Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

No Internet after Zeroaccess Removal [Solved]


  • This topic is locked This topic is locked

#46
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I ran the Kaspersky removal tool again, but Kaspersky files are still showing up in OTL:

OTL logfile created on: 6/6/2012 9:17:31 AM - Run 3
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\admin\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 72.99% Memory free
5.70 Gb Paging File | 5.01 Gb Available in Paging File | 87.82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 47.46 Gb Free Space | 32.16% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.90 Gb Free Space | 53.88% Space Free | Partition Type: FAT32

Computer Name: RNT-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\System32\consent.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\IObit\Advanced SystemCare 5\ASCv5ExtMenu.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmlparse.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WPFFontCache_v0400) -- File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (XAudioService) -- C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ezGOSvc) -- C:\Windows\System32\ezGOSvc.dll ()
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MpKsle679543d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B5D8087-BA63-4A2F-A7CC-0C8FF7404B6E}\MpKsle679543d.sys File not found
DRV - (MFE_RR) -- C:\Users\jeo\AppData\Local\Temp\mfe_rr.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (KLIF) -- system32\DRIVERS\klif.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (dgcfltr) -- C:\Windows\System32\drivers\ACFDCP32.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\ACFXAU32.sys (Conexant Systems, Inc.)
DRV - (acfva) -- C:\Windows\System32\drivers\ACFVA32.sys (Conexant Systems Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\ACFSDK32.sys (Conexant)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (CA561) -- C:\Windows\System32\drivers\spca561.sys (SP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKLM\..\SearchScopes\{5413DC04-8E8C-4D0A-B988-D5786D662FD9}: "URL" = http://www.google.co...ge={startPage};
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2117678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{93462E4E-B91F-4B9A-8184-4E527B169A32}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/15 20:57:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 19:06:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 20:58:28 | 000,000,000 | ---D | M]

[2012/01/15 02:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/17 11:18:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/15 21:59:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/11 15:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 01:06:53 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2010/08/02 09:27:02 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/06/03 21:37:13 | 000,000,048 | --S- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/06 09:11:38 | 003,748,240 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\kavremover.exe
[2012/06/03 15:01:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/30 22:31:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/30 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2012/05/30 22:27:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/30 22:14:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/30 21:31:08 | 000,100,864 | ---- | C] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
[2012/05/30 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/05/30 21:27:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/28 18:03:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
[2012/05/28 14:55:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/28 14:55:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/28 14:55:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/28 14:55:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/28 14:40:30 | 004,530,271 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 11:42:19 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/27 11:21:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/26 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\OTL
[2012/05/25 23:39:40 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\WindowsForUs
[2012/05/25 23:36:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinBubble
[2012/05/25 23:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinBubble
[2012/05/25 00:31:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/24 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\log
[2012/05/24 22:11:48 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\TMRBLog
[2012/05/24 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\backups
[2012/05/24 21:31:41 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 21:31:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 15:23:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Pavark
[2012/05/24 11:30:09 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/24 02:45:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft Games
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Opera
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Opera
[2012/05/22 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\vlc
[2012/05/22 23:31:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012/05/22 23:21:13 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012/05/22 23:01:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/22 23:00:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/22 00:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/20 22:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\DLLSuite
[2012/05/18 23:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/18 23:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/18 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AbiSuite
[2012/05/15 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalNet
[2012/05/15 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FTL Shared
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2012/05/14 00:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/05/14 00:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/05/14 00:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/05/13 17:14:50 | 000,000,000 | ---D | C] -- C:\Windows\TempFA2B2319-FCE2-5246-1C6F-52F8D52354BF-Signatures
[2012/05/13 15:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\LocalNet
[2012/05/13 00:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/05/12 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/12 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\cfos6link

========== Files - Modified Within 30 Days ==========

[2012/06/06 09:14:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 09:14:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 09:14:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/06 09:14:40 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/06 09:09:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 21:37:13 | 000,000,048 | --S- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/03 17:45:24 | 000,612,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/03 17:45:24 | 000,106,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/01 23:31:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ipconfig
[2012/05/30 22:31:52 | 000,483,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 20:47:08 | 000,379,392 | ---- | M] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/30 14:17:44 | 000,100,864 | ---- | M] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
[2012/05/28 14:18:51 | 001,310,720 | ---- | M] () -- C:\Users\admin\NTUSER.bak
[2012/05/28 11:55:04 | 004,530,271 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 14:16:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/26 23:08:18 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\1vg7ccn1.exe
[2012/05/26 20:44:14 | 000,650,240 | ---- | M] () -- C:\Users\admin\Desktop\MicrosoftFixit50203.msi
[2012/05/26 00:36:20 | 000,044,786 | ---- | M] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | M] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:37:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/25 18:03:30 | 000,650,240 | ---- | M] () -- C:\MicrosoftFixit50203.msi
[2012/05/25 15:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/24 20:53:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 20:49:12 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 16:56:32 | 000,001,042 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:19:26 | 001,020,640 | ---- | M] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:35:54 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:58:06 | 000,003,070 | ---- | M] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/23 23:37:49 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012/05/22 23:01:33 | 000,000,680 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/22 12:08:08 | 003,748,240 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\kavremover.exe
[2012/05/22 00:02:48 | 000,337,639 | ---- | M] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/21 22:12:14 | 000,396,041 | ---- | M] () -- C:\Users\admin\Desktop\MiniToolBox.exe
[2012/05/21 16:40:50 | 002,127,960 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
[2012/05/19 14:35:01 | 000,000,614 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/05/18 17:48:13 | 000,000,954 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/18 16:49:15 | 000,148,920 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/05/18 00:41:24 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/05/14 23:54:22 | 000,000,335 | ---- | M] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk

========== Files Created - No Company Name ==========

[2012/06/01 23:31:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ipconfig
[2012/05/30 20:58:59 | 000,379,392 | ---- | C] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/29 12:34:11 | 000,337,639 | ---- | C] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/28 14:55:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/28 14:55:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/28 14:55:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/28 14:55:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/28 14:55:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/28 14:33:48 | 000,396,041 | ---- | C] () -- C:\Users\admin\Desktop\MiniToolBox.exe
[2012/05/26 23:27:55 | 000,302,592 | ---- | C] () -- C:\Users\admin\Desktop\1vg7ccn1.exe
[2012/05/26 00:37:45 | 000,044,786 | ---- | C] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | C] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:16:33 | 000,650,240 | ---- | C] () -- C:\MicrosoftFixit50203.msi
[2012/05/25 21:14:25 | 000,650,240 | ---- | C] () -- C:\Users\admin\Desktop\MicrosoftFixit50203.msi
[2012/05/24 22:09:19 | 2950,524,928 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/24 16:56:32 | 000,001,042 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:23:04 | 001,020,640 | ---- | C] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:48:45 | 000,302,592 | ---- | C] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:53:52 | 000,003,070 | ---- | C] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/23 23:37:49 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012/05/22 23:01:33 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 17:45:19 | 000,001,699 | ---- | C] () -- C:\Windows\Notepad.lnk
[2012/05/18 16:44:48 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/05/14 23:54:22 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/05/13 17:18:13 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/15 15:46:06 | 000,483,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/31 16:57:55 | 000,012,908 | -HS- | C] () -- C:\ProgramData\ara327au0mpx25ws6q613p7wrvbho2wq2awry
[2011/11/21 14:52:35 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe
[2011/11/21 14:52:35 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2011/11/21 14:52:35 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2011/11/15 21:58:49 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat3
[2011/11/15 21:58:49 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat3
[2011/11/04 22:57:39 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/11/04 22:57:39 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/11/04 22:57:39 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/11/04 22:57:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/11/04 22:57:39 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/06/03 13:10:57 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2011/05/28 16:04:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/05/28 16:04:32 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/05/28 16:04:02 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/05/04 22:08:31 | 000,000,020 | ---- | C] () -- C:\Windows\cmm.dat
[2011/05/04 22:07:57 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2010/07/03 18:07:57 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== LOP Check ==========

[2012/05/22 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/23 01:14:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Opera
[2011/11/18 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Yandex
[2012/06/06 09:13:52 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D6E5D55
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E7833B2E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1EE5EBCB
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

Advertisements


#47
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    DRV - (MFE_RR) -- C:\Users\jeo\AppData\Local\Temp\mfe_rr.sys File not found
    DRV - (KLIF) -- system32\DRIVERS\klif.sys File not found
    DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
    DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
    DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2117678
    IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
    IE - HKCU\..\SearchScopes\{93462E4E-B91F-4B9A-8184-4E527B169A32}: "URL" = http://us.yhs.search...p={searchTerms}
    [2010/08/02 09:27:02 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O2 - BHO: (no name) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No CLSID value found.
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
    O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - Reg Error: Key error. File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
    [2012/06/06 09:11:38 | 003,748,240 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\kavremover.exe
    [2012/05/30 21:31:08 | 000,100,864 | ---- | C] (Demonworks) -- C:\Users\admin\Desktop\gRaSP.exe
    [2012/05/28 18:03:31 | 002,127,960 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\admin\Desktop\TDSSKiller.exe
    
    :Commands
    [purity]
    [emptytemp]
    
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#48
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I ran the fix, but after running the fix I lost my touchpad capability. Here is the latest OTL scan:

OTL logfile created on: 6/6/2012 11:29:06 AM - Run 4
OTL by OldTimer - Version 3.2.43.1 Folder = c:\Users\admin\Desktop\OTL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.75 Gb Total Physical Memory | 1.99 Gb Available Physical Memory | 72.35% Memory free
5.70 Gb Paging File | 4.98 Gb Available in Paging File | 87.31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.58 Gb Total Space | 47.48 Gb Free Space | 32.17% Space Free | Partition Type: NTFS
Drive D: | 3.52 Gb Total Space | 1.90 Gb Free Space | 53.88% Space Free | Partition Type: FAT32

Computer Name: RNT-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - c:\Users\admin\Desktop\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
PRC - C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
PRC - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\59c557dfb59134d17fa6d80e006153aa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c931e006319673b38b15c05de33c885f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b863c4cf3146f1bf1048a0d402da1bd\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2939.23668__90ba9c70f846762e\CLI.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2939.23662__90ba9c70f846762e\LOG.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2939.23802__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2939.23707__90ba9c70f846762e\MOM.Foundation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3034.37123__90ba9c70f846762e\MOM.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2939.23679__90ba9c70f846762e\LOG.Foundation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3034.37122__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2939.23712__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3034.37123__90ba9c70f846762e\CCC.Implementation.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmltok.dll ()
MOD - C:\Program Files\Hp\Digital Imaging\bin\crm\xmlparse.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WPFFontCache_v0400) -- File not found
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe File not found
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdvancedSystemCareService5) -- C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe (IObit)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (XAudioService) -- C:\Windows\System32\drivers\ACFXAU32.exe (Conexant Systems, Inc.)
SRV - (TOSHIBA SMART Log Service) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (ezGOSvc) -- C:\Windows\System32\ezGOSvc.dll ()
SRV - (jswpsapi) -- C:\Program Files\Jumpstart\jswpsapi.exe (Atheros Communications, Inc.)
SRV - (GameConsoleService) -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MpKsle679543d) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B5D8087-BA63-4A2F-A7CC-0C8FF7404B6E}\MpKsle679543d.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (IO_Memory) -- C:\WINDOWS\SYSTEM32\SYSPREP\Drivers\ioport.sys File not found
DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys ()
DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys ()
DRV - (pwdrvio) -- C:\Windows\System32\pwdrvio.sys ()
DRV - (pwdspio) -- C:\Windows\System32\pwdspio.sys ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (NWUSBCDFIL) -- C:\Windows\System32\drivers\NwUsbCdFil.sys (Novatel Wireless Inc.)
DRV - (NWADI) -- C:\Windows\System32\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV - (NWUSBPort2) -- C:\Windows\System32\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV - (NWUSBPort) -- C:\Windows\System32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\Windows\System32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (WinUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (jswpslwf) -- C:\Windows\System32\drivers\jswpslwf.sys (Atheros Communications, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (tos_sps32) -- C:\Windows\System32\drivers\tos_sps32.sys (TOSHIBA Corporation)
DRV - (SVRPEDRV) -- C:\Windows\System32\sysprep\PEDRV.SYS (Inventec Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (TVALZ) -- C:\Windows\System32\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (dgcfltr) -- C:\Windows\System32\drivers\ACFDCP32.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\ACFXAU32.sys (Conexant Systems, Inc.)
DRV - (acfva) -- C:\Windows\System32\drivers\ACFVA32.sys (Conexant Systems Inc.)
DRV - (mdmxsdk) -- C:\Windows\System32\drivers\ACFSDK32.sys (Conexant)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (FwLnk) -- C:\Windows\System32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (KR10I) -- C:\Windows\System32\drivers\KR10I.sys (TOSHIBA CORPORATION)
DRV - (KR10N) -- C:\Windows\System32\drivers\KR10N.sys (TOSHIBA CORPORATION)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (CA561) -- C:\Windows\System32\drivers\spca561.sys (SP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKLM\..\SearchScopes\{5413DC04-8E8C-4D0A-B988-D5786D662FD9}: "URL" = http://www.google.co...ge={startPage};

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKCU\..\SearchScopes,DefaultScope = {5413DC04-8E8C-4D0A-B988-D5786D662FD9}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/01/15 20:57:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/15 19:06:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 20:58:28 | 000,000,000 | ---D | M]

[2012/01/15 02:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/17 11:18:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/11/15 21:59:53 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]_bak
[2011/12/21 03:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/02/11 15:16:16 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/14 01:06:53 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/12/21 00:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 00:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

O1 HOSTS File: ([2012/06/03 21:37:13 | 000,000,048 | --S- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - Reg Error: Key error. File not found
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/03 15:01:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/30 22:31:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/30 22:28:00 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp
[2012/05/30 22:27:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/30 22:14:40 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/30 21:28:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Resource Kits
[2012/05/30 21:27:10 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012/05/28 14:55:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/28 14:55:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/28 14:55:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/28 14:55:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/28 14:40:30 | 004,530,271 | R--- | C] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 11:42:19 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/27 11:21:34 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/26 12:29:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\OTL
[2012/05/25 23:39:40 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\WindowsForUs
[2012/05/25 23:36:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinBubble
[2012/05/25 23:36:53 | 000,000,000 | ---D | C] -- C:\Program Files\WinBubble
[2012/05/25 00:31:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/24 22:11:54 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\log
[2012/05/24 22:11:48 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\TMRBLog
[2012/05/24 21:38:10 | 000,000,000 | ---D | C] -- C:\Users\admin\Desktop\backups
[2012/05/24 21:31:41 | 008,656,400 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 21:31:35 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 15:23:41 | 000,000,000 | ---D | C] -- C:\Users\admin\Pavark
[2012/05/24 11:30:09 | 000,475,712 | ---- | C] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/24 02:45:57 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Microsoft Games
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Opera
[2012/05/23 01:14:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Opera
[2012/05/22 23:33:21 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\vlc
[2012/05/22 23:31:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Apple Computer
[2012/05/22 23:21:13 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012/05/22 23:01:05 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/22 23:00:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/22 00:22:43 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/20 22:35:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/20 19:21:42 | 000,000,000 | ---D | C] -- C:\Program Files\DLLSuite
[2012/05/18 23:40:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/18 23:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/05/18 17:50:44 | 000,000,000 | ---D | C] -- C:\Users\admin\AbiSuite
[2012/05/15 15:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LocalNet
[2012/05/15 15:31:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\FTL Shared
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Qualcomm
[2012/05/14 23:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Netscape
[2012/05/14 00:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012/05/14 00:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 5
[2012/05/14 00:51:20 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/05/13 17:14:50 | 000,000,000 | ---D | C] -- C:\Windows\TempFA2B2319-FCE2-5246-1C6F-52F8D52354BF-Signatures
[2012/05/13 15:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\LocalNet
[2012/05/13 00:38:30 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/05/12 23:38:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/05/12 22:22:54 | 000,000,000 | ---D | C] -- C:\Program Files\cfos6link

========== Files - Modified Within 30 Days ==========

[2012/06/06 11:26:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 11:26:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/06 11:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/06 11:26:27 | 2950,524,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/06 11:18:28 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/03 21:37:13 | 000,000,048 | --S- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/03 17:45:24 | 000,612,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/03 17:45:24 | 000,106,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/01 23:31:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ipconfig
[2012/05/30 22:31:52 | 000,483,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/30 20:47:08 | 000,379,392 | ---- | M] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/28 14:18:51 | 001,310,720 | ---- | M] () -- C:\Users\admin\NTUSER.bak
[2012/05/28 11:55:04 | 004,530,271 | R--- | M] (Swearware) -- C:\Users\admin\Desktop\ComboFix.exe
[2012/05/27 14:16:40 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\admin\Desktop\aswMBR.exe
[2012/05/26 23:08:18 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\1vg7ccn1.exe
[2012/05/26 20:44:14 | 000,650,240 | ---- | M] () -- C:\Users\admin\Desktop\MicrosoftFixit50203.msi
[2012/05/26 00:36:20 | 000,044,786 | ---- | M] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | M] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:37:04 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\admin\Desktop\OTL.exe
[2012/05/25 18:03:30 | 000,650,240 | ---- | M] () -- C:\MicrosoftFixit50203.msi
[2012/05/25 15:32:38 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/05/24 20:53:30 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\HijackThis.exe
[2012/05/24 20:49:12 | 008,656,400 | ---- | M] (Trend Micro Inc.) -- C:\Users\admin\Desktop\RootkitBuster_v5_1061.exe
[2012/05/24 16:56:32 | 000,001,042 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:19:26 | 001,020,640 | ---- | M] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:35:54 | 000,302,592 | ---- | M] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:58:06 | 000,003,070 | ---- | M] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/23 23:37:49 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012/05/22 23:01:33 | 000,000,680 | ---- | M] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\Users\admin\Desktop\rootkitremover.exe
[2012/05/22 21:26:00 | 000,475,712 | ---- | M] (McAfee, Inc.) -- C:\rootkitremover.exe
[2012/05/22 00:02:48 | 000,337,639 | ---- | M] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/21 22:12:14 | 000,396,041 | ---- | M] () -- C:\Users\admin\Desktop\MiniToolBox.exe
[2012/05/19 14:35:01 | 000,000,614 | ---- | M] () -- C:\Windows\nsreg.dat
[2012/05/18 17:48:13 | 000,000,954 | ---- | M] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/05/18 16:49:15 | 000,148,920 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/05/18 00:41:24 | 000,000,761 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.bak
[2012/05/14 23:54:22 | 000,000,335 | ---- | M] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk

========== Files Created - No Company Name ==========

[2012/06/01 23:31:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ipconfig
[2012/05/30 20:58:59 | 000,379,392 | ---- | C] () -- C:\Users\admin\Desktop\subinacl.msi
[2012/05/29 12:34:11 | 000,337,639 | ---- | C] () -- C:\Users\admin\Desktop\FSS.exe
[2012/05/28 14:55:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/28 14:55:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/28 14:55:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/28 14:55:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/28 14:55:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/28 14:33:48 | 000,396,041 | ---- | C] () -- C:\Users\admin\Desktop\MiniToolBox.exe
[2012/05/26 23:27:55 | 000,302,592 | ---- | C] () -- C:\Users\admin\Desktop\1vg7ccn1.exe
[2012/05/26 00:37:45 | 000,044,786 | ---- | C] () -- C:\nettcpip.inf
[2012/05/25 23:36:55 | 000,001,595 | ---- | C] () -- C:\Users\admin\Desktop\WinBubbles.lnk
[2012/05/25 21:16:33 | 000,650,240 | ---- | C] () -- C:\MicrosoftFixit50203.msi
[2012/05/25 21:14:25 | 000,650,240 | ---- | C] () -- C:\Users\admin\Desktop\MicrosoftFixit50203.msi
[2012/05/24 22:09:19 | 2950,524,928 | -HS- | C] () -- C:\hiberfil.sys
[2012/05/24 16:56:32 | 000,001,042 | ---- | C] () -- C:\Users\admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2012/05/24 15:23:04 | 001,020,640 | ---- | C] () -- C:\Users\admin\Desktop\antirootkit.exe
[2012/05/24 00:48:45 | 000,302,592 | ---- | C] () -- C:\Users\admin\Desktop\8n2b1bum.exe
[2012/05/23 23:53:52 | 000,003,070 | ---- | C] () -- C:\Users\admin\Desktop\Attach.zip
[2012/05/23 23:37:49 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012/05/22 23:01:33 | 000,000,680 | ---- | C] () -- C:\Users\admin\AppData\Local\d3d9caps.dat
[2012/05/22 17:45:19 | 000,001,699 | ---- | C] () -- C:\Windows\Notepad.lnk
[2012/05/18 16:44:48 | 000,001,983 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/05/14 23:54:22 | 000,000,335 | ---- | C] () -- C:\Windows\mozregistry.dat
[2012/05/14 00:51:51 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Uninstaller.lnk
[2012/05/14 00:51:51 | 000,001,025 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare 5.lnk
[2012/05/13 17:18:13 | 000,001,837 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/01/15 15:46:06 | 000,483,240 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/31 16:57:55 | 000,012,908 | -HS- | C] () -- C:\ProgramData\ara327au0mpx25ws6q613p7wrvbho2wq2awry
[2011/11/21 14:52:35 | 000,118,784 | ---- | C] () -- C:\Windows\ShowBmp.exe
[2011/11/21 14:52:35 | 000,014,385 | ---- | C] () -- C:\Windows\Tw561a.ini
[2011/11/21 14:52:35 | 000,000,081 | ---- | C] () -- C:\Windows\Setup8a.ini
[2011/11/15 21:58:49 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat3
[2011/11/15 21:58:49 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat3
[2011/11/04 22:57:39 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2011/11/04 22:57:39 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2011/11/04 22:57:39 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2011/11/04 22:57:39 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2011/11/04 22:57:39 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2011/06/03 13:10:57 | 000,073,600 | ---- | C] () -- C:\Windows\System32\ezGOSvc.dll
[2011/05/28 16:04:33 | 000,747,592 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011/05/28 16:04:32 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011/05/28 16:04:02 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011/05/04 22:08:31 | 000,000,020 | ---- | C] () -- C:\Windows\cmm.dat
[2011/05/04 22:07:57 | 000,000,186 | ---- | C] () -- C:\Windows\System32\CleanMem.ini
[2010/07/03 18:07:57 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini

========== LOP Check ==========

[2012/05/22 23:00:55 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\IObit
[2012/05/23 01:14:44 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Opera
[2011/11/18 17:59:06 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Yandex
[2012/06/06 11:25:32 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:2D6E5D55
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:ECF54A0E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E7833B2E
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:1EE5EBCB
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >
  • 0

#49
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
  • Download 6to4remover.zip
  • Right Click and extract all
  • Open the folder 6to4removal. Find i386.exe, right click on it and Run As Admin
  • From an elevated command prompt, run
ipconfig /all >%userprofile%\desktop\winvista.txt
Post the contents of Winvista.txt please
  • 0

#50
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Since I ran the OTL fix this morning, I have no mouse capability at all. Not even an external mouse works so I am doing this all by keyboard. Here is the latest ipconfig /all result:


Windows IP Configuration

Host Name . . . . . . . . . . . . : rnt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

PPP adapter Localnet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Localnet
Physical Address. . . . . . . . . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 4.252.94.46(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.255
Default Gateway . . . . . . . . . : 0.0.0.0
DNS Servers . . . . . . . . . . . : 64.136.173.4
64.136.164.76
NetBIOS over Tcpip. . . . . . . . : Disabled

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR5007EG Wireless Network Adapter
Physical Address. . . . . . . . . : 00-21-63-0F-E6-60
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-1E-33-45-8D-6C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
  • 0

#51
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
Firstly can you get on the internet?

I can't see why the mouse would stop, we haven't touched anything to do with it. Have you the drivers disk that came with the laptop?
  • 0

#52
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Unforunately, I don't have the drivers disk ... if I can get on the internet, I will download them from Toshiba. I'm not sure that it is a drivers issue because when I connected the external mouse, I got the "Installing new hardware" dialogue and "Ready to use" which I took to mean that it is using the Windows default driver for a mouse. The Toshiba driver is for the touchpad. I could be wrong though.

No, I still am unable to navigate the internet. Everything is exactly the same - ping and browsers don't work. And in order to get that little green globe on the connection indicator (bottom right of the screen), I have to do nslookup and it appears. But ping still doesn't work.
  • 0

#53
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
Let's get the mouse back first

Can you restore your system to an an earlier state using system restore. A time previous to the OTL fix please.
To do this, follow the instructions here
  • 0

#54
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Last week or so, I created a restore point, but now the system is telling me I don't have any restore points. This has been a constant problem for me in that I create restore points, but when I need them, they are not there.

So I went into device manager and under mouse, it said that I have problem with that registry entry. I remember that ComboFix made a backup of my registry. Is there anyway that I can restore my system from that backup?
  • 0

#55
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
There are 2 backups created. Please take note of the difference between the two:

  • Windows\ERDNT\hiv-backup\erdnt.exe - taken after user has agreed to the Disclaimer. Good for recovering Hive branches accidentally deleted by helpers.
  • Windows\ERDNT\sUBs\Erdnt.exe - taken just before CF reboots a machine.

I'd try this one first, it's after ComboFix was run

Double click on C:\WINDOWS\ERDNT\subs\erdnt.exe

or if you want to go to before ComboFix was run

Double click on C:\WINDOWS\ERDNT\Hiv-backup\erdnt.exe
  • 0

Advertisements


#56
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Forget about my suggestion about using ComboFix's registry backup. I found the directory, but there are no backup files there.
  • 0

#57
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
» Step 1«
Download HostsXpert . Save the file then right click and Extract All. It will create a new folder in the same place. In the folder find HostsXpert.exe and right click on it and Run As Administrator.

It will take a few seconds to appear. If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only? If it already says Make Read Only? that's OK just go on to the next step.

Click on Editing then in the box below where it says Add Line

type in:
173.194.33.38 google.com

» Step 2«
From an elevated command prompt run
netsh  winsock  reset  catalog

» Step 3«
  • On the desktop, right-click Network, and then click Properties.
  • Under Tasks, click Manage network connections.
  • Right-click your dialup Connection (suspect yours will say PPP), and then click Properties
  • In the This connection uses the following items list, double-click Internet Protocol Version 4 (TCP/IPv4), click Advanced, and then click the WINS tab.
  • Click Use NetBIOS setting from the DHCP server, and then click OK.
  • While we are here click on the DNS tab. It should look like this:



» Step 4«
  • Save the attached zip file, and expand winvista.bat to your desktop.
  • Double-click it to run
  • Attatch winvista.txt file from your desktop please

Check you connection now please
  • 0

#58
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
Unfortunately, I cannot complete this because HostXpert requires the use of a mouse. It won't let me tab through the options. Is there any way to repair whatever the OTL fix did to the registry entry for the pointing device? The device manager tells me that the registry entry is either corrupted or incomplete. I don't have to have the touchpad working specifically ... any mouse would do.
  • 0

#59
azarl

azarl

    GeekU Admin

  • Administrator
  • 25,176 posts
The only way to restore the registry is via the ComboFix archives or the Restore points, neither of which are there. Have you the WIndows disk, we'll do a repair install?
  • 0

#60
winvista

winvista

    Member

  • Topic Starter
  • Member
  • PipPip
  • 40 posts
I will find the Windows disk. This might take a day or two.

EDIT: I found the ComboFix backup (I think). See next message.

Edited by winvista, 09 June 2012 - 10:52 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP