/09/25 13:22:44 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/09/25 13:22:44 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/09/25 13:22:44 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/09/25 13:22:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/09/25 13:22:40 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/09/25 13:22:39 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/09/25 06:28:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/09/25 06:27:49 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >
  • 0

Advertisements

#2
SweetTech
Posted 03 March 2011 - 04:24 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :D

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :D
    Because of this, you must reply within three days     failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :Services
:OTL
[2010/05/07 17:51:23 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\APPLICATION DATA\{F76EDD7E-76D0-4EDD-A245-80B389B2D510}
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005/02/15 03:49:04 | 000,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2006/09/09 10:01:57 | 000,704,512 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2006/02/06 21:28:25 | 000,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe -- [2008/10/23 18:58:06 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe -- [2008/05/27 17:29:19 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe -- [2007/01/26 03:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\L\Shell - "" = AutoRun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\AutoRun.exe -- [2008/03/11 23:03:12 | 000,703,552 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (ootExecute settings...) - File not found
O34 - HKLM BootExecute: (on\E) - File not found
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll) - C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll (ACTS)
[2011/03/03 00:03:37 | 000,733,184 | ---- | C] (ACTS) -- C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll
[2011/02/06 02:18:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\pKnJfLg05200
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/03/03 11:41:04 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\111187.exe
[2011/03/03 11:38:36 | 000,000,408 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\186671
[2011/03/03 11:27:35 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~186671
[2011/03/03 11:27:35 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~186671r
[2011/03/03 09:44:01 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\587359
[2011/03/03 09:22:39 | 000,000,240 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~23515
[2011/03/03 09:22:38 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~23515r
[2011/03/03 09:21:58 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\23515
[2011/03/03 09:14:28 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\587359.exe
[2011/03/03 08:52:08 | 000,671,744 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\186671.exe
[2011/03/03 00:03:37 | 000,733,184 | ---- | M] (ACTS) -- C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll
[2011/02/21 02:51:05 | 000,005,612 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s
[2011/02/06 04:18:04 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[41 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011/03/03 11:41:03 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\111187.exe
[2011/03/03 09:22:38 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~23515
[2011/03/03 09:22:38 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~23515r
[2011/03/03 09:21:58 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\23515
[2011/03/03 09:14:31 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\587359
[2011/03/03 09:14:28 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\587359.exe
[2011/03/03 08:52:22 | 000,000,168 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~186671r
[2011/03/03 08:52:21 | 000,000,240 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~186671
[2011/03/03 08:52:13 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\186671
[2011/03/03 08:52:08 | 000,671,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\186671.exe
[2011/02/20 20:46:44 | 000,005,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s
[2011/02/06 04:18:03 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2010/05/07 17:51:24 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\Xledikov.dat
[2010/05/07 17:51:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\Pnibigokimakigej.bin
[2010/03/15 22:07:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pnibigokimakigej.bin

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.


NEXT:



Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".



NEXT:



Please provide an update on how your computer is currently running in your next reply.

Edited by SweetTech, 03 March 2011 - 05:28 PM.

  • 0

#3
esdn
Posted 03 March 2011 - 05:18 PM

esdn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
ST thank you soooo much for responding!

I tried copy pasting the above to the otl and hit run fix, i ended up getting a error message after a moment that said cannot write to c:\windows\system32\drivers\ect\Hosts.
  • 0

#4
SweetTech
Posted 03 March 2011 - 05:28 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Attempt to run the OTL fix again. I went ahead and edited it to remove something.
  • 0

#5
esdn
Posted 03 March 2011 - 05:47 PM

esdn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
on the up side, the otl thing worked :D

on the downside, none of the three rootkit links work.

1. comes up, says failed to enable debug privilege, not critical issue, i hit the ok button and get the parasite warning, hit ok again it says parasite removed, ok again and error, load driver privilege not adjusted comes up.
2 does the same thing.
3 says must be administrator to run this

thank you again though :D






All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
Folder C:\DOCUMENTS AND SETTINGS\GUEST\LOCAL SETTINGS\APPLICATION DATA\{F76EDD7E-76D0-4EDD-A245-80B389B2D510}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. E:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. G:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. H:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. I:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. J:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. K:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. L:\AutoRun.exe scheduled to be moved on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:ootExecute settings... scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:on\E scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\AppSecDll:C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll scheduled to be moved on reboot.
Folder C:\Documents and Settings\All Users\Application Data\pKnJfLg05200\ not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File delete failed. C:\WINDOWS\System32\aswBA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\avaBB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\CONFIG.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET265.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET266.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET267.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET268.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET269.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET270.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET271.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET272.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET273.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET274.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET275.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET276.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET277.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET278.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET279.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET280.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET281.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET282.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET283.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET284.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET285.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET286.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET287.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET288.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET344.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET350.tmp scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File delete failed. C:\WINDOWS\System32\drivers\OLD16A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\drivers\OLD16E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\drivers\OLD2E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\drivers\OLD3A9.tmp scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP\WiseCustomCall.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP\WiseCustomCalla.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP\WiseCustomCalla.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP\WiseData.ini scheduled to be deleted on reboot.
Folder delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP\WiseCustomCall.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP\WiseCustomCalla.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP\WiseCustomCalla2.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP\WiseData.ini scheduled to be deleted on reboot.
Folder delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseCustomCall.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseCustomCalla.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseData.ini scheduled to be deleted on reboot.
Folder delete failed. C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP scheduled to be deleted on reboot.
File C:\Documents and Settings\All Users\Application Data\111187.exe not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\186671 scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\~186671 scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\~186671r scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\587359 scheduled to be moved on reboot.
File C:\Documents and Settings\All Users\Application Data\~23515 not found.
File C:\Documents and Settings\All Users\Application Data\~23515r not found.
File C:\Documents and Settings\All Users\Application Data\23515 not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\587359.exe scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\186671.exe scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\yvJQeNCfpv.dll scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\fsqwr.bmp scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File delete failed. C:\WINDOWS\System32\aswBA.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\avaBB.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\CONFIG.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET265.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET266.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET267.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET268.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET269.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET26F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET270.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET271.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET272.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET273.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET274.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET275.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET276.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET277.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET278.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET279.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET27F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET280.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET281.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET282.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET283.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET284.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET285.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET286.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET287.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET288.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET344.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\SET350.tmp scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File delete failed. C:\WINDOWS\System32\drivers\OLD16A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\drivers\OLD16E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\drivers\OLD2E7.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\System32\drivers\OLD3A9.tmp scheduled to be deleted on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP\WiseCustomCall.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP\WiseCustomCalla.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP\WiseCustomCalla.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP\WiseData.ini scheduled to be deleted on reboot.
Folder delete failed. C:\WINDOWS\8A83AE5FF59B4E1FBF2A49185A42ED1B.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP\WiseCustomCall.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP\WiseCustomCalla.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP\WiseCustomCalla2.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP\WiseData.ini scheduled to be deleted on reboot.
Folder delete failed. C:\WINDOWS\A055FB62CF734839AD83122ABCB92418.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseCustomCall.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseCustomCalla.exe scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP\WiseData.ini scheduled to be deleted on reboot.
Folder delete failed. C:\WINDOWS\BB77DC4CB8184FD48D1D5D3B617B78B4.TMP scheduled to be deleted on reboot.
File C:\Documents and Settings\All Users\Application Data\111187.exe not found.
File C:\Documents and Settings\All Users\Application Data\~23515 not found.
File C:\Documents and Settings\All Users\Application Data\~23515r not found.
File C:\Documents and Settings\All Users\Application Data\23515 not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\587359 scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\587359.exe scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\~186671r scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\~186671 scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\186671 scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\186671.exe scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\Documents and Settings\All Users\Application Data\mt1g23v02b57q6ihcw1k2qu8485u81yu7lpn7536y43s scheduled to be moved on reboot.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\fsqwr.bmp scheduled to be moved on reboot.
File C:\Documents and Settings\Guest\Local Settings\Application Data\Xledikov.dat not found.
File C:\Documents and Settings\Guest\Local Settings\Application Data\Pnibigokimakigej.bin not found.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
File move failed. C:\WINDOWS\Pnibigokimakigej.bin scheduled to be moved on reboot.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Guest\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Guest\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========


[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Temporary Internet Files folder emptied: 67 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Flash cache emptied: 321 bytes

User: Guest
->Temp folder emptied: 9903198 bytes
->Temporary Internet Files folder emptied: 49554 bytes
->FireFox cache emptied: 70104409 bytes
->Flash cache emptied: 5484 bytes

User: LocalService

User: NetworkService

User: Randi

%systemdrive% .tmp files removed: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
%systemroot% .tmp files removed: 1701917 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
%systemroot%\System32 .tmp files removed: 13874209 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
Unable to create HKLM\Software\OldTimer Tools\OTL key.
%systemroot%\System32\drivers .tmp files removed: 386048 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 92.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User
Unable to create HKLM\Software\OldTimer Tools\OTL key.
->Flash cache emptied: 321 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Randi

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.2 log created on 03032011_183105
  • 0

#6
SweetTech
Posted 03 March 2011 - 05:53 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
I think the issue is the fact that your currently in a Guest account, which is one of the reasons why your not able to run the RKU scan.

Can you see if your able to log into your other user accounts now?
  • 0

#7
esdn
Posted 03 March 2011 - 05:56 PM

esdn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
i tried, it still does the same thing. if i go into safe mode and log into what says its the administrator account, it tells me the same thing, that i must be an administrator.
  • 0

#8
SweetTech
Posted 03 March 2011 - 05:58 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Lets try running a different tool:


Running ComboFix
Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
  • IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now
  • 0

#9
esdn
Posted 03 March 2011 - 06:19 PM

esdn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I should have stuck with pen and paper........

so I disabled my anti-virus and everything and combofix came up and said that there was an error and it couldn't open some file that looked like it said nimrod???? it disappeared before i could finish reading it. and then it beeped. and a few more windows popped up, it asked if i agreed, I said yes, it now has a window that says

end program - c:\32788R22FWJFW\License\iexplore.exe
windows cannot end this program, it may need more time to complete an operation

I really do appreciate your help though :D
  • 0

#10
esdn
Posted 03 March 2011 - 06:22 PM

esdn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
nirmcfd.cfxxxxx or something very similar to that
  • 0

Advertisements

#11
SweetTech
Posted 03 March 2011 - 06:23 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay, so it's still preparing to run ComboFix. Correct?
  • 0

#12
esdn
Posted 03 March 2011 - 06:24 PM

esdn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
after the nirmcfd thing pops up it beeps a few times and then the error boxes pop up and it just stops.
  • 0

#13
esdn
Posted 03 March 2011 - 06:25 PM

esdn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
oh if i close my browser i find a box that says installation failed.
  • 0

#14
SweetTech
Posted 03 March 2011 - 06:34 PM

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Okay, see if you can exit out of the ComboFix scan.

On your desktop click on the ComboFix icon. Press F2 on your computer and type in: svchost

Hit Enter.

And attempt to re-run ComboFix.
  • 0

#15
esdn
Posted 03 March 2011 - 06:48 PM

esdn

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
its not saved to my desktop??

ok I click the link above, it opens I click ok, it says that something can't be verified. the publisher i believe, and i click ok again. it asks which user i want to run the program with, i leave it on guest it runs through but when the greenbar gets done it comes up and says

windows cannot open this file:
nirmcfd.cfxxe
and asks if i want to use a web service to find appropriate program to open or if i want to select from a list. and then i can hit ok.

that end program
end program - c:\32788R22FWJFW\License\iexplore.exe

window pops up as well. actually they're both still open. along with a window that popped up thats been popping up since the whole thing started. it says

windows- no disk
exception processing message 0x0000013 parameters 0x000007FEFE037240 0x00000000000000004 0x000007FEFE037240 0x000007FEFE037240 with the options to cancel try again or continue, in that order. if i click on any of them it'll restart the computer, at least, thats what its done all day.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP