Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Blue screen Blues [Closed]


  • This topic is locked This topic is locked

#1
kcb3171

kcb3171

    New Member

  • Member
  • Pip
  • 1 posts
After reboot there is only blue desktop without any icons. Cannot access task manager at all Say "task manager disabled by administrator". If I click on All Programs it says (empty). I cannot access any of my saved Programs or documents or shortcuts from desktop. I was able to use the search program and drop and drag short cuts to start menu. If I try to creat a shortcut to desk top it isnt there also unable to right click on desktop. When I right click on desktop it does nothing at all.

OTL logfile created on: 12/1/2011 10:56:59 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Marci\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.44 Gb Available Physical Memory | 81.53% Memory free
3.20 Gb Paging File | 2.81 Gb Available in Paging File | 87.82% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.46 Gb Total Space | 6.34 Gb Free Space | 18.41% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: DD6FX661 | User Name: Marci | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/01 22:51:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marci\My Documents\OTL.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/09/15 17:47:36 | 000,479,232 | -H-- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/01 10:08:30 | 001,644,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120101\algo.dll
MOD - [2011/11/29 07:40:55 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11120101\aswRep.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2004/04/11 17:57:44 | 000,040,960 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DirWatcher.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (ACDaemon)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/09/23 17:21:49 | 000,034,320 | -H-- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/08/24 21:46:36 | 000,049,904 | RH-- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/01/09 12:03:40 | 000,213,640 | -H-- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys -- (mfehidk)
DRV - [2009/01/09 12:03:40 | 000,079,304 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys -- (mfeavfk)
DRV - [2009/01/09 12:03:40 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys -- (mfesmfk)
DRV - [2009/01/09 12:03:40 | 000,035,272 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys -- (mfebopk)
DRV - [2009/01/09 12:03:06 | 000,034,216 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys -- (mferkdk)
DRV - [2004/12/04 15:07:18 | 000,008,552 | -H-- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/06/15 20:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/05 20:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.c...ferrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\WINDOWS\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@emusic.com/dlm-plugin: C:\Program Files\eMusic Download Manager\plugin\npemusic.dll (eMusic.com)

FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2011/10/31 00:59:04 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2011/10/31 01:28:47 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2011/11/30 10:31:01 | 000,000,000 | -H-D | M]

[2009/05/28 22:20:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Marci\Application Data\Mozilla\Extensions
[2009/05/28 22:20:44 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Marci\Application Data\Mozilla\Extensions\[email protected]
[2011/05/20 09:05:19 | 000,000,000 | -H-D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/05/20 09:05:19 | 000,000,000 | -H-D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]
[2011/05/20 09:05:19 | 000,000,000 | -H-D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/03/19 13:09:18 | 000,000,027 | -H-- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &Search - http://edits.mywebse...uw&n=2011092321 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html File not found
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.micr...veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...90/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} http://legacy.shared...geUploader4.cab (Image Uploader Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0FB6D547-4783-49BC-BCF1-0CA7650C0868}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Marci\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marci\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/01 22:52:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marci\My Documents\OTL.exe
[2011/12/01 22:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marci\Application Data\Smart PC Solutions
[2011/12/01 22:03:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Fix My Registry
[2011/12/01 22:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\Smart PC Solutions
[2011/12/01 22:02:42 | 000,987,464 | ---- | C] (Smart PC Solutions ) -- C:\Documents and Settings\Marci\My Documents\fixregistry.exe
[2011/11/30 09:05:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Marci\Recent
[2011/11/15 18:28:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/11/15 18:27:52 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/11/15 18:27:46 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/01 22:51:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marci\My Documents\OTL.exe
[2011/12/01 22:24:00 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/01 22:08:10 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2011/12/01 22:08:09 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/01 22:08:09 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2011/12/01 22:08:05 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2011/12/01 22:08:05 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2011/12/01 22:07:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/12/01 22:07:49 | 3210,891,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/01 22:03:58 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\Marci\Desktop\Click To Find and Fix PC Errors.lnk
[2011/12/01 22:03:58 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Marci\Desktop\Fix My Registry.lnk
[2011/12/01 22:02:29 | 000,987,464 | ---- | M] (Smart PC Solutions ) -- C:\Documents and Settings\Marci\My Documents\fixregistry.exe
[2011/12/01 21:46:26 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\Marci\Desktop\Shortcut to AvastUI.exe.lnk
[2011/12/01 19:09:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/01 09:38:23 | 000,000,281 | ---- | M] () -- C:\Documents and Settings\Marci\Desktop\New in Box Asus EEE Pad Transformer.url
[2011/11/30 21:57:05 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/11/30 21:56:42 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/11/30 01:07:24 | 000,000,327 | -HS- | M] () -- C:\BOOT.INI
[2011/11/30 00:37:54 | 000,204,120 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/28 22:48:52 | 000,000,281 | -H-- | M] () -- C:\Documents and Settings\Marci\Desktop\1997 Mazda 626.url
[2011/11/28 10:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 10:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 09:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 09:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 09:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/27 19:35:55 | 000,745,736 | -H-- | M] () -- C:\Documents and Settings\Marci\My Documents\img017.jpg
[2011/11/26 20:07:35 | 000,009,907 | -H-- | M] () -- C:\Documents and Settings\Marci\My Documents\mbrtwi.gmf.105.jpg
[2011/11/26 20:07:25 | 000,010,432 | -H-- | M] () -- C:\Documents and Settings\Marci\My Documents\drad33.s.95.jpg
[2011/11/26 20:06:44 | 000,011,386 | -H-- | M] () -- C:\Documents and Settings\Marci\My Documents\koninc.grm.large.jpg
[2011/11/26 09:00:06 | 000,000,295 | -H-- | M] () -- C:\Documents and Settings\Marci\Desktop\Discount Tire, Custom Wheels, Truck & Car Rims Discount Tire.url
[2011/11/17 19:15:59 | 000,000,674 | -H-- | M] () -- C:\WINDOWS\System32\MAPISVC.INF
[2011/11/15 21:48:41 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2011/11/15 21:45:16 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2011/11/11 03:18:47 | 000,442,948 | -H-- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/11/11 03:18:47 | 000,072,214 | -H-- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2011/11/11 03:00:31 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/06 23:07:23 | 000,008,185 | -H-- | M] () -- C:\Documents and Settings\Marci\My Documents\Patten..rtf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/01 22:03:58 | 000,001,722 | ---- | C] () -- C:\Documents and Settings\Marci\Desktop\Click To Find and Fix PC Errors.lnk
[2011/12/01 22:03:58 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\Marci\Desktop\Fix My Registry.lnk
[2011/12/01 21:46:26 | 000,001,078 | ---- | C] () -- C:\Documents and Settings\Marci\Desktop\Shortcut to AvastUI.exe.lnk
[2011/12/01 09:38:23 | 000,000,281 | ---- | C] () -- C:\Documents and Settings\Marci\Desktop\New in Box Asus EEE Pad Transformer.url
[2011/11/30 21:57:05 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/11/27 19:48:38 | 000,745,736 | -H-- | C] () -- C:\Documents and Settings\Marci\My Documents\img017.jpg
[2011/11/26 20:07:37 | 000,009,907 | -H-- | C] () -- C:\Documents and Settings\Marci\My Documents\mbrtwi.gmf.105.jpg
[2011/11/26 20:07:28 | 000,010,432 | -H-- | C] () -- C:\Documents and Settings\Marci\My Documents\drad33.s.95.jpg
[2011/11/26 20:06:51 | 000,011,386 | -H-- | C] () -- C:\Documents and Settings\Marci\My Documents\koninc.grm.large.jpg
[2011/11/26 09:00:06 | 000,000,295 | -H-- | C] () -- C:\Documents and Settings\Marci\Desktop\Discount Tire, Custom Wheels, Truck & Car Rims Discount Tire.url
[2011/11/06 23:07:23 | 000,008,185 | -H-- | C] () -- C:\Documents and Settings\Marci\My Documents\Patten..rtf
[2011/09/11 19:56:20 | 000,000,272 | -H-- | C] () -- C:\WINDOWS\reimage.ini
[2011/03/19 12:54:35 | 000,256,512 | -H-- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/19 12:54:35 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe
[2011/03/19 12:54:35 | 000,089,088 | -H-- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/19 12:54:35 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe
[2011/03/19 12:54:35 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe
[2011/01/28 01:07:47 | 000,160,096 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/07 20:08:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\ViewNX.INI
[2010/05/25 20:47:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Reverb
[2010/05/25 20:47:45 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Marci\Application Data\Radio Sounds
[2010/05/25 20:47:45 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/05/25 20:44:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Repeat Routines
[2010/05/25 20:44:07 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Marci\Application Data\Project Templates
[2010/05/25 20:44:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/09/30 17:17:35 | 000,036,692 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/09/16 19:39:20 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/06/07 17:15:34 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/31 15:03:57 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\Disney.ini
[2009/03/13 20:53:03 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/25 23:44:11 | 000,000,097 | -H-- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/25 23:44:10 | 000,073,220 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/25 23:44:10 | 000,001,137 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/25 23:44:10 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/25 23:44:10 | 000,001,104 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/25 23:44:09 | 000,021,021 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/25 23:44:09 | 000,015,670 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/25 23:44:09 | 000,013,280 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/25 23:44:09 | 000,010,673 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/25 23:44:09 | 000,004,943 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/25 23:44:09 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/25 23:44:09 | 000,001,140 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/25 23:44:09 | 000,001,130 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/25 23:44:08 | 000,031,053 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/25 23:44:08 | 000,029,114 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/25 23:44:08 | 000,027,417 | -H-- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/25 23:38:40 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\EPNX100.ini
[2008/10/23 12:46:56 | 000,005,632 | -H-- | C] () -- C:\Documents and Settings\Marci\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/23 12:45:28 | 000,870,128 | -H-- | C] () -- C:\Documents and Settings\Marci\Application Data\mcs.rma
[2008/10/23 12:45:28 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Marci\Application Data\EBBA46
[2008/10/14 11:42:29 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\Marci\Application Data\PFP120JPR.{PB
[2008/10/14 11:42:29 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\Marci\Application Data\PFP120JCM.{PB
[2008/10/14 11:14:58 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Marci\Local Settings\Application Data\fusioncache.dat
[2008/10/13 15:18:08 | 000,000,375 | -H-- | C] () -- C:\WINDOWS\dellstat.ini
[2008/10/13 14:06:13 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2008/10/13 13:13:47 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\msoffice.ini
[2004/12/04 15:10:42 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/04 15:05:34 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2004/12/04 15:02:17 | 000,000,138 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/04 14:46:34 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/12/04 14:45:46 | 000,442,948 | -H-- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/12/04 14:45:46 | 000,072,214 | -H-- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/12/04 14:32:22 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 20:03:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 11:13:12 | 000,000,788 | -H-- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 11:08:08 | 000,204,120 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 11:03:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 11:02:16 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 08:08:26 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/10 08:08:26 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/04 03:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/04 03:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/04 03:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/04 03:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/04 03:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/04 03:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/04 03:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2004/07/19 14:01:02 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[1979/12/31 22:00:00 | 000,012,288 | -H-- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/03/19 16:25:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/07 18:18:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/06/07 14:06:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/11/14 20:34:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/02/25 23:47:38 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/05/25 20:44:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Light Machine
[2010/05/25 20:47:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Metadata Importer
[2011/06/07 18:04:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/05/25 20:45:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/02/25 23:49:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2010/05/25 20:47:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2004/12/04 15:08:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/05/24 09:06:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/14 08:02:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 08:05:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/03/17 11:20:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
[2011/06/07 16:30:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\AVG10
[2011/03/19 13:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\CallingID
[2009/02/18 21:17:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/02/24 00:02:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\EasyChat
[2011/05/20 09:05:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\eMusic
[2009/03/06 21:15:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\EPSON
[2011/03/17 11:20:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\GlarySoft
[2009/02/25 23:59:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\Leadertech
[2009/03/04 16:44:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\MSNInstaller
[2011/01/31 13:11:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\Nikon
[2011/12/01 22:04:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marci\Application Data\Smart PC Solutions
[2011/09/02 22:28:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\Sony Online Entertainment
[2010/09/27 14:09:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\xfinitytb
[2011/12/01 22:08:09 | 000,000,260 | -H-- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2011/12/01 22:08:10 | 000,000,312 | -H-- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2011/12/01 22:08:05 | 000,000,264 | -H-- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job
[2011/12/01 22:08:05 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\Tasks\SpeedUpMyPC.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, kcb3171! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

These instructions are specifically designed for kcb3171 only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


I am currently reviewing your log and I will post back soon.
  • 0

#3
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Step 1

You are running too many antivirus programs. This is not a good idea as this can cause problems such as slowness in computer speed, conflicts and cause more vulnerability to infection.

Keep the paid version of Mcafee only if the subscription is up-to-date. If it isn't, uninstall it and keep Avast.

Uninstall Avast or Mcafee via:
  • Control Panel
  • Add/Remove Programs

Step 2

Download the AVG Removal Tool to your desktop.

Run the tool to remove AVG.

After this, please restart your computer.


Step 3

Download RogueKiller to your desktop

  • Quit all running programs.
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe.
  • When prompted, type 6 and validate.
  • The RKreport.txt shall be generated next to the executable.
  • If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe.
Please post the contents of the RKreport.txt in your next reply.


Step 4

Please uninstall the following programs via Control Panel > Add/Remove Programs (if present):

  • Java 6 Update 7
  • MyWebSearch
  • Viewpoint (Media Player, etc)
  • Xfinity Toolbar

Viewpoint is considered as foistware instead of malware since it is installed without user's approval but doesn't spy or do anything "bad". I recommend you uninstall your Viewpoint product but it is your choice.
This may change, read Viewpoint to Plunge Into Adware.



Step 5

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :OTL 
    SRV - [2011/09/23 17:21:49 | 000,034,320 | -H-- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE -- (MyWebSearchService)
    IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - No CLSID value found
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2011/11/30 10:31:01 | 000,000,000 | -H-D | M]
    O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL (MyWebSearch.com)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
    O8 - Extra context menu item: &Search - http://edits.mywebse...uw&n=2011092321 File not found
    O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    [2011/12/01 22:03:58 | 000,001,722 | ---- | M] () -- C:\Documents and Settings\Marci\Desktop\Click To Find and Fix PC Errors.lnk
    [2011/06/07 18:18:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2011/06/07 16:30:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\AVG10
    [2010/09/27 14:09:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Marci\Application Data\xfinitytb
    [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
    [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
     
    :Files
    C:\Program Files\MyWebSearch
    xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C 
    xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C 
    xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C 
    xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C 
    ipconfig /flushdns /c
    
    :Commands 
    [purity] 
    [resethosts] 
    [EMPTYFLASH]
    [CREATERESTOREPOINT] 
    [Reboot]

  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.
  • Post the log that appears upon reboot in your next reply.
  • Open OTL again and select the "Scan All Users" box.
  • Click the Quick Scan button. Post the log it produces in your next reply.

Step 6

Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image

Step 7

Do the following:
Start -> Run.
type diskmgmt.msc.
Click "OK".

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screenshot of the Disk Management Window and attach the screen shot to your reply.


Things I want to see in your next reply

  • RKreport.txt
  • OTL Fix Log
  • OTL.txt
  • aswMBR.txt
  • A screenshot of the Disk Management Window

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP