Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cant run OTL


  • Please log in to reply

#46
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
There is no spc log in XP. The main thing is that it went all the way through. It checks your critical system files to make sure they are OK and can replace them if they are not. Appears the reset.cmd fix actually worked so there was a problem with your permissions.

Have you tried OTL since you ran reset.cmd?

Ron
  • 0

Advertisements


#47
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
not in its regular state but i was able to run it as the dds download
  • 0

#48
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
still cant eliminate the search settings remnant either but comp is working ok
  • 0

#49
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
tried delrting /redownloading as otl.scr and still get message otl has encountered a prob and needs to close then i click ok and then get a app error eolesys error in module otl.scr then the otl.com download sayd error class not registered ?

Edited by snowysdad43, 07 November 2011 - 11:14 PM.

  • 0

#50
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
retiring for the night thanks for all your help today ron talk to you tommorow :)
  • 0

#51
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
hi ron do you think i should just quitr while i am ahead ?
  • 0

#52
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Sounds like you are ready to give up on it. It's not malware anyway. Just something that is broken. The Installer Cleanup program would be your best bet if you could get it to run.



We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 27 or 7 update 0). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.


Ron
  • 0

#53
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
hi ron i screwed this all up i ran the reset cmd again it ran and only 3 items failed but now i have no task bar or start menu i can access control panel then opened system restore but it doesnt work im srewed arent i
  • 0

#54
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
OK RESTARTED AGAIN AND I HAVE START MENU BUT CANNOT DO A SYSTEM RESTORE
I DONT KNOW ILL TRY YOU TOMMOROW AFTER WORK THANKS RON

sorry did not realize caps were on i am not yelling :yes: to the contrary i am getting depressed now that i realize i messed this up sorry i did not ask you first before doing "anything" i now am running system restore and hope it will work
p.s. i am now on my laptop as the broken (by me ) machine will not access internet at this time :)
will be back around 5 pm eastern us time today
thanks ron

Edited by snowysdad43, 09 November 2011 - 07:06 AM.

  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, (Tools or the Firefox button), Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Restart and test. If still no good:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

ipconfig /flushdns

netsh  winsock  reset catalog


netsh  int ip reset reset.log


(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test. If it still doesn't work:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:

proxycfg  -d
ipconfig  /all
ipconfig  /release
ipconfig  /renew
ipconfig  /all


Report any errors you get and the IP addresses of the last ipconfig /all
  • 0

Advertisements


#56
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
ok ron after the ie and chrome resets ? i have internet again and am on the "broken machine "
thank you i still can t remove a couple things via add remove programs as far as firefox goes i tried to remove it also but nothing happens at all
at this point i dont even care about search settings thing any more
is there some basic prog i could run just to give you an idea if the machine looks generally healthy ?
  • 0

#57
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
Let's run Combofix again since OTL doesn't work for you.


ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
  • 0

#58
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
ComboFix 11-11-10.03 - Compaq_Owner 11/10/2011 20:06:06.10.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.189 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.COURTNEYSROOM.000\WINDOWS
c:\documents and settings\Administrator.COURTNEYSROOM\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Compaq_Owner\WINDOWS
c:\documents and settings\Courtney's\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\myaccount\WINDOWS
c:\program files\Avira\AntiVir Desktop\aerdl.dll
c:\program files\Avira\AntiVir Desktop\aesbx.dll
c:\program files\Avira\AntiVir Desktop\aescn.dll
c:\program files\Avira\AntiVir Desktop\FAILSAFE\aerdl.dll
c:\program files\Object
c:\program files\Object\config.ini
c:\program files\Object\facetheme\chrome.manifest
c:\program files\Object\facetheme\locale\en-US\sudoku.properties
c:\program files\Object\facetheme_uninstall.exe
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-318076011-3326807062-3348941121-1009(2)\INFO2
c:\recycler(2)\S-1-5-21-318076011-3326807062-3348941121-1011\INFO2
c:\windows\HPCPCUninstaller-6.3.2.116-5577497.exe
c:\windows\system32\config\systemprofile\WINDOWS
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Toolbar_Updater_Service
-------\Service_Toolbar Updater Service
.
.
((((((((((((((((((((((((( Files Created from 2011-10-11 to 2011-11-11 )))))))))))))))))))))))))))))))
.
.
2011-11-10 21:46 . 2011-11-10 21:46 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\PCHealth
2011-11-09 13:27 . 2011-11-09 13:27 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-09 13:26 . 2011-11-09 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2011-11-09 13:22 . 2011-11-09 13:22 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Runaware
2011-11-09 13:20 . 2011-11-09 13:20 -------- d-----w- c:\program files\Viewpoint
2011-11-09 13:19 . 2011-11-09 13:19 -------- d-----w- c:\program files\Windows Resource Kits
2011-11-09 13:11 . 2011-11-09 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2011-10-27 21:52 . 2011-10-27 21:55 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\Conduit
2011-10-27 21:51 . 2011-11-09 13:22 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\KompoZer
2011-10-27 21:51 . 2011-11-09 13:22 -------- d-----w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\IM
2011-10-27 21:50 . 2011-10-27 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\IM
2011-10-27 21:50 . 2011-10-27 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2008-12-22 18:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-29 03:09 . 2011-06-04 03:45 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 16:41 . 2008-07-29 23:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 16:41 . 2004-08-04 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 16:41 . 2004-08-04 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2008-12-22 18:35 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2008-12-22 18:33 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2008-12-22 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2008-12-22 18:34 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-08-22 23:48 . 2008-12-22 18:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-22 11:56 . 2008-12-22 18:36 385024 ----a-w- c:\windows\system32\html.iec
2011-08-17 13:49 . 2008-12-22 18:33 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-07-04 01:23 . 2011-07-04 01:06 20533281 -c--a-w- c:\program files\VLC.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2011-04-22 323392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HostManager"="c:\program files\Common Files\AOL\1230249116\ee\AOLSoftware.exe" [2009-07-20 41264]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-07-08 472112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 16010240]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"nwiz"="nwiz.exe" [2006-01-25 1519616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-25 7311360]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-06-17 180269]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-17 221184]
"ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-16 27136]
.
c:\documents and settings\Administrator.COURTNEYSROOM\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-16 27136]
.
c:\documents and settings\Administrator.COURTNEYSROOM.000\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-6-16 27136]
.
c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OneNote Table Of Contents.onetoc2 [2011-3-8 3656]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\1230249116\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\1230249116\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP Rhapsody\\rhapsody.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service
.
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-28 136360]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 01:37]
.
2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 01:37]
.
2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{4C224901-74F3-4B9A-ACF7-21DFFA1188AB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
2011-11-11 c:\windows\Tasks\User_Feed_Synchronization-{D9D5C556-3AD4-4C82-80C4-51CB5F825CF8}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.foxnews.com/
mStart Page = hxxp://www.yahoo.com/
IE: Save with Download Manager... - file://c:\program files\f.y.e. downloads unlimited\DMDownload.htm
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
TCP: DhcpNameServer = 192.168.0.1 192.168.3.1
DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} - hxxp://aolsvc.aol.com/onlinegames/ghadventureball/abxgh.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://aolsvc.aol.com/onlinegames/free-trial-delicious-winter-edition/zylomplayer.cab
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\paq1dsxb.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
Toolbar-Locked - (no file)
AddRemove-facetheme - c:\program files\Object\facetheme_uninstall.exe
AddRemove-StartNow Toolbar - c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-10 20:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{7B849a69-220F-451E-B3FE-2CB811AF94AE}]
@DACL=(02 0000)
@="Internet Explorer User Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{B587E2B1-4D59-4e7e-AED9-22B9DF11D053}]
@DACL=(02 0000)
@="802.3 Group Policy"
"DisplayName"=expand:"@dot3gpclnt.dll,-100"
"ProcessGroupPolicyEx"="ProcessLANPolicyEx"
"GenerateGroupPolicy"="GenerateLANPolicy"
"DllName"=expand:"dot3gpclnt.dll"
"NoUserPolicy"=dword:00000001
"NoGPOListChanges"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}]
@DACL=(02 0000)
@="Internet Explorer Machine Accelerators"
"DisplayName"="@c:\\WINDOWS\\system32\\iedkcs32.dll.mui,-3051"
"DllName"="c:\\WINDOWS\\system32\\iedkcs32.dll"
"NoGPOListChanges"=dword:00000001
"ProcessGroupPolicy"="ProcessGroupPolicyForActivities"
"ProcessGroupPolicyEx"="ProcessGroupPolicyForActivitiesEx"
"RequiresSuccessfulRegistry"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
@DACL=(02 0000)
"DllName"="c:\\Program Files\\SUPERAntiSpyware\\SASWINLO.DLL"
"Logon"="SABWINLOLogon"
"Logoff"="SABWINLOLogoff"
"Startup"="SABWINLOStartup"
"Shutdown"="SABWINLOShutdown"
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3060)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\brsvc01a.exe
c:\windows\system32\brss01a.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2011-11-10 20:47:47 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-11 01:47
ComboFix2.txt 2011-11-07 15:32
ComboFix3.txt 2011-11-07 03:42
ComboFix4.txt 2010-09-13 23:58
.
Pre-Run: 101,405,593,600 bytes free
Post-Run: 101,799,628,800 bytes free
.
- - End Of File - - 3B5F41221D716A583ED88AE24EFDF5B9
  • 0

#59
snowysdad43

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
hi ron
had to work late ron sorry this took so long
have a great night :)
i hope to be home aroung 4 pm tommorow will reply then
thank you ron
  • 0

#60
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP