Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Some new form of virus or a hoard of them, various symptoms.


  • Please log in to reply

#1
Im somewhat new here

Im somewhat new here

    New Member

  • Member
  • Pip
  • 5 posts
Recently after doing a system restore on my computer I got a weird message about "secrets" on my computer which I ignored not sure if it has something to do with anything but hey: [will insert screenshot I took of message shortly]

A few minutes later I looked at my processes and noticed a weird new one called: 3777720786:764335134.exe which is running as I type this.

I then tried to use process explorer to try and see what source was this process coming from only to get this message: 'Windows cannot access the specified device, path, or file. You may not have the appropiate permissions to access the item'
[i will insert a screenshot i took of this shortly]

After this occurred I tried going to TSSDKiller to see if it could find anything, it opened, scanned for a short while, and I noticed when it got to the '3777720786:764335134.exe' it cut off, and suddenly whenever I tried clicking it, I got the same 'Windows cannot access..." message that I got with the process explorer.

I tried scanning with AVG, but for some reason it said none of my components were there

Someone in the chat suggested I use rkill to kill any malware that may have been blocking my removal and scanning tools, in the end, rkill didn't kill anything, it said there was nothing to be killed (Under the "Processes killed:" area, it was blank)

Other symptoms I have are google redirections, and yes I've already followed the tutorial on trying to fix this problem, but when I got to the TSSDKiller, sadly, I couldn't open it, because the "Windows cannot access..." Message appeared.


And now for the log:

OTL logfile created on: 8/24/2011 11:57:36 AM - Run 2
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
381.58 Mb Total Physical Memory | 29.88 Mb Available Physical Memory | 7.83% Memory free
1.04 Gb Paging File | 0.10 Gb Available in Paging File | 9.70% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.60 Gb Total Space | 15.14 Gb Free Space | 10.69% Space Free | Partition Type: NTFS
 
Computer Name: OWNER-BE108C261 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - File not found -- C:\WINDOWS\3777720786:764335134.exe
PRC - [2011/08/24 11:55:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL(2).exe
PRC - [2011/08/17 12:34:49 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/15 08:44:50 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/11/24 09:08:09 | 000,725,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/02 22:32:19 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/07/15 09:58:57 | 000,515,424 | ---- | M] () -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/15 09:57:42 | 001,101,152 | ---- | M] () -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/07/15 12:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/07/15 12:13:04 | 000,112,936 | ---- | M] () -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2008/11/10 15:33:56 | 001,605,632 | ---- | M] (Philips) -- C:\Program Files\Philips\SA3020 Device Manager\SA3020_DeviceManager.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
PRC - [2006/08/25 14:01:54 | 010,018,816 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2011/08/17 12:34:53 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/08/12 13:21:58 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/12 13:18:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/12 13:18:50 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/12 13:18:22 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/12 13:13:03 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/12 13:08:41 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/06/22 13:31:06 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/05/18 11:53:44 | 001,496,576 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 11:53:44 | 000,346,112 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010/11/24 09:08:09 | 000,725,344 | ---- | M] () -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
MOD - [2010/09/02 22:25:28 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/07/15 09:58:57 | 000,515,424 | ---- | M] () -- C:\Program Files\AVG\AVG9\avgrsx.exe
MOD - [2010/07/15 09:57:42 | 001,101,152 | ---- | M] () -- C:\Program Files\AVG\AVG9\avgchsvx.exe
MOD - [2010/02/05 14:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/08/16 18:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/07/15 12:13:04 | 000,112,936 | ---- | M] () -- C:\Program Files\WTouch\WTouchService.exe
MOD - [2008/11/10 11:24:32 | 000,135,168 | ---- | M] () -- C:\Program Files\Philips\SA3020 Device Manager\Scsi_nt.dll
MOD - [2008/06/20 12:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2007/05/30 06:12:16 | 000,040,960 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Core.dll
MOD - [2007/05/30 06:12:16 | 000,028,672 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.Monitor.Common.dll
MOD - [2007/05/30 06:11:22 | 000,057,344 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.dll
MOD - [2007/04/30 09:20:26 | 000,011,776 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
MOD - [2007/04/30 09:19:54 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\lxddamon.exe
MOD - [2007/04/30 09:19:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.ScanDevMon.dll
MOD - [2007/04/30 09:19:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Lexmark 2500 Series\App4R.DevMons.NetworkCardDevMon.dll
MOD - [2007/02/27 06:16:26 | 000,103,936 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdddrpp.dll
MOD - [2007/01/23 20:40:04 | 000,065,536 | ---- | M] () -- C:\WINDOWS\system32\lxddcaps.dll
MOD - [2007/01/09 18:13:08 | 000,692,224 | ---- | M] () -- C:\WINDOWS\system32\lxdddrs.dll
MOD - [2006/10/06 18:08:04 | 000,069,632 | ---- | M] () -- C:\WINDOWS\system32\lxddcnv4.dll
MOD - [2006/08/25 12:20:06 | 000,049,152 | ---- | M] () -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\WlanDll.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (WmiApSrv32)
SRV - File not found [Auto | Stopped] --  -- (winmgmt32)
SRV - File not found [Auto | Stopped] --  -- (W32Time32)
SRV - File not found [Auto | Stopped] --  -- (TrkWks32)
SRV - File not found [Auto | Stopped] --  -- (SwPrv32)
SRV - File not found [Auto | Stopped] --  -- (SSDPSRV32)
SRV - File not found [Auto | Stopped] --  -- (Spooler32)
SRV - File not found [Auto | Stopped] --  -- (NetDDEdsdm32)
SRV - File not found [Auto | Stopped] --  -- (LmHosts32)
SRV - File not found [Auto | Stopped] --  -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Auto | Stopped] --  -- (ehSched32)
SRV - File not found [Auto | Stopped] --  -- (avg9emc32)
SRV - [2010/07/21 01:34:03 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 09:58:51 | 000,308,136 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/07/15 12:13:04 | 000,112,936 | ---- | M] () [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 12:13:02 | 004,408,616 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2007/05/25 10:41:54 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxddserv.exe -- (lxddCATSCustConnectService)
SRV - [2007/05/25 10:41:38 | 000,537,520 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\lxddcoms.exe -- (lxdd_device)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/05/05 09:39:50 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/11/15 20:47:32 | 000,125,056 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftdisk.sys -- (Ftdisk)
DRV - [2010/08/08 16:55:27 | 000,020,480 | ---- | M] (NT Kernel Resources) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndisrd.sys -- (ndisrd)
DRV - [2010/07/15 09:57:45 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 08:34:15 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/06 19:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/19 17:49:22 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/01/30 17:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/22 00:49:58 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/22 00:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/08/05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/04/13 14:40:46 | 000,062,976 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrom.sys -- (Cdrom)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 20:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/08/23 04:07:10 | 000,476,544 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245)
DRV - [2006/01/04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:10 | 000,231,168 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2002/02/19 14:34:18 | 000,072,576 | R--- | M] (The LinkSys Group, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netusbxp.sys -- (USBNET_XP)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B8 98 B8 09 EA 0C CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 68 28 16 09 61 C1 12 45 B9 AC 38 12 45 DA F4 40  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54202
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20110214
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: {f86e6264-e877-5fce-c3e4-8668a7d99da2}:1.9.2
FF - prefs.js..extensions.enabledItems: {e243e30b-b588-49f9-b976-637ecbb18bc1}:1.0
FF - prefs.js..keyword.URL: "http://search.search-go.net/?sid=10101054100&s="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54202
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.29\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Owner\Application Data\Move Networks\plugins\npqmp071503000010.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/19 18:35:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 12:35:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Owner\Application Data\Move Networks [2010/01/05 05:58:51 | 000,000,000 | ---D | M]
 
[2009/11/05 18:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/08/24 11:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions
[2011/03/18 06:45:55 | 000,000,000 | ---D | M] ("tektek.org GaiaOnline Toolbar 2.1") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2010/06/24 08:06:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/17 12:36:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/06/15 14:09:55 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011/08/24 11:53:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{e243e30b-b588-49f9-b976-637ecbb18bc1}
[2011/06/02 10:56:09 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/01/08 11:51:36 | 000,000,000 | ---D | M] ([bleep] XPCOM) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{f86e6264-e877-5fce-c3e4-8668a7d99da2}
[2009/12/13 17:18:52 | 000,002,171 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\searchplugins\bing.xml
[2011/08/24 03:48:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/05 05:58:51 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOVE NETWORKS
[2009/10/27 13:19:06 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/05/31 20:32:58 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
 
O1 HOSTS File: ([2011/08/24 06:39:25 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (no name) - {09162868-C161-4512-B9AC-381245DAF440} - C:\WINDOWS\system32\Audio3D32.dll (People Can Fly)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  File not found
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  File not found
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [lxddamon] C:\Program Files\Lexmark 2500 Series\lxddamon.exe ()
O4 - HKLM..\Run: [lxddmon.exe] C:\Program Files\Lexmark 2500 Series\lxddmon.exe ()
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips SA3020 Device Manager.lnk = C:\Program Files\Philips\SA3020 Device Manager\SA3020_DeviceManager.exe (Philips)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe ( )
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\GigaTribe.lnk = C:\Program Files\GigaTribe\gigatribe.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1256594933468 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Diagnostics ActiveX WebControl)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\msdtcprx32.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/25 11:46:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8177a52d-4532-11df-ba6c-00195b04c29a}\Shell - "" = AutoRun
O33 - MountPoints2\{8177a52d-4532-11df-ba6c-00195b04c29a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8177a52d-4532-11df-ba6c-00195b04c29a}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8177a52e-4532-11df-ba6c-00195b04c29a}\Shell - "" = AutoRun
O33 - MountPoints2\{8177a52e-4532-11df-ba6c-00195b04c29a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8177a52e-4532-11df-ba6c-00195b04c29a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mNhOW.Exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/08/24 11:55:24 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL(2).exe
[2011/08/24 06:39:13 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/08/24 06:37:56 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2011/08/24 05:28:00 | 000,078,040 | ---- | C] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmd.sys
[2011/08/16 14:17:47 | 000,328,704 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\Audio3D32.dll
[2011/08/02 22:42:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/01/23 13:29:20 | 000,827,884 | ---- | C] (                                                                                                    ) -- C:\WINDOWS\System32\regw2.exe
[2009/11/28 09:37:14 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDDhcp.dll
[2009/11/28 09:37:13 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddinpa.dll
[2009/11/28 09:37:13 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddiesc.dll
[2009/11/28 09:37:12 | 000,999,424 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddusb1.dll
[2009/11/28 09:37:11 | 001,232,896 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddserv.dll
[2009/11/28 09:37:11 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddprox.dll
[2009/11/28 09:37:10 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpmui.dll
[2009/11/28 09:37:10 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddpplc.dll
[2009/11/28 09:37:09 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddlmpm.dll
[2009/11/28 09:37:05 | 000,700,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddhbn3.dll
[2009/11/28 09:37:05 | 000,385,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddih.exe
[2009/11/28 09:36:58 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomm.dll
[2009/11/28 09:36:57 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcomc.dll
[2009/11/28 09:36:57 | 000,394,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxddcfg.exe
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/08/24 11:55:19 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL(2).exe
[2011/08/24 11:42:45 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-2139871995-1417001333-1003UA.job
[2011/08/24 11:41:23 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/24 07:38:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/24 07:38:12 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\lexcqmhdca.job
[2011/08/24 07:37:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3777720786
[2011/08/24 07:37:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/24 06:37:53 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTM.exe
[2011/08/24 05:42:12 | 000,162,304 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/24 05:28:01 | 000,078,040 | ---- | M] (Kaspersky Lab, SLA) -- C:\WINDOWS\System32\drivers\klmd.sys
[2011/08/23 16:42:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-2139871995-1417001333-1003Core.job
[2011/08/23 08:14:12 | 084,429,051 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/08/23 07:47:31 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/23 07:47:28 | 000,002,289 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/08/22 18:06:00 | 000,886,784 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/08/19 22:10:12 | 000,000,089 | ---- | M] () -- C:\WINDOWS\System32\2059786654
[2011/08/18 19:27:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/16 14:17:47 | 000,328,704 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\Audio3D32.dll
[2011/08/12 13:09:45 | 000,471,628 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/12 13:09:45 | 000,083,692 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/12 13:04:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/06 11:48:24 | 002,042,344 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/08/01 18:23:08 | 000,052,005 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\HNI_0034.JPG
[2011/08/01 00:46:24 | 000,000,354 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\myreg.reg
[2011/07/27 09:26:23 | 000,009,578 | ---- | M] () -- C:\Documents and Settings\All Users\lxdd
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/08/24 06:47:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\3777720786
[2011/08/22 18:05:58 | 000,886,784 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/08/04 12:14:50 | 000,052,005 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\HNI_0034.JPG
[2011/08/01 00:46:24 | 000,000,354 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\myreg.reg
[2011/07/22 09:34:25 | 000,003,324 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\471E.CA2
[2011/06/30 04:40:45 | 000,002,636 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\j358235v3y72hs575706setp1jq4j7wse0gh6
[2011/06/30 04:40:45 | 000,002,636 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\j358235v3y72hs575706setp1jq4j7wse0gh6
[2011/05/11 19:38:36 | 000,019,108 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\m4uwwspf141es41043587t4u4003b51
[2011/05/11 19:38:36 | 000,019,108 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\m4uwwspf141es41043587t4u4003b51
[2011/04/17 13:54:33 | 000,013,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\g16r310x1s5w1biuv7
[2011/04/17 13:54:32 | 000,013,612 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\g16r310x1s5w1biuv7
[2011/03/25 17:36:50 | 000,013,950 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\74r43ey6o25187
[2011/03/25 17:36:50 | 000,013,950 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\74r43ey6o25187
[2011/01/19 09:50:32 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\gdi325.dll
[2010/11/16 14:23:07 | 000,000,186 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/11/13 12:21:59 | 000,000,494 | ---- | C] () -- C:\WINDOWS\System32\lxddplc.ini
[2010/08/08 16:58:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Eketusov.bin
[2010/08/08 16:58:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpidocukalibikix.dat
[2010/07/21 01:01:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlffft.sys
[2010/04/24 12:33:44 | 000,028,852 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/13 18:54:13 | 004,408,616 | ---- | C] () -- C:\WINDOWS\System32\Pen_Tablet.exe
[2009/11/28 09:46:02 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxddvs.dll
[2009/11/28 09:45:51 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxddcoin.dll
[2009/11/28 09:41:39 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdddrs.dll
[2009/11/28 09:41:39 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxddcnv4.dll
[2009/11/28 09:41:39 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxddcaps.dll
[2009/11/28 09:38:44 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxddrwrd.ini
[2009/11/28 09:37:15 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\LXDDinst.dll
[2009/11/28 09:37:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxddgrd.dll
[2009/11/28 09:36:59 | 000,537,520 | ---- | C] () -- C:\WINDOWS\System32\lxddcoms.exe
[2009/11/28 04:55:15 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/11/14 21:44:54 | 000,162,304 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/07 16:41:36 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/05 22:13:26 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/11/05 18:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/10/25 17:30:52 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009/10/25 17:01:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/10/25 12:00:41 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2009/10/25 11:51:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/10/25 11:41:44 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/10/25 05:28:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/10/25 05:27:00 | 002,042,344 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,471,628 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,125,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\ftdisk.sys
[2004/08/10 07:00:00 | 000,083,692 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,062,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\cdrom.sys
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011/08/18 12:50:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2011/04/11 15:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bNn31001dPoNn31001
[2010/05/27 21:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2011/03/15 08:46:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/05/27 20:32:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/07/06 11:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/25 19:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2010/08/19 18:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2009/12/29 16:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/08/22 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Bitrix Security
[2011/08/18 05:06:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2011/07/22 01:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BlueFlare Antivirus
[2011/08/23 23:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2009/11/21 01:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0
[2010/11/13 12:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Lexmark Productivity Studio
[2010/11/26 02:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ManyCam
[2010/04/17 14:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2010/05/24 14:26:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2011/05/27 20:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Research In Motion
[2011/01/23 15:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2010/03/25 19:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SYSTEMAX Software Development
[2010/02/13 18:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\WTouch
[2011/08/24 07:38:12 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\Tasks\lexcqmhdca.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3777720786:764335134.exe

< End of report >

  • 0

Advertisements


#2
Im somewhat new here

Im somewhat new here

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Looking at this log I see:
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3777720786:764335134.exe

isnt 'alternate data stream' strange?
  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
You should never answer your own post. We look for unanswered posts to work on and when you answer them yourself they fall off the radar.

In answer to your question:
isnt 'alternate data stream' strange?

It's not unusual to see some alternate data streams but in your case it's definitely a sign of an infection.

Please check this line in your OTL log:
[2011/01/08 11:51:36 | 000,000,000 | ---D | M] ([bleep] XPCOM) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{f86e6264-e877-5fce-c3e4-8668a7d99da2}

It looks to me like the forum software might be censoring us so if it doesn't say "bleep" please replace the bleep with whatever evil word that is supposed to be there in the following before you press the Run Fix button.


Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:54202
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20110214
FF - prefs.js..extensions.enabledItems: {f86e6264-e877-5fce-c3e4-8668a7d99da2}:1.9.2
FF - prefs.js..extensions.enabledItems: {e243e30b-b588-49f9-b976-637ecbb18bc1}:1.0
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 54202
[2011/03/18 06:45:55 | 000,000,000 | ---D | M] ("tektek.org GaiaOnline Toolbar 2.1") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2011/08/24 11:53:56 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{e243e30b-b588-49f9-b976-637ecbb18bc1}
[2011/01/08 11:51:36 | 000,000,000 | ---D | M] ([bleep] XPCOM) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\vm99jj98.default\extensions\{f86e6264-e877-5fce-c3e4-8668a7d99da2}
O2 - BHO: (no name) - {09162868-C161-4512-B9AC-381245DAF440} - C:\WINDOWS\system32\Audio3D32.dll (People Can Fly)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} -  File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -  File not found
O4 - HKCU..\Run: [msnmsgr]  File not found
10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 -  File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O20 - AppInit_DLLs: (C:\WINDOWS\system32\msdtcprx32.dll) -  File not found
O33 - MountPoints2\{8177a52d-4532-11df-ba6c-00195b04c29a}\Shell - "" = AutoRun
O33 - MountPoints2\{8177a52d-4532-11df-ba6c-00195b04c29a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8177a52d-4532-11df-ba6c-00195b04c29a}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8177a52e-4532-11df-ba6c-00195b04c29a}\Shell - "" = AutoRun
O33 - MountPoints2\{8177a52e-4532-11df-ba6c-00195b04c29a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8177a52e-4532-11df-ba6c-00195b04c29a}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mNhOW.Exe
[2011/08/16 14:17:47 | 000,328,704 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\Audio3D32.dll
[2011/08/02 22:42:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\ftpcache
[2011/01/23 13:29:20 | 000,827,884 | ---- | C] (                                                                                                    ) -- C:\WINDOWS\System32\regw2.exe
[2011/08/24 11:42:45 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-2139871995-1417001333-1003UA.job
[2011/08/24 07:38:12 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\lexcqmhdca.job
[2011/08/24 07:37:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\3777720786
[2011/08/23 16:42:01 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-2139871995-1417001333-1003Core.job
[2011/08/22 18:06:00 | 000,886,784 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/08/19 22:10:12 | 000,000,089 | ---- | M] () -- C:\WINDOWS\System32\2059786654
[2011/08/18 19:27:06 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/16 14:17:47 | 000,328,704 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\Audio3D32.dll
[2011/07/22 09:34:25 | 000,003,324 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\471E.CA2
[2011/06/30 04:40:45 | 000,002,636 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\j358235v3y72hs575706setp1jq4j7wse0gh6
[2011/06/30 04:40:45 | 000,002,636 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\j358235v3y72hs575706setp1jq4j7wse0gh6
[2011/05/11 19:38:36 | 000,019,108 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\m4uwwspf141es41043587t4u4003b51
[2011/05/11 19:38:36 | 000,019,108 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\m4uwwspf141es41043587t4u4003b51
[2011/04/17 13:54:33 | 000,013,612 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\g16r310x1s5w1biuv7
[2011/04/17 13:54:32 | 000,013,612 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\g16r310x1s5w1biuv7
[2011/03/25 17:36:50 | 000,013,950 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\74r43ey6o25187
[2011/03/25 17:36:50 | 000,013,950 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\74r43ey6o25187
[2011/01/19 09:50:32 | 000,098,304 | RHS- | C] () -- C:\WINDOWS\System32\gdi325.dll
[2010/08/08 16:58:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Eketusov.bin
[2010/08/08 16:58:50 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jpidocukalibikix.dat
[2010/07/21 01:01:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\hlffft.sys
[2011/04/11 15:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\bNn31001dPoNn31001
@Alternate Data Stream - 816 bytes -> C:\WINDOWS\3777720786:764335134.exe

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
   
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.




Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP