Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

CD/DVD Drive hangs when reading a disc


  • This topic is locked This topic is locked

#1
rogerbid

rogerbid

    Member

  • Member
  • PipPipPip
  • 255 posts
HI,

I am writing because of a range of problems I am having with my wife’s Samsung R610 laptop, running Windows 7. I have no reason to suspect a malware infection but cannot think of how to troubleshoot the following symptoms.

The first indication of a problem was when my wife commented that videos (whether attached to emails or accessed from websites) were slow to open.

After a weekend trying a number of strategies to solve this (installing codec updates, VLC Media player Classic, etc) I have come to the conclusion there are a number of problems which may or may not be related. I shall list the symptoms and hope that someone can see a common denominator and hopefully point me in the right direction.

1. As mentioned, video files (regardless of what format they are) are very difficult to view. However, they will sometimes play with good sound and vision and synchronisation, so proving that the media player software and the video hardware are not fatally flawed.
2. The Laptop has a combined DVD/CD player/burner but no matter what disc is put in, AutoPlay does not give any indication the disc is recognised.
3. (My) Computer shows the disc (whether it is a DVD, CD, data or movie) yet as soon as I try to open/explore or read the disc in any way, (My) Computer stops responding. Any attempt to close (My) Computer via Ctrl+Alt+Del fails and it takes for ever to close the application.
4. At one stage, having put an audio CD in the drive, I left the computer to have lunch and after about 15 minutes the audio was heard, the disk playing as normal. However the moment I paused Play and tried to restart it Media Player would no longer work for me.
5. Device Manager shows no conflicts, and the CD/DVD player is reportedly using the up to date driver and working properly.
6. Attempts to burn data files to a blank CD also fail and Computer locks up!
7. My wife did remind me however that ever since the laptop was new (with Vista installed) tere has always been a problem using the DVD/CD burner - I had forgotten!

At one stage I was on the point of going out to buy a new DVD/CD unit but since the one in the laptop does on occasion work as intended I suspect the problem is elsewhere.

When I came to the malware removal guide I initially had problems running OTL - each of the 3 versions would 'stop responding' while scanning CDRom Autorun settings. After failing with each of the 3 OTL options, I ran Malwarebytes' Anti-Malware and this found nothing wrong. I then tried a full scan. I then tried OTL again and, after once stopping as before at scanning CDRom Autorun, it eventually completed its scan. The report is pasted below.

If you do not think I have an infection, please feel free to move this post to another area of the Forums where I might get some assistance.

Any suggestions will be very much appreciated

Thanks everyone,

Roger

OTL logfile created on: 9/06/2011 5:48:47 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Users\Phred\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

2.99 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 70.51% Memory free
5.99 Gb Paging File | 5.06 Gb Available in Paging File | 84.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 199.76 Gb Total Space | 161.85 Gb Free Space | 81.02% Space Free | Partition Type: NTFS
Drive D: | 253.00 Gb Total Space | 112.63 Gb Free Space | 44.52% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Phred | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/08 21:25:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Phred\Desktop\OTL.scr
PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011/03/16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/11/20 22:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/20 22:17:00 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/14 11:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe


========== Modules (SafeList) ==========

MOD - [2011/06/08 21:25:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Phred\Desktop\OTL.scr
MOD - [2010/11/20 21:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/03/18 08:11:02 | 000,947,528 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/02/13 13:51:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/08/24 20:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe -- (DfSdkS)
SRV - [2009/07/14 11:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 11:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 20:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/07/01 16:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010/04/14 00:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2010/01/13 15:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel®
DRV - [2009/09/28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/14 08:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-au
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 2C 54 B7 CD 21 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 10:37:23 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/11 07:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 07:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/08 21:55:56 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Roaming\Malwarebytes
[2011/06/08 21:55:49 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/06/08 21:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/08 21:55:45 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/06/08 21:55:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/08 21:54:28 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Phred\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/08 21:32:44 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Phred\Desktop\OTL.com
[2011/06/08 21:24:56 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Phred\Desktop\OTL.scr
[2011/06/08 21:21:44 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Phred\Desktop\OTL.exe
[2011/06/08 18:40:52 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{2AA1F9CC-7529-450F-965A-024CF85A8FAB}
[2011/06/08 16:03:35 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{8B525453-766E-450C-A276-BDFF4301DD1C}
[2011/06/08 15:59:22 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{007662EF-8D58-4B78-9B87-724768E17983}
[2011/06/07 22:45:52 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{986E58AB-1856-43EA-AEA5-CEDD83A96623}
[2011/06/07 10:45:27 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{0C25C72E-F8B2-42CC-AC42-90B08D4E9A3A}
[2011/06/06 18:10:31 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{41CF9AF9-2121-47D7-8CBB-81F15FF9B16B}
[2011/06/05 14:56:44 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{39D3BA2D-7C0D-4424-AF09-C367B769C982}
[2011/06/04 22:53:50 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{44C51C97-1449-4715-A608-DCAF70896541}
[2011/06/04 10:15:59 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{0789C961-FB00-4C84-B5BB-B4DFADD71687}
[2011/06/03 22:15:22 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{6728C1B2-5956-4F46-B950-14C4A8F05AF9}
[2011/06/03 10:14:57 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{6404AD03-9370-40AB-8D7C-D84F623F869A}
[2011/06/02 18:59:20 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{77485097-C711-49EF-94A5-612BBF5FF9B3}
[2011/06/01 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{BE5BB9A2-9D29-4290-AB3D-E7575B82CE4D}
[2011/05/31 22:17:57 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{DA2C3987-1DF7-4B55-84D7-505194D37C7C}
[2011/05/31 21:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
[2011/05/31 21:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/05/31 21:14:55 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Roaming\DivX
[2011/05/31 21:14:54 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Roaming\Media Player Classic
[2011/05/31 20:52:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/05/31 20:50:07 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Roaming\Nullsoft
[2011/05/31 20:38:51 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime
[2011/05/31 15:55:44 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{D4060B74-B4DB-4C1D-B36B-AFAC18F076CD}
[2011/05/30 18:00:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/05/30 18:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/30 17:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/30 17:33:43 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{2D1FBBC0-C14E-48CD-9F1D-7845BC4A40DF}
[2011/05/29 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{DC55CA56-5A5F-48D6-B734-2B9FB9AD97E5}
[2011/05/29 11:39:10 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{BE391FBA-098C-4D53-B829-9CAD472F4CA6}
[2011/05/27 12:51:59 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{544ABC8B-7164-46C2-BC94-C544F697244E}
[2011/05/26 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{24A12DBA-CF76-4C84-AAB0-7908F321BF52}
[2011/05/25 18:57:41 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2011/05/25 18:51:01 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{8C6C1C6F-459A-434E-BFBB-B3987058F526}
[2011/05/24 22:13:44 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{88FA6AF8-0BE4-45B2-ACF8-0B31FE8D96AD}
[2011/05/24 09:20:30 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{03E96031-7D65-470B-8A52-0D0BE6BB5727}
[2011/05/23 16:04:40 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{0D39652D-6F4A-40C0-93D9-CAAB77CFA0BA}
[2011/05/22 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{5854DE71-BC59-41AC-829B-480FE4C1BA71}
[2011/05/21 18:47:12 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{873A9B07-D9BD-47C5-A416-9CBE7AA266CD}
[2011/05/20 10:50:35 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\poqexec.exe
[2011/05/20 10:44:38 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{61FEC7CF-8F3F-474F-BB83-3D3FA9C0E133}
[2011/05/19 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{6834A204-2271-4915-AEC4-B2EE7A54C176}
[2011/05/18 12:12:57 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{18BCDC71-93A8-4FF2-9E7D-04F43A337983}
[2011/05/16 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{D4164C6D-9844-45D7-826E-D567C09B26B0}
[2011/05/15 11:43:13 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{C7852DFA-7370-4727-AF30-4A351FCADA36}
[2011/05/14 10:34:06 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{675EC98D-1599-4A6D-84AE-EB504B7EAAC7}
[2011/05/13 19:58:40 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{D73F3F68-952C-49C0-AF5D-0234D7B7E5B4}
[2011/05/12 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{00D0A608-CF3F-40C8-A5DA-B5F1A4ED803F}
[2011/05/11 22:30:43 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{BCE8A3DB-354F-45EC-A1F2-607A3ABA0220}
[2011/05/11 10:36:55 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys
[2011/05/11 10:36:55 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys
[2011/05/11 10:36:52 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/05/11 10:36:52 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/05/11 10:30:18 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{3D0E77F8-8952-45FB-BAA0-A9BC79F7A44C}
[2011/05/10 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{366994CB-C82C-4B6F-A8B0-687D2AA389E3}

========== Files - Modified Within 30 Days ==========

[2011/06/09 05:46:16 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 05:46:16 | 000,014,832 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/09 05:43:16 | 002,313,102 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/09 05:43:16 | 000,961,674 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/09 05:39:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/09 05:38:54 | 2411,679,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/08 21:55:49 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/08 21:55:00 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Phred\Desktop\mbam-setup-1.51.0.1200.exe
[2011/06/08 21:43:24 | 000,007,625 | ---- | M] () -- C:\Users\Phred\AppData\Local\Resmon.ResmonCfg
[2011/06/08 21:32:48 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Phred\Desktop\OTL.com
[2011/06/08 21:25:02 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Phred\Desktop\OTL.scr
[2011/06/08 21:21:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Phred\Desktop\OTL.exe
[2011/06/08 20:03:57 | 117,588,799 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/06/03 10:21:24 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011/05/31 17:02:57 | 004,001,141 | ---- | M] () -- C:\Users\Phred\Desktop\Inside-1.wmv
[2011/05/31 16:55:19 | 001,942,310 | ---- | M] () -- C:\Users\Phred\Desktop\Fromabove-1.wmv
[2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/05/29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/06/08 21:55:49 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/08 21:43:24 | 000,007,625 | ---- | C] () -- C:\Users\Phred\AppData\Local\Resmon.ResmonCfg
[2011/05/31 16:55:14 | 001,942,310 | ---- | C] () -- C:\Users\Phred\Desktop\Fromabove-1.wmv
[2011/05/31 16:54:25 | 004,001,141 | ---- | C] () -- C:\Users\Phred\Desktop\Inside-1.wmv
[2009/07/14 14:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 14:33:53 | 000,408,048 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/14 12:05:48 | 002,313,102 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/14 12:05:48 | 000,961,674 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/14 12:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/14 12:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/14 12:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/14 12:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/14 09:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 09:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 09:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/11 07:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

Edited by rogerbid, 08 June 2011 - 02:27 PM.

  • 0

Advertisements


#2
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Roger,

Welcome to Geeks to Go! My name is SpySentinel and I will be helping you fix your malware problem.
Sorry for the delay, we have been very busy lately, and I apologize for your wait.


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    [2011/06/08 18:40:52 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{2AA1F9CC-7529-450F-965A-024CF85A8FAB}
    [2011/06/08 16:03:35 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{8B525453-766E-450C-A276-BDFF4301DD1C}
    [2011/06/08 15:59:22 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{007662EF-8D58-4B78-9B87-724768E17983}
    [2011/06/07 22:45:52 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{986E58AB-1856-43EA-AEA5-CEDD83A96623}
    [2011/06/07 10:45:27 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{0C25C72E-F8B2-42CC-AC42-90B08D4E9A3A}
    [2011/06/06 18:10:31 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{41CF9AF9-2121-47D7-8CBB-81F15FF9B16B}
    [2011/06/05 14:56:44 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{39D3BA2D-7C0D-4424-AF09-C367B769C982}
    [2011/06/04 22:53:50 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{44C51C97-1449-4715-A608-DCAF70896541}
    [2011/06/04 10:15:59 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{0789C961-FB00-4C84-B5BB-B4DFADD71687}
    [2011/06/03 22:15:22 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{6728C1B2-5956-4F46-B950-14C4A8F05AF9}
    [2011/06/03 10:14:57 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{6404AD03-9370-40AB-8D7C-D84F623F869A}
    [2011/06/02 18:59:20 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{77485097-C711-49EF-94A5-612BBF5FF9B3}
    [2011/06/01 11:40:54 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{BE5BB9A2-9D29-4290-AB3D-E7575B82CE4D}
    [2011/05/31 22:17:57 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{DA2C3987-1DF7-4B55-84D7-505194D37C7C}
    [2011/05/31 15:55:44 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{D4060B74-B4DB-4C1D-B36B-AFAC18F076CD}
    [2011/05/30 17:33:43 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{2D1FBBC0-C14E-48CD-9F1D-7845BC4A40DF}
    [2011/05/29 23:39:35 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{DC55CA56-5A5F-48D6-B734-2B9FB9AD97E5}
    [2011/05/29 11:39:10 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{BE391FBA-098C-4D53-B829-9CAD472F4CA6}
    [2011/05/27 12:51:59 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{544ABC8B-7164-46C2-BC94-C544F697244E}
    [2011/05/26 14:32:15 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{24A12DBA-CF76-4C84-AAB0-7908F321BF52}
    [2011/05/25 18:51:01 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{8C6C1C6F-459A-434E-BFBB-B3987058F526}
    [2011/05/24 22:13:44 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{88FA6AF8-0BE4-45B2-ACF8-0B31FE8D96AD}
    [2011/05/24 09:20:30 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{03E96031-7D65-470B-8A52-0D0BE6BB5727}
    [2011/05/23 16:04:40 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{0D39652D-6F4A-40C0-93D9-CAAB77CFA0BA}
    [2011/05/22 16:05:27 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{5854DE71-BC59-41AC-829B-480FE4C1BA71}
    [2011/05/21 18:47:12 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{873A9B07-D9BD-47C5-A416-9CBE7AA266CD}
    [2011/05/20 10:44:38 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{61FEC7CF-8F3F-474F-BB83-3D3FA9C0E133}
    [2011/05/19 19:44:44 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{6834A204-2271-4915-AEC4-B2EE7A54C176}
    [2011/05/18 12:12:57 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{18BCDC71-93A8-4FF2-9E7D-04F43A337983}
    [2011/05/16 21:17:41 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{D4164C6D-9844-45D7-826E-D567C09B26B0}
    [2011/05/15 11:43:13 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{C7852DFA-7370-4727-AF30-4A351FCADA36}
    [2011/05/14 10:34:06 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{675EC98D-1599-4A6D-84AE-EB504B7EAAC7}
    [2011/05/13 19:58:40 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{D73F3F68-952C-49C0-AF5D-0234D7B7E5B4}
    [2011/05/12 12:51:23 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{00D0A608-CF3F-40C8-A5DA-B5F1A4ED803F}
    [2011/05/11 22:30:43 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{BCE8A3DB-354F-45EC-A1F2-607A3ABA0220}
    [2011/05/11 10:30:18 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{3D0E77F8-8952-45FB-BAA0-A9BC79F7A44C}
    [2011/05/10 10:14:18 | 000,000,000 | ---D | C] -- C:\Users\Phred\AppData\Local\{366994CB-C82C-4B6F-A8B0-687D2AA389E3}
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

  • 0

#3
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Hello SpySentinel,

Firstly, please don't aplogise for the delay! I have never had to wait before and I must admit I did begin to wonder if I had perhaps unwittingly said or done the wrong thing! However, I am always mindful that this site relies on the considerable amount of time given by you and your colleagues and, knowing you are particularly busy, I am very happy to wait and take my turn.

I evidently did not tick a box somewhere to ensure I was notified of replies, and so I only saw your reply now when I logged in again. Now I have your rpely I will follow your instructions and send another post as soon as I can.

I will write again soon, thanks for your interest in my problem,

Best regards,

Roger

Edited by rogerbid, 19 June 2011 - 11:54 PM.

  • 0

#4
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Hello again.

I was able to get hold of my wife's (Phred's) laptop sooner than I expected and have run the Fix you suggested.

On clicking to Reboot, the laptop took a long time to shutdown (this is often the case in fact) and when it restarted it opened with a box titled 'Open File - Security Warning' asking "Are you sure you want to run this software?" referring to OTL.exe. I only tell you this in case it is significant.

Anyway, I clicked OK and it automatically opened Notepad and in case this is what you need I will post the content of that file below.

I do not want you to embark on lengthy explanations which I probably would not understand, but maybe you can tell me if you saw anything in my previoous report that indicated a problem. Maybe the Scan/Fix you asked me to carry out was a 'just in case' scenario, or are there definite signs of an infection?

I will await your reply and thanks for your help,

Best wishes,

Roger

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\Con-sentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\Con-sentPromptBehaviorUser not found.
C:\Users\Phred\AppData\Local\{2AA1F9CC-7529-450F-965A-024CF85A8FAB} folder moved successfully.
C:\Users\Phred\AppData\Local\{8B525453-766E-450C-A276-BDFF4301DD1C} folder moved successfully.
C:\Users\Phred\AppData\Local\{007662EF-8D58-4B78-9B87-724768E17983} folder moved successfully.
C:\Users\Phred\AppData\Local\{986E58AB-1856-43EA-AEA5-CEDD83A96623} folder moved successfully.
C:\Users\Phred\AppData\Local\{0C25C72E-F8B2-42CC-AC42-90B08D4E9A3A} folder moved successfully.
C:\Users\Phred\AppData\Local\{41CF9AF9-2121-47D7-8CBB-81F15FF9B16B} folder moved successfully.
C:\Users\Phred\AppData\Local\{39D3BA2D-7C0D-4424-AF09-C367B769C982} folder moved successfully.
C:\Users\Phred\AppData\Local\{44C51C97-1449-4715-A608-DCAF70896541} folder moved successfully.
C:\Users\Phred\AppData\Local\{0789C961-FB00-4C84-B5BB-B4DFADD71687} folder moved successfully.
C:\Users\Phred\AppData\Local\{6728C1B2-5956-4F46-B950-14C4A8F05AF9} folder moved successfully.
C:\Users\Phred\AppData\Local\{6404AD03-9370-40AB-8D7C-D84F623F869A} folder moved successfully.
C:\Users\Phred\AppData\Local\{77485097-C711-49EF-94A5-612BBF5FF9B3} folder moved successfully.
C:\Users\Phred\AppData\Local\{BE5BB9A2-9D29-4290-AB3D-E7575B82CE4D} folder moved successfully.
C:\Users\Phred\AppData\Local\{DA2C3987-1DF7-4B55-84D7-505194D37C7C} folder moved successfully.
C:\Users\Phred\AppData\Local\{D4060B74-B4DB-4C1D-B36B-AFAC18F076CD} folder moved successfully.
C:\Users\Phred\AppData\Local\{2D1FBBC0-C14E-48CD-9F1D-7845BC4A40DF} folder moved successfully.
C:\Users\Phred\AppData\Local\{DC55CA56-5A5F-48D6-B734-2B9FB9AD97E5} folder moved successfully.
C:\Users\Phred\AppData\Local\{BE391FBA-098C-4D53-B829-9CAD472F4CA6} folder moved successfully.
C:\Users\Phred\AppData\Local\{544ABC8B-7164-46C2-BC94-C544F697244E} folder moved successfully.
C:\Users\Phred\AppData\Local\{24A12DBA-CF76-4C84-AAB0-7908F321BF52} folder moved successfully.
C:\Users\Phred\AppData\Local\{8C6C1C6F-459A-434E-BFBB-B3987058F526} folder moved successfully.
C:\Users\Phred\AppData\Local\{88FA6AF8-0BE4-45B2-ACF8-0B31FE8D96AD} folder moved successfully.
C:\Users\Phred\AppData\Local\{03E96031-7D65-470B-8A52-0D0BE6BB5727} folder moved successfully.
C:\Users\Phred\AppData\Local\{0D39652D-6F4A-40C0-93D9-CAAB77CFA0BA} folder moved successfully.
C:\Users\Phred\AppData\Local\{5854DE71-BC59-41AC-829B-480FE4C1BA71} folder moved successfully.
C:\Users\Phred\AppData\Local\{873A9B07-D9BD-47C5-A416-9CBE7AA266CD} folder moved successfully.
C:\Users\Phred\AppData\Local\{61FEC7CF-8F3F-474F-BB83-3D3FA9C0E133} folder moved successfully.
C:\Users\Phred\AppData\Local\{6834A204-2271-4915-AEC4-B2EE7A54C176} folder moved successfully.
C:\Users\Phred\AppData\Local\{18BCDC71-93A8-4FF2-9E7D-04F43A337983} folder moved successfully.
C:\Users\Phred\AppData\Local\{D4164C6D-9844-45D7-826E-D567C09B26B0} folder moved successfully.
C:\Users\Phred\AppData\Local\{C7852DFA-7370-4727-AF30-4A351FCADA36} folder moved successfully.
C:\Users\Phred\AppData\Local\{675EC98D-1599-4A6D-84AE-EB504B7EAAC7} folder moved successfully.
C:\Users\Phred\AppData\Local\{D73F3F68-952C-49C0-AF5D-0234D7B7E5B4} folder moved successfully.
C:\Users\Phred\AppData\Local\{00D0A608-CF3F-40C8-A5DA-B5F1A4ED803F} folder moved successfully.
C:\Users\Phred\AppData\Local\{BCE8A3DB-354F-45EC-A1F2-607A3ABA0220} folder moved successfully.
C:\Users\Phred\AppData\Local\{3D0E77F8-8952-45FB-BAA0-A9BC79F7A44C} folder moved successfully.
C:\Users\Phred\AppData\Local\{366994CB-C82C-4B6F-A8B0-687D2AA389E3} folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Phred
->Temp folder emptied: 21047842 bytes
->Temporary Internet Files folder emptied: 287504942 bytes
->Java cache emptied: 1323 bytes
->Flash cache emptied: 7368 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11378013 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 305.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Phred
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06202011_160713

Files\Folders moved on Reboot...
C:\Users\Phred\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
  • 0

#5
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Roger,

What I had you remove are left over entries; I did not seeing any significant signs of a remaining infection which is good news.


Please download Malwarebytes' Anti-Malware

Launch Malwarebytes' Anti-Malware
  • Please check for updates, and if an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked , and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.





Run ESET Online Scan

*Note: This scan might take a while to complete.
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
You can refer to this animation by neomage if needed.
  • 0

#6
rogerbid

rogerbid

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 255 posts
Hi SpySentinel and thanks once again.

I am just about to leave for a weekend away so will follow your instructions and reply after the weekend. I am sorry that this is becoming a rather drawn out thread, but can assure you your help is very much appreciated.

Best wishes,

Roger
  • 0

#7
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Hi Roger,

You're welcome, and not a problem :)
  • 0

#8
SpySentinel

SpySentinel

    R.I.P.

  • Retired Staff
  • 5,152 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP