This topic is locked
OTL.Txt 62.9KB
88 downloads
aswMBR.txt 1.69KB
118 downloads
Bunch of Trojans: Downloader, FakeAlert, DNSchanger, BHO, Agent, PUM.h
Started by
Garrett33
, Jul 31 2011 03:03 AM
#62
Posted 04 September 2011 - 02:46 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
OK lets now confirm the MBR problem
Please read carefully and follow these steps.
THEN
Please read carefully and follow these steps.
- DownloadTDSSKiller and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
THEN
#63
Posted 04 September 2011 - 03:25 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Once you have run TDSSKiller then run this OTL fix
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\S-1-5-21-2801489450-1910931656-4214862515-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1069
:Reg
[HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-2801489450-1910931656-4214862515-500\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#64
Posted 06 September 2011 - 05:46 PM
Garrett33
- Topic Starter
-
- Member
-
- 48 posts
Member
The internet isn't working again for some reason. Prior to the following the steps that is.
TDSSKiller.2.5.19.0_06.09.2011_16.11.27_log.txt 45.39KB
97 downloads
OTL.Txt 64.33KB
90 downloads
OTL logfile created on: 9/6/2011 4:24:41 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.23 Mb Total Physical Memory | 83.23 Mb Available Physical Memory | 18.61% Memory free
977.39 Mb Paging File | 566.61 Mb Available in Paging File | 57.97% Paging File free
Paging file location(s): C:\pagefile.sys 600 670 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.78 Gb Total Space | 22.22 Gb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive E: | 9.74 Gb Total Space | 0.44 Gb Free Space | 4.50% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.26% Space Free | Partition Type: FAT
Computer Name: GERT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/01 16:18:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/05/19 20:08:59 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/01 11:39:58 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/27 22:30:48 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/17 23:34:36 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/17 23:34:35 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/17 23:34:31 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/17 23:34:22 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/08/12 20:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/03/29 17:50:50 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/02/06 18:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2011/08/01 16:18:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/02/25 20:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (Spooler)
SRV - File not found [Auto | Stopped] -- -- (seclogon32)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/17 23:34:31 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/17 23:34:22 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/21 21:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/05/21 04:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/05/08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/03/29 17:50:50 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/02/06 18:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
========== Driver Services (SafeList) ==========
DRV - [2011/08/06 15:47:45 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzg0ntay.sys -- (uzg0ntay)
DRV - [2011/08/03 21:11:21 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\93306840.sys -- (93306840)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/19 20:08:57 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/09/17 23:35:02 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/17 23:35:00 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 11:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/11/20 18:35:48 | 000,049,792 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/04/10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/29 16:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/27 03:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2007/02/07 11:23:20 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/02/07 11:22:46 | 000,100,495 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/02/02 09:03:26 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/17 10:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 10:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/10/09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/09/19 09:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/11/28 15:16:54 | 000,047,104 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2003/09/30 17:59:00 | 000,018,167 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 51 D1 01 54 20 48 4A B1 2A 6B B8 6C 46 06 9D [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1069
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/12/01 11:41:27 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/09/04 11:03:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [CTRegRun] C:\WINDOWS\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1249578669046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 () - http://thumbp1.mail....f=510&fid=Inbox
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 16:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 08:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/06 16:11:00 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/09/04 13:09:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/04 13:04:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/09/04 12:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/04 12:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/04 10:33:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/04 10:33:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/04 10:33:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/04 10:33:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/01 16:07:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/14 14:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/08/14 14:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpeedFan
[2011/08/12 14:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/12 14:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/09/06 16:21:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/06 16:20:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/06 16:20:45 | 469,028,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/06 16:18:11 | 000,007,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2011/09/04 13:03:16 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/09/04 12:46:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2011/09/04 11:24:07 | 085,359,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/04 11:03:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/04 10:33:31 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/08/14 14:27:56 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2011/08/14 14:27:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/14 14:13:58 | 003,397,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SINO.exe
[2011/08/14 14:12:50 | 002,096,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\installspeedfan444.exe
[2011/08/07 23:54:02 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/04 10:33:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/04 10:33:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/04 10:33:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/04 10:33:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/04 10:33:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/04 10:33:31 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/08/14 14:38:17 | 003,397,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SINO.exe
[2011/08/14 14:38:17 | 002,096,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\installspeedfan444.exe
[2011/08/14 14:27:56 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2011/08/14 14:27:50 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/06 15:47:45 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzg0ntay.sys
[2010/09/28 19:33:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/18 10:37:14 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2010/06/02 16:57:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/03 20:21:08 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/12/13 20:11:49 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-6K9VV.exe
[2009/12/08 15:37:40 | 000,077,404 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/11/22 16:39:00 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/09/11 19:50:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2009/08/23 16:28:06 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/08/11 17:29:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/10 17:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/22 14:38:17 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/02/22 14:38:16 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/29 10:35:09 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html
[2008/09/02 14:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/08/11 14:12:55 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2008/08/11 14:12:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2008/07/23 10:48:46 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/16 15:20:47 | 000,007,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2008/07/16 15:15:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/07/01 19:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/30 16:53:14 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/01/23 19:13:15 | 000,002,573 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/01/23 19:13:15 | 000,000,189 | ---- | C] () -- C:\WINDOWS\TNGTP7.ini
[2008/01/18 22:44:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/18 22:44:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/18 22:44:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/18 22:44:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/18 22:44:11 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/18 22:44:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/04 09:16:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2007/02/07 11:22:46 | 000,100,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2007/02/02 08:40:12 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/01/30 05:21:34 | 000,128,813 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2004/08/07 06:19:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:14:52 | 000,455,764 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:14:52 | 000,075,712 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:07:40 | 000,340,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 06:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:59:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/23 05:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 07:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/08 17:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/05/06 19:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/07/24 06:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2010/10/08 19:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2008/07/21 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2009/02/15 19:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle FaceCreator
[2009/07/05 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle Puzzle and Board Games
[2010/08/15 10:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ifud
[2008/01/19 03:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2009/07/24 15:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PopCapv1002
[2009/10/03 19:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PopCapv1005eni
[2007/10/04 10:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/07/16 15:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2011/09/06 16:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/09/17 23:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Votaqe
[2009/04/08 18:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wal-Mart Digital Photo Viewer
[2008/06/28 15:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/09/17 23:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/16 10:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/05/19 20:22:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/12 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/07/28 17:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/06/11 16:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/31 15:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCapv1005
[2009/07/28 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/05/26 23:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/14 15:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/12 12:10:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2010/07/12 12:09:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C17AF831-2435-4E42-AE5D-EF8ACAC1285F}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
TDSSKiller.2.5.19.0_06.09.2011_16.11.27_log.txt 45.39KB
97 downloads
OTL.Txt 64.33KB
90 downloadsOTL logfile created on: 9/6/2011 4:24:41 PM - Run 5
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
447.23 Mb Total Physical Memory | 83.23 Mb Available Physical Memory | 18.61% Memory free
977.39 Mb Paging File | 566.61 Mb Available in Paging File | 57.97% Paging File free
Paging file location(s): C:\pagefile.sys 600 670 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 64.78 Gb Total Space | 22.22 Gb Free Space | 34.29% Space Free | Partition Type: NTFS
Drive E: | 9.74 Gb Total Space | 0.44 Gb Free Space | 4.50% Space Free | Partition Type: NTFS
Drive F: | 1.87 Gb Total Space | 0.00 Gb Free Space | 0.26% Space Free | Partition Type: FAT
Computer Name: GERT | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/08/01 16:18:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/05/19 20:08:59 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/12/01 11:39:58 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/27 22:30:48 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/09/17 23:34:36 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/09/17 23:34:35 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/09/17 23:34:31 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/09/17 23:34:22 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/08/12 20:49:30 | 000,405,504 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Software Update 3\SoftAuto.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe
PRC - [2007/03/29 17:50:50 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/02/06 18:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (SafeList) ==========
MOD - [2011/08/01 16:18:45 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2007/02/25 20:49:00 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (Spooler)
SRV - File not found [Auto | Stopped] -- -- (seclogon32)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/09/17 23:34:31 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/09/17 23:34:22 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/05/21 21:21:18 | 000,248,832 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/08/26 19:02:24 | 000,014,336 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/05/21 04:42:56 | 000,064,000 | ---- | M] (Creative Technology Ltd) [On_Demand | Stopped] -- C:\Program Files\Creative\Creative Centrale\CTUPnPSv.exe -- (CTUPnPSv)
SRV - [2007/05/08 08:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007/04/01 23:15:40 | 000,061,440 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTDevSrv.exe -- (CTDevice_Srv)
SRV - [2007/03/29 17:50:50 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/02/06 18:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/06/21 22:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
========== Driver Services (SafeList) ==========
DRV - [2011/08/06 15:47:45 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzg0ntay.sys -- (uzg0ntay)
DRV - [2011/08/03 21:11:21 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\93306840.sys -- (93306840)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/05/19 20:08:57 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2011/03/18 09:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/09/17 23:35:02 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/09/17 23:35:00 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/10/23 01:58:36 | 001,391,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/28 20:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/13 11:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/11/20 18:35:48 | 000,049,792 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2007/04/10 15:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/03/29 16:54:00 | 000,013,696 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/02/27 03:21:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2007/02/07 11:23:20 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/02/07 11:22:46 | 000,100,495 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/02/02 09:03:26 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/10/17 10:59:06 | 000,022,016 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2006/10/17 10:57:58 | 000,017,920 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2006/10/09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2006/09/19 09:58:58 | 000,036,608 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/09/19 14:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2003/11/28 15:16:54 | 000,047,104 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2003/09/30 17:59:00 | 000,018,167 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2001/08/17 12:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [1996/04/03 12:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 51 D1 01 54 20 48 4A B1 2A 6B B8 6C 46 06 9D [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1069
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/12/01 11:41:27 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011/09/04 11:03:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKCU..\Run: [CTRegRun] C:\WINDOWS\Ctregrun.exe (Creative Technology Ltd )
O4 - HKCU..\Run: [SoftAuto.exe] C:\Program Files\Creative\Software Update 3\SoftAuto.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O15 - HKCU\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1249578669046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\OneCard: DllName - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Cognizance Corporation)
O24 - Desktop Components:0 () - http://thumbp1.mail....f=510&fid=Inbox
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 16:07:00 | 000,000,000 | -HS- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 08:01:00 | 000,000,053 | -HS- | M] () - E:\AUTORUN.FCB -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/09/06 16:11:00 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/09/04 13:09:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/09/04 13:04:37 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/09/04 12:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/09/04 12:49:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/09/04 10:33:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/04 10:33:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/04 10:33:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/04 10:33:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/01 16:07:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/14 14:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2011/08/14 14:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\SpeedFan
[2011/08/12 14:05:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/12 14:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/09/06 19:25:42 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/09/06 16:21:54 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/09/06 16:20:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/09/06 16:20:45 | 469,028,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/06 16:18:11 | 000,007,064 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2011/09/04 13:03:16 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2011/09/04 12:46:18 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2011/09/04 11:24:07 | 085,359,210 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/09/04 11:03:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/09/04 10:33:31 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/08/14 14:27:56 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2011/08/14 14:27:53 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/14 14:13:58 | 003,397,256 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SINO.exe
[2011/08/14 14:12:50 | 002,096,600 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\installspeedfan444.exe
[2011/08/07 23:54:02 | 000,088,576 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/09/04 10:33:35 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/04 10:33:35 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/04 10:33:35 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/04 10:33:35 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/04 10:33:35 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/04 10:33:31 | 000,000,387 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/08/14 14:38:17 | 003,397,256 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SINO.exe
[2011/08/14 14:38:17 | 002,096,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\installspeedfan444.exe
[2011/08/14 14:27:56 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SpeedFan.lnk
[2011/08/14 14:27:50 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2011/08/06 15:47:45 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzg0ntay.sys
[2010/09/28 19:33:11 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\prvlcl.dat
[2010/06/18 10:37:14 | 000,011,254 | ---- | C] () -- C:\WINDOWS\System32\locate.com
[2010/06/02 16:57:47 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/03 20:21:08 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2009/12/13 20:11:49 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-6K9VV.exe
[2009/12/08 15:37:40 | 000,077,404 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/11/22 16:39:00 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/09/11 19:50:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcf.INI
[2009/08/23 16:28:06 | 000,010,563 | R--- | C] () -- C:\WINDOWS\hpwscr19.dat
[2009/08/11 17:29:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/10 17:58:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/22 14:38:17 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/02/22 14:38:16 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/12/29 10:35:09 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\FASTWiz.html
[2008/09/02 14:28:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2008/08/11 14:12:55 | 000,028,768 | ---- | C] () -- C:\WINDOWS\System32\PopWait.exe
[2008/08/11 14:12:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\RegHero.exe
[2008/07/23 10:48:46 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/16 15:20:47 | 000,007,064 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\wklnhst.dat
[2008/07/16 15:15:24 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/07/01 19:20:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/03/30 16:53:14 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2008/01/23 19:13:15 | 000,002,573 | ---- | C] () -- C:\WINDOWS\WAVEMIX.INI
[2008/01/23 19:13:15 | 000,000,189 | ---- | C] () -- C:\WINDOWS\TNGTP7.ini
[2008/01/18 22:44:11 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/01/18 22:44:11 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/01/18 22:44:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/01/18 22:44:11 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/01/18 22:44:11 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/01/18 22:44:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2007/10/04 09:16:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2007/02/07 11:22:46 | 000,100,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2007/02/02 08:40:12 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/01/30 05:21:34 | 000,128,813 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2004/08/07 06:19:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 06:19:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:14:52 | 000,455,764 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 06:14:52 | 000,075,712 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 06:12:40 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:07:40 | 000,340,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 06:02:46 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 05:59:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/23 05:14:42 | 001,099,264 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2003/08/10 07:59:20 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2003/08/08 17:28:16 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2002/05/28 01:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 01:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1998/10/11 00:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1998/05/06 19:10:00 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[1996/04/03 12:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2010/07/24 06:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2010/10/08 19:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2008/07/21 18:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\gtk-2.0
[2009/02/15 19:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle FaceCreator
[2009/07/05 17:26:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Hoyle Puzzle and Board Games
[2010/08/15 10:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ifud
[2008/01/19 03:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2009/07/24 15:22:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PopCapv1002
[2009/10/03 19:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PopCapv1005eni
[2007/10/04 10:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2008/07/16 15:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Template
[2011/09/06 16:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/09/17 23:57:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Votaqe
[2009/04/08 18:13:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wal-Mart Digital Photo Viewer
[2008/06/28 15:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2010/09/17 23:34:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/16 10:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2011/05/19 20:22:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/01/12 14:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2009/07/28 17:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/06/11 16:10:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/07/31 15:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCapv1005
[2009/07/28 17:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games
[2010/05/26 23:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/02/14 15:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/12 12:10:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{26D901A1-2540-4430-81DC-0317F01BD7BE}
[2010/07/12 12:09:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C17AF831-2435-4E42-AE5D-EF8ACAC1285F}
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
< End of report >
#65
Posted 07 September 2011 - 11:18 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Now that the MBR bootkit is cleared we can try to repair the damage.. When you try to connect to the net what error do you get ?
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 51 D1 01 54 20 48 4A B1 2A 6B B8 6C 46 06 9D [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1069
:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot] - Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
#66
Posted 07 September 2011 - 01:51 PM
Garrett33
- Topic Starter
-
- Member
-
- 48 posts
Member
And now it's working again.. I check it just about every time I do one of these steps. It doesn't give me an error, IE just says can't display the webpage. I click on the wireless icon and the packets are frozen and so is the time. Turning it off then back on doesn't work, and I can't connect to a new connection either because it says windows isn't managing my wireless connections (even though it really is lol)
Here's the OTL Log
09072011_122500.log 1.34KB
90 downloads
Here's the OTL Log
09072011_122500.log 1.34KB
90 downloads
#67
Posted 07 September 2011 - 01:54 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Ooops looks like you missed the colon before the OTL or you pressed run scan instead - could you retry the fix pleaseError: Unable to interpret <:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C1 51 D1 01 54 20 48 4A B1 2A 6B B8 6C 46 06 9D [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1069
#68
Posted 07 September 2011 - 03:55 PM
Garrett33
- Topic Starter
-
- Member
-
- 48 posts
Member
Sorry about that. When do you think it will be alright to download firefox again?
09072011_143623new.log 5.28KB
101 downloads
09072011_143623new.log 5.28KB
101 downloads
#69
Posted 07 September 2011 - 04:05 PM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes install the latest version, then let me know of any further problems
#70
Posted 07 September 2011 - 05:17 PM
Garrett33
- Topic Starter
-
- Member
-
- 48 posts
Member
Everything seems to be in perfect working order once again. Can I run CCleaner, defrag, and install the windows updates?
#71
Posted 08 September 2011 - 10:41 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Yes try windows updates and let me know the result. I will remove the tools and clear your temp files now
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
Remove ComboFix
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
- Then click the Run Fix button at the top
- Let the program run unhindered, reboot the PC when it is done
Remove ComboFix
- Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
- In the Run box, type in ComboFix /Uninstall
(Notice the space between the "x" and "/")
then click OK
- Follow the prompts on the screen
- A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site and click Do I have Java
- It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Malwarebytes. Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe
#72
Posted 10 September 2011 - 08:47 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
#73
Posted 11 September 2011 - 03:08 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
User returned
#74
Posted 11 September 2011 - 11:05 AM
Garrett33
- Topic Starter
-
- Member
-
- 48 posts
Member
Just a few questions and concerns.
First, I can't figure out how to install the AMD Catalyst. I download it and follow the steps to install it. Then I can't find it anywhere. Filehippo still says it needs to be updated.
Second, in the first picture it says I need to download an Nvidia driver but I don't have any Nvidia hardware. (that I'm aware of?) So I downloaded it and try to install the driver and I get this error message.
So I decide to check out the device manager and as you can see my display driver has a little red X by it.
And finally, I just installed a windows update. Upon rebooting the system my display settings were changed. The screen resolution was set to the lowest setting, my desktop icons were rearranged, and the screen is very fuzzy. I can't figure out how to correct it without restoring the system.
I apologize for all of this. Just when we thought it was over
First, I can't figure out how to install the AMD Catalyst. I download it and follow the steps to install it. Then I can't find it anywhere. Filehippo still says it needs to be updated.
Second, in the first picture it says I need to download an Nvidia driver but I don't have any Nvidia hardware. (that I'm aware of?) So I downloaded it and try to install the driver and I get this error message.
So I decide to check out the device manager and as you can see my display driver has a little red X by it.
And finally, I just installed a windows update. Upon rebooting the system my display settings were changed. The screen resolution was set to the lowest setting, my desktop icons were rearranged, and the screen is very fuzzy. I can't figure out how to correct it without restoring the system.
I apologize for all of this. Just when we thought it was over
#75
Posted 11 September 2011 - 11:26 AM
Essexboy
-
- Retired Staff
-
- 69,964 posts
GeekU Moderator
Download and install the radeon drive as that is the correct one, if it fails let me know and we will reset the driver
Then you will need to reset the display settings in windows do you know how to do this ? http://www.helpwithp...tion-win-xp.htm
Then you will need to reset the display settings in windows do you know how to do this ? http://www.helpwithp...tion-win-xp.htm
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
