Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I have Dr Watson errors on my computer [Solved]

Started by gary55 , May 14 2012 06:08 PM

  • This topic is locked This topic is locked

#1
gary55
Posted 14 May 2012 - 06:08 PM

gary55

    Member

  • Member
  • PipPip
  • 61 posts
I have Dr Watson errors on my computer. I'm really in need of some help. It seems to affect all users on the computer. I have Ubuntu on my hard drive as a dual boot choice. Ubuntu works perfectly. Windows not very good. Please let me know if you might know what the problem is and how to repair it. Thanks...

Edited by gary55, 14 May 2012 - 06:18 PM.

  • 0

Advertisements

#2
Macboatmaster
Posted 14 May 2012 - 06:11 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
gary55
Download and Run OTL

Click here to download OTL by OldTimer. It's a modern, more powerful replacement for HijackThis. Please do not post a HijackThis, Combofix, GMER, MBAM or any other logs until requested.

1. Download OTL, save to Desktop or other convenient location.
OTL will take a few minutes to generate a log, and then open it using Notepad.
Paste the log please to your post.



Amend your post please as per the guidance on How to post in this forum.

http://www.geekstogo...cleaning-guide/

Please do not create a separate post edit your original

Thanks
  • 1

#3
gary55
Posted 14 May 2012 - 06:38 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
i ran scan in OTL with the settings as they loaded. here is the results...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:17 PM, on 5/14/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\appconf32.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Reader Link Helper - {6764C5ED-CEE4-42ae-8F31-23F02A3A661F} - (no file)
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Adobe PDF Reader Link Helper - {F99BD4F5-D402-4c21-A8BC-510830B6BE37} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 5363 bytesOTL logfile created on: 5/14/2012 8:31:33 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Documents and Settings\Gary\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.55 Gb Available Physical Memory | 77.92% Memory free
3.84 Gb Paging File | 3.55 Gb Available in Paging File | 92.36% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 235.62 Gb Total Space | 210.97 Gb Free Space | 89.54% Space Free | Partition Type: NTFS

Computer Name: GARY-0587134ADE | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/14 20:30:58 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\My Documents\Downloads\OTL(1).exe
PRC - [2012/03/18 00:00:01 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
PRC - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/07 13:26:03 | 000,128,320 | ---- | M] () -- C:\WINDOWS\system32\11007\components\AcroFF007.dll
MOD - [2012/03/18 00:00:00 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/01/12 21:03:12 | 000,169,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\674d05b7da36bd75384a39a8939d633a\Inkjet.Automation.ni.dll
MOD - [2012/01/12 21:03:10 | 000,098,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\41549b1027ef902f9a08c303a0aafd79\Inkjet.DeviceSettings.ni.dll
MOD - [2012/01/12 21:03:08 | 000,105,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\5ade484760988b03093fb6dd043fab76\Inkjet.Diagnostics.ni.dll
MOD - [2012/01/12 21:03:07 | 000,283,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\f50eed959bd61d2cc4cd5b548020bf39\Inkjet.Utilities.ni.dll
MOD - [2012/01/12 21:03:07 | 000,237,056 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\ba9f24f506e32f80ad6a6e0ea87bcb0e\Inkjet.Localization.ni.dll
MOD - [2012/01/12 21:03:06 | 000,824,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\11e8704dac619f2ad10952f3b43ca0b3\Inkjet.Hardware.ni.dll
MOD - [2012/01/12 21:03:05 | 000,180,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\497cdad93fa0fcfd926bf9ab6e274786\Inkjet.Statistics.ni.dll
MOD - [2012/01/12 21:03:05 | 000,080,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\146a11dba257b06fe69b849d2943b204\Inkjet.Configuration.ni.dll
MOD - [2012/01/12 21:03:01 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a140e8da81b3af34c864ad851fe150fd\System.Runtime.Remoting.ni.dll
MOD - [2011/04/21 16:54:40 | 000,347,024 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madexcept_.bpl
MOD - [2011/04/21 16:54:40 | 000,179,088 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\madbasic_.bpl
MOD - [2011/04/21 16:54:40 | 000,046,480 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 5\maddisAsm_.bpl
MOD - [2011/02/02 00:18:25 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll
MOD - [2011/02/01 23:17:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll
MOD - [2011/02/01 23:17:06 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\439c466b60614915587c5273eaf0ca7f\System.Windows.Forms.ni.dll
MOD - [2011/02/01 23:16:47 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\dcc0244092fe52e6885b50be25ef3b31\System.Drawing.ni.dll
MOD - [2011/02/01 23:04:25 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll
MOD - [2011/02/01 23:04:11 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/05/06 16:55:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/14 17:38:14 | 000,913,752 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe -- (AdvancedSystemCareService5)
SRV - [2011/12/19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Running] -- C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/21 10:06:58 | 000,162,155 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\bgrps.dll -- (nywuko)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/03 13:20:36 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\02.tmp -- (yywpfqv)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/07/25 01:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/06 09:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\${ChromeSearchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=685749"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.yahoo....type=685749&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application DataMozilla\Extensions\[email protected] [2011/06/03 16:57:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007\install.rdf [2012/04/07 13:26:04 | 000,000,539 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/13 13:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/13 13:29:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007 [2012/05/13 09:32:31 | 000,000,000 | ---D | M]

[2010/10/15 06:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2010/10/15 06:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\[email protected]
[2012/05/13 09:26:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions
[2011/05/02 20:28:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/09/27 23:34:04 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\searchplugins\askcom.xml
[2011/06/02 21:38:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\searchplugins\bing-zugo.xml
[2012/01/08 17:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/05/13 09:32:31 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\11007
[2012/03/18 00:00:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/20 11:57:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/06 12:46:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/02/20 11:57:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2008/08/21 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {6764C5ED-CEE4-42ae-8F31-23F02A3A661F} - No CLSID value found.
O2 - BHO: (Window Shopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O2 - BHO: (no name) - {F99BD4F5-D402-4c21-A8BC-510830B6BE37} - No CLSID value found.
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 5] C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe (IObit)
O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O9 - Extra Button: Window Shopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\Superfish\Window Shopper\SuperfishIEAddon.dll (Superfish)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CE833D9-371C-4C19-B7D7-EDCA2B107FCE}: DhcpNameServer = 172.27.35.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - C:\WINDOWS\system32\appconf32.exe ()
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/09 16:12:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\Shell - "" = AutoRun
O33 - MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\Shell - "" = AutoRun
O33 - MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\Shell - "" = AutoRun
O33 - MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\Shell - "" = AutoRun
O33 - MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\Shell - "" = AutoRun
O33 - MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 19:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/05/14 19:54:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\HiJackThis
[2012/05/13 13:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Systweak
[2012/05/13 13:35:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Start Menu\Programs\CompuClever
[2012/05/13 13:26:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinASO
[2012/05/13 12:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot(2)
[2012/05/13 12:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\IObit Toolbar(2)
[2012/05/13 12:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater(2)
[2012/05/13 09:32:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\IObit(3)
[2012/05/09 18:45:10 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2012/05/09 18:40:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\CompuClever
[2012/05/09 18:40:47 | 000,000,000 | ---D | C] -- C:\Program Files\CompuClever
[2012/05/09 18:40:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CompuClever
[2012/05/06 16:55:18 | 004,140,192 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/05/03 18:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\Nick's
[2012/05/01 21:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\IObit
[2012/04/18 21:19:56 | 000,419,488 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Gary\Desktop\*.tmp files -> C:\Documents and Settings\Gary\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 20:30:28 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\v6bq9mwd.default.dat
[2012/05/14 19:57:27 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\HiJackThis.lnk
[2012/05/14 19:55:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/14 19:11:41 | 000,433,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/14 19:11:41 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/14 19:08:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/14 19:07:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/12 18:44:29 | 000,000,504 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
[2012/05/11 22:24:10 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Microsoft Word.lnk
[2012/05/09 18:40:49 | 000,000,382 | ---- | M] () -- C:\WINDOWS\tasks\PC TuneUp Maestro Scan.job
[2012/05/09 18:40:47 | 000,000,960 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\PC TuneUp Maestro.lnk
[2012/05/09 18:40:47 | 000,000,942 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\PC TuneUp Maestro.lnk
[2012/05/06 16:55:19 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/06 16:55:19 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/06 16:55:18 | 004,140,192 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012/05/01 21:50:05 | 000,000,009 | ---- | M] () -- C:\WINDOWS\winhlp32.ini
[2012/05/01 21:50:05 | 000,000,009 | ---- | M] () -- C:\WINDOWS\winhelp.ini
[2012/05/01 21:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\is2w0jpe.default.dat
[2012/05/01 20:50:08 | 000,085,075 | ---- | M] () -- C:\Documents and Settings\Gary\My Documents\schoenberg.xps
[2012/04/22 13:00:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\auk9gg4s.default.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Gary\Desktop\*.tmp files -> C:\Documents and Settings\Gary\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/14 19:54:53 | 000,002,445 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\HiJackThis.lnk
[2012/05/09 18:40:48 | 000,000,382 | ---- | C] () -- C:\WINDOWS\tasks\PC TuneUp Maestro Scan.job
[2012/05/09 18:40:47 | 000,000,960 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\Microsoft\Internet Explorer\Quick Launch\PC TuneUp Maestro.lnk
[2012/05/09 18:40:47 | 000,000,942 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\PC TuneUp Maestro.lnk
[2012/05/01 20:50:06 | 000,085,075 | ---- | C] () -- C:\Documents and Settings\Gary\My Documents\schoenberg.xps
[2012/04/18 21:19:57 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/06 23:00:34 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\auk9gg4s.default.dat
[2012/03/26 21:57:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\v6bq9mwd.default.dat
[2012/03/24 21:48:06 | 000,000,504 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2012/03/24 21:40:12 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\is2w0jpe.default.dat
[2011/07/11 11:35:36 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011/07/11 11:15:24 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2011/07/07 20:47:39 | 000,005,463 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2011/07/07 20:37:17 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/06/07 19:18:44 | 000,024,884 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/04/23 11:34:48 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 18:10:08 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/02/01 21:28:03 | 000,000,009 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2011/02/01 21:28:03 | 000,000,009 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2011/02/01 21:26:33 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2010/10/14 19:52:59 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2010/10/14 18:19:54 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/10/13 19:53:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/10/13 17:31:03 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/10/13 17:27:56 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2010/10/09 16:14:10 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/09 16:09:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/09 11:58:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/09 11:56:59 | 000,167,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6971CCC5

< End of report >
  • 0

#4
gary55
Posted 15 May 2012 - 04:36 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
ok, not sure if i'm getting thru. if i am and your very busy that's totally understandable. if you could just say hello and i'll get to you later or whatever that would be great. just so i know .... thank you!
  • 0

#5
Macboatmaster
Posted 15 May 2012 - 04:50 PM

Macboatmaster

    7k

  • Member
  • PipPipPipPipPipPipPipPip
  • 7,237 posts
gary55

I cannot assist in Malware. Only qualifed malware experts may do so
I only posted asking you to attach the OTL log as requested in the guidance of how to post

I did also ask

Please do not create a separate post edit your original


but it is too late now, leave it as it is please and please be patient. The malware experts are very busy
  • 0

#6
gary55
Posted 15 May 2012 - 05:25 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
ok thank you.... i'll be patient.
  • 0

#7
CompCav
Posted 16 May 2012 - 07:10 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Hi, gary55! Posted ImageMy nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out. :)

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.


Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:
  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
  • You must reply within four days failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.




Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image




  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...hTerms}&locale=
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007 [2012/05/13 09:32:31 | 000,000,000 | ---D | M]
[2010/09/27 23:34:04 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\searchplugins\askcom.xml
[2011/06/02 21:38:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\searchplugins\bing-zugo.xml
[2012/05/13 09:32:31 | 000,000,000 | ---D | M] (Java String Helper) -- C:\WINDOWS\SYSTEM32\11007
[2011/10/03 06:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 12:46:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
O2 - BHO: (no name) - {6764C5ED-CEE4-42ae-8F31-23F02A3A661F} - No CLSID value found.
O2 - BHO: (no name) - {F99BD4F5-D402-4c21-A8BC-510830B6BE37} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O33 - MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\Shell - "" = AutoRun
O33 - MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\Shell - "" = AutoRun
O33 - MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\Shell - "" = AutoRun
O33 - MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\Shell - "" = AutoRun
O33 - MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\Shell - "" = AutoRun
O33 - MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
[2012/05/14 20:30:28 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\v6bq9mwd.default.dat
[2012/05/12 18:44:29 | 000,000,504 | ---- | M] () -- C:\WINDOWS\System32\urhtps.dat
[2012/05/01 21:18:44 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\is2w0jpe.default.dat
[2012/04/22 13:00:25 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\auk9gg4s.default.dat



:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.


Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

If it does not run rename it iexplore.exe and try it again.


Step 3.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select Scan All Users
  • Select Lop Check and Purity Check
  • Under Extra Registry select Use SafeList
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Program Files\Common Files\ComObjects\*.* /s
    C:\windows\*. /RP /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs


Step 4.

Please post:

OTL fix log
aswMBR log
OTL.txt
Extras.txt

What are your current issues?

What error message does Dr. Watson give you?

What antivirus do you have installed if any?
  • 0

#8
gary55
Posted 16 May 2012 - 04:23 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Thanks. I am side tracked as my ink cartridge just ran out of ink. i will be back to you asap. thank you very much for your help!
  • 0

#9
CompCav
Posted 16 May 2012 - 05:54 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
No problem take your time to do it right :thumbsup:


Regards,

CompCav
  • 0

#10
gary55
Posted 16 May 2012 - 06:58 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Below is the OTL file generated. i had to reboot about 5 times to be able to get it! i was getting Windows Explorer problem, Dr Watson postmortem debugger problem, and Windows Genuine Advantage Notifications problems. also a different looking box that said svchost.exe failed to initialize. Whew!!! what a mess. I'll be amazed if this gets fixed. Thank you!

I'm moving on to the next step: aswMBR download and scan...



All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
File HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007 not found.
C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\searchplugins\bing-zugo.xml moved successfully.
C:\WINDOWS\System32\11007\components folder moved successfully.
C:\WINDOWS\System32\11007 folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6764C5ED-CEE4-42ae-8F31-23F02A3A661F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6764C5ED-CEE4-42ae-8F31-23F02A3A661F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F99BD4F5-D402-4c21-A8BC-510830B6BE37}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F99BD4F5-D402-4c21-A8BC-510830B6BE37}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e3badca-d3ed-11df-8262-8c2d77871e73}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e3badca-d3ed-11df-8262-8c2d77871e73}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0e3badca-d3ed-11df-8262-8c2d77871e73}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0e3badca-d3ed-11df-8262-8c2d77871e73}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1bf3a6b4-2cc3-11e0-83c0-0017a4ef944d}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a3f6b278-6886-11e0-84f4-0017a4ef944d}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65dabe8-d898-11df-8278-0017a4ef944d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65dabe8-d898-11df-8278-0017a4ef944d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b65dabe8-d898-11df-8278-0017a4ef944d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b65dabe8-d898-11df-8278-0017a4ef944d}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddae844c-8f68-11e0-85b9-0017a4ef944d}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ece1f6ec-d3ae-11df-8ffc-806d6172696f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
C:\WINDOWS\system32\v6bq9mwd.default.dat moved successfully.
C:\WINDOWS\system32\urhtps.dat moved successfully.
C:\WINDOWS\system32\is2w0jpe.default.dat moved successfully.
C:\WINDOWS\system32\auk9gg4s.default.dat moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Gary\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Gary\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Alice
->Temp folder emptied: 34344564 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 280872688 bytes
->Flash cache emptied: 16121 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Gary
->Temp folder emptied: 10327355 bytes
->Temporary Internet Files folder emptied: 1233253 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61691002 bytes
->Flash cache emptied: 13922 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matt
->Temp folder emptied: 406096190 bytes
->Temporary Internet Files folder emptied: 255378 bytes
->Java cache emptied: 18119264 bytes
->FireFox cache emptied: 89952699 bytes
->Flash cache emptied: 175465 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nick
->Temp folder emptied: 359744381 bytes
->Temporary Internet Files folder emptied: 3573421 bytes
->Java cache emptied: 37042 bytes
->FireFox cache emptied: 57659718 bytes
->Flash cache emptied: 137893 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2401626 bytes
%systemroot%\System32 .tmp files removed: 11169 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5393979 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 78100706 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,345.00 mb

Unable to start System Restore Service. Error code 1056

OTL by OldTimer - Version 3.2.43.0 log created on 05162012_202621
  • 0

Advertisements

#11
gary55
Posted 16 May 2012 - 07:08 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
i clicked on the aswMBR and it said the site could not be found. what should i do?
  • 0

#12
CompCav
Posted 16 May 2012 - 07:15 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Go here and click the downloadable link for it.
  • 0

#13
gary55
Posted 16 May 2012 - 07:35 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
getting a problem loading page....
  • 0

#14
CompCav
Posted 16 May 2012 - 07:44 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
gary55,

This is indicative of an internet problem.

You mentioned a Windows Genuine Advantage Notifications issue so let's drill into it with these two programs:

Please run the MGA Diagnostic Tool and post the report it produces:

  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program.
  • Click Continue.
  • Ensure that the Windows tab is selected. (It should be by default.)
  • Click the Copy button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report into your next reply.



---------------------------------------------------------------------------------------



  • Please download WVCheck by Artellos from one of the mirrors below;
    Artellos.com (exe)
  • After the download, run WVCheck.exe
  • As indicated by the prompt, This program can take a while depending on your hard drive space.
  • Once the program is done, copy the contents of the notepad file as a reply.

Please post both logs in your next reply.
  • 0

#15
gary55
Posted 16 May 2012 - 08:09 PM

gary55

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
i was able to download aswMBR and run it. here is the results. i will wait for your reply before i go further on the windows genuine advantage notifications problem.



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 22:04:18
-----------------------------
22:04:18.062 OS Version: Windows 5.1.2600 Service Pack 3
22:04:18.062 Number of processors: 2 586 0x403
22:04:18.062 ComputerName: GARY-0587134ADE UserName: Gary
22:04:18.984 Initialize success
22:04:37.718 AVAST engine download error: 0
22:04:58.718 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
22:04:58.718 Disk 0 Vendor: ST3500820AS SD1A Size: 476940MB BusType: 3
22:04:58.734 Disk 0 MBR read successfully
22:04:58.734 Disk 0 MBR scan
22:04:58.734 Disk 0 unknown MBR code
22:04:58.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 241272 MB offset 63
22:04:58.734 Disk 0 Partition - 00 05 Extended 235667 MB offset 494127102
22:04:58.750 Disk 0 Partition 2 00 83 Linux 229793 MB offset 494127104
22:04:58.750 Disk 0 Partition - 00 05 Extended 5874 MB offset 964743168
22:04:58.765 Disk 0 scanning sectors +976773120
22:04:58.812 Disk 0 scanning C:\WINDOWS\system32\drivers
22:05:03.250 Service scanning
22:05:10.828 Modules scanning
22:05:14.046 Disk 0 trace - called modules:
22:05:14.078 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
22:05:14.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a67aab8]
22:05:14.078 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005d[0x8a6c7f18]
22:05:14.078 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a664d98]
22:05:14.078 Scan finished successfully
22:05:30.781 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gary\Desktop\MBR.dat"
22:05:30.796 The log file has been saved successfully to "C:\Documents and Settings\Gary\Desktop\aswMBR.txt"
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP