Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Explorer Redirect, Missing Desktop Icons and Start Menu


  • Please log in to reply

#1
Gambit80

Gambit80

    New Member

  • Member
  • Pip
  • 3 posts
This problem started yesterday with a sudden shut down of the system while working. Upon starting back up, I was missing my desktop icons, start menu items and all folders and objects were hidden on my C drive. Had pop ups telling me that my C drive was bad, needing repairing, etc.

Downloaded and Installed MalwareBytes and ran it. Found infections and removed them. Used "Unhide.exe" to restore the setting on all files and folders. All looked normal.

However, upon starting this morning, still having issues with redirects and MalwareBytes keeping blocking 206.161.121.3. Certain software will not run as well.

This is a Windows XP machine, with SP3 installed. Any help you folks can give will me much appreciated. Below is the OTL log.

OTL logfile created on: 7/3/2012 6:16:21 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\IT CLean
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 0.60 Gb Available Physical Memory | 40.32% Memory free
3.35 Gb Paging File | 2.67 Gb Available in Paging File | 79.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 411.46 Gb Free Space | 88.34% Space Free | Partition Type: NTFS
Drive F: | 145.81 Gb Total Space | 107.64 Gb Free Space | 73.83% Space Free | Partition Type: NTFS
Drive G: | 497.22 Mb Total Space | 487.19 Mb Free Space | 97.98% Space Free | Partition Type: FAT
Drive S: | 465.75 Gb Total Space | 204.04 Gb Free Space | 43.81% Space Free | Partition Type: NTFS
Drive T: | 465.75 Gb Total Space | 204.04 Gb Free Space | 43.81% Space Free | Partition Type: NTFS

Computer Name: BILLJ | User Name: wjankowski | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/03 18:11:31 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\IT CLean\OTL.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) -- C:\Documents and Settings\wjankowski.sja\Local Settings\Temp\RarSFX5\nird\iexplore.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/13 20:12:14 | 000,389,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/02 14:15:36 | 000,037,888 | ---- | M] () -- C:\WINDOWS\system32\usbnlw32.dll
MOD - [2012/05/29 19:06:25 | 003,417,376 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_80c2ffa.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2008/04/13 20:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 20:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2001/10/11 17:34:50 | 000,077,824 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 5.0\Distillr\adistres.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\usbnhw32.dll -- (NEC Usb3.0)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\Iasv32.dll -- (Ias)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/06/27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012/05/29 19:06:25 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/19 16:49:48 | 000,082,584 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2011/05/05 07:00:34 | 000,325,952 | ---- | M] (Panda Security) [Disabled | Stopped] -- C:\Program Files\Panda Software\AVTC\PSCtrlS.exe -- (Panda Software Controller)
SRV - [2011/03/31 08:42:16 | 001,045,256 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/16 08:32:47 | 000,027,968 | ---- | M] (Panda Software International) [Disabled | Stopped] -- C:\Program Files\Panda Software\AVTC\psksvc.exe -- (PskSvc)
SRV - [2010/07/14 13:42:27 | 000,313,152 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Software\AVTC\pavsrvx86.exe -- (PavSrv)
SRV - [2010/06/25 06:36:28 | 000,107,328 | ---- | M] (Panda Security S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Software\AVTC\PSIMSVC.EXE -- (PsImSvc)
SRV - [2009/12/18 08:43:12 | 000,926,976 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe -- (PavReport)
SRV - [2009/11/25 13:38:47 | 000,468,224 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe -- (PAVAGENTE)
SRV - [2009/11/18 17:19:44 | 000,255,232 | ---- | M] (Panda Software) [Disabled | Stopped] -- C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe -- (PavAtScheduler)
SRV - [2008/02/04 11:26:47 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe -- (PavPrSrv)
SRV - [2007/01/15 08:42:16 | 000,067,120 | ---- | M] (Panda Software International) [Disabled | Stopped] -- C:\Program Files\Panda Software\AVTC\pskmssvc.exe -- (PMShellSrv)
SRV - [2006/03/30 07:16:22 | 000,114,688 | ---- | M] (Sepialine, Inc.) [Disabled | Stopped] -- C:\Program Files\Sepialine\Argos Print Monitor\WorkstationMonitor.exe -- (Argos Billing Dialog)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\zumbus.sys -- (zumbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/03/07 06:27:57 | 000,062,152 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2011/02/21 08:38:31 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Shldrv51.sys -- (ShldDrv)
DRV - [2010/05/06 11:11:57 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/02/09 21:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/16 16:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.0\dealioToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{63140ECF-C629-BE59-8F0E-90B4FF340C03}: "URL" = http://lf.startnow.c...eferrer:source}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKCU\..\SearchScopes\{F6C1AE9F-C0FA-4940-9B5A-CD2D9ABDA9F3}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\wjankowski\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\wjankowski\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\WJankowski.SJA\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)



O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.0\dealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Radio Bar 1.1 Toolbar) - {a8938ed0-6c0c-4143-a80e-e12136c5c69a} - C:\Program Files\Radio_Bar_1.1\prxtbRad1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\IE\6.0\dealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Radio Bar 1.1 Toolbar) - {a8938ed0-6c0c-4143-a80e-e12136c5c69a} - C:\Program Files\Radio_Bar_1.1\prxtbRad1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Radio Bar 1.1 Toolbar) - {A8938ED0-6C0C-4143-A80E-E12136C5C69A} - C:\Program Files\Radio_Bar_1.1\prxtbRad1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\wjankowski\Local Settings\Application Data\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\wjankowski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c File not found
O4 - HKCU..\Run: [Softonic] C:\Documents and Settings\WJankowski.SJA\Local Settings\Application Data\Softonic\azovmgxd.dll (Creative Technology Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 216.199.0.132 216.199.46.11 192.168.1.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SJA.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D82550BD-948D-4C84-AA4B-BA6676691C07}: DhcpNameServer = 216.199.0.132 216.199.46.11 192.168.1.99
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D82550BD-948D-4C84-AA4B-BA6676691C07}: Domain = sja.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D82550BD-948D-4C84-AA4B-BA6676691C07}: NameServer = 192.168.1.99,4.2.2.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NecUsb30Sevice: DllName - (usbnlw32.dll) - C:\WINDOWS\System32\usbnlw32.dll ()
O20 - Winlogon\Notify\usbnlw32: DllName - (usbnlw32.dll) - C:\WINDOWS\System32\usbnlw32.dll ()
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/05 13:35:46 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/04/01 20:59:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/03 18:02:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Softonic
[2012/07/03 17:42:44 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/07/03 10:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WJankowski.SJA\Desktop\SR600 backup
[2012/07/03 08:07:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/07/03 08:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/07/02 19:57:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/07/02 19:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/07/02 19:23:34 | 000,000,000 | ---D | C] -- C:\IT CLean
[2012/07/02 19:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2012/07/02 15:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WJankowski.SJA\Application Data\Malwarebytes
[2012/07/02 15:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/02 15:46:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/02 15:46:49 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/02 15:46:49 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/02 15:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WJankowski.SJA\Local Settings\Application Data\Softonic
[2012/07/02 15:32:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012/07/02 15:21:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\WJankowski.SJA\Recent
[2012/07/02 08:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WJankowski.SJA\Application Data\Search Settings
[2012/07/02 08:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012/07/02 08:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dealio Toolbar
[2012/07/02 08:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/06/13 12:29:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WJankowski.SJA\Application Data\Unity
[2012/06/13 12:16:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\WJankowski.SJA\Local Settings\Application Data\Unity

========== Files - Modified Within 30 Days ==========

[2012/07/03 18:24:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/03 18:07:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-214166804-1242351126-2058078436-1144UA.job
[2012/07/03 18:04:55 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/03 18:04:54 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/03 18:02:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/03 17:38:00 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\WJankowski.SJA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/03 17:28:45 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/07/03 15:47:09 | 000,002,471 | ---- | M] () -- C:\Documents and Settings\WJankowski.SJA\Desktop\Microsoft Excel.lnk
[2012/07/03 14:07:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-214166804-1242351126-2058078436-1144Core.job
[2012/07/03 09:19:28 | 000,294,847 | ---- | M] () -- C:\WINDOWS\System32\shimg.dll
[2012/07/03 09:16:05 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\WJankowski.SJA\My Documents\acad.err
[2012/07/03 08:14:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012/07/03 08:05:06 | 000,523,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/03 08:05:06 | 000,096,896 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/03 02:14:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/07/02 19:49:34 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\WJankowski.SJA\Desktop\Shortcut to OUTLOOK.EXE.lnk
[2012/07/02 15:22:17 | 000,105,324 | ---- | M] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/07/02 15:22:17 | 000,000,197 | ---- | M] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/07/02 14:15:36 | 000,037,888 | ---- | M] () -- C:\WINDOWS\System32\usbnlw32.dll
[2012/07/02 13:57:08 | 000,000,855 | ---- | M] () -- C:\Documents and Settings\WJankowski.SJA\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/06/21 10:36:24 | 000,000,041 | ---- | M] () -- C:\WINDOWS\loc2.INI
[2012/06/21 10:36:21 | 000,000,041 | ---- | M] () -- C:\WINDOWS\FindServ.INI
[2012/06/20 08:27:27 | 000,000,066 | ---- | M] () -- C:\WINDOWS\ccolwiz.ini
[2012/06/19 15:42:27 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\WJankowski.SJA\Desktop\Microsoft Word.lnk
[2012/06/14 08:40:58 | 000,002,014 | ---- | M] () -- C:\Documents and Settings\WJankowski.SJA\Desktop\Hydraflow Hydrographs Extension for AutoCAD Civil 3D 2009.lnk
[2012/06/14 03:18:50 | 000,228,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/14 03:04:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Files Created - No Company Name ==========

[2012/07/03 17:38:00 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\WJankowski.SJA\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/07/03 09:16:05 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\WJankowski.SJA\My Documents\acad.err
[2012/07/02 19:52:57 | 000,294,847 | ---- | C] () -- C:\WINDOWS\System32\shimg.dll
[2012/07/02 19:49:34 | 000,000,840 | ---- | C] () -- C:\Documents and Settings\WJankowski.SJA\Desktop\Shortcut to OUTLOOK.EXE.lnk
[2012/07/02 19:21:18 | 000,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/07/02 19:14:40 | 000,000,955 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Defender.lnk
[2012/07/02 16:08:53 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\L\[email protected]
[2012/07/02 16:08:48 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\U\[email protected]
[2012/07/02 16:08:46 | 000,002,048 | ---- | C] () -- C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\U\[email protected]
[2012/07/02 16:08:46 | 000,001,632 | ---- | C] () -- C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\U\[email protected]
[2012/07/02 15:22:17 | 000,105,324 | ---- | C] () -- C:\WINDOWS\System32\itldvupd.dat
[2012/07/02 15:22:17 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\itlsvc.dat
[2012/07/02 14:15:32 | 000,094,208 | ---- | C] () -- C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\U\[email protected]
[2012/07/02 14:15:32 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\usbnlw32.dll
[2012/07/02 14:15:32 | 000,000,804 | ---- | C] () -- C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\L\[email protected]
[2012/07/02 14:15:30 | 000,002,048 | ---- | C] () -- C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\U\[email protected]
[2012/07/02 14:15:30 | 000,001,632 | ---- | C] () -- C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\U\[email protected]
[2012/07/02 13:57:07 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\WJankowski.SJA\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/15 03:18:30 | 002,258,232 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/05/04 14:20:36 | 000,001,130 | ---- | C] () -- C:\Documents and Settings\WJankowski.SJA\Local Settings\Application Data\FASTWiz.html
[2012/02/15 04:07:57 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/11 04:11:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/11/04 11:42:42 | 000,000,295 | ---- | C] () -- C:\Documents and Settings\WJankowski.SJA\.openev
[2011/10/27 17:11:08 | 000,447,778 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-214166804-1242351126-2058078436-1144-0.dat
[2011/10/27 17:11:07 | 000,199,446 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/07/22 09:01:59 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2011/05/13 15:56:09 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\pavversion.ini
[2011/05/10 20:06:41 | 000,000,022 | ---- | C] () -- C:\WINDOWS\LoadConfig.ini
[2011/05/05 15:13:52 | 000,000,000 | R--- | C] () -- C:\WINDOWS\SA2006.ini
[2011/04/18 07:50:23 | 000,000,949 | ---- | C] () -- C:\WINDOWS\System32\smbios.dat
[2011/01/20 13:37:28 | 000,044,508 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/16 15:32:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/07 10:09:37 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\WJankowski.SJA\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/30 10:03:03 | 000,004,584 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/04/01 22:33:02 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\WJankowski.SJA\Local Settings\Application Data\fusioncache.dat
[2004/08/04 08:00:00 | 000,002,048 | -HS- | C] () -- C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\@
[2004/08/04 08:00:00 | 000,002,048 | -HS- | C] () -- C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\@

========== LOP Check ==========

[2011/04/14 09:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2011/02/16 08:22:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bentley
[2012/01/24 10:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\sentinel
[2011/11/28 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE
[2011/01/20 13:29:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/13 12:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\Autodesk
[2011/02/16 08:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\Bentley
[2011/07/22 09:36:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\Dealio
[2011/05/05 15:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\DeLorme
[2011/07/22 09:35:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\FreeAudioPack
[2010/04/05 12:53:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\InterTrust
[2012/07/02 19:05:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\PriceGong
[2012/07/02 08:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\Search Settings
[2012/06/13 12:29:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\Unity
[2010/11/17 17:18:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\wjankowski.sja\Application Data\Xerox
[2012/07/03 02:14:04 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,934 posts
Hi and :welcome:

  • Please double-click OTL.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the quote below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKCU..\Run: [Softonic] C:\Documents and Settings\WJankowski.SJA\Local Settings\Application Data\Softonic\azovmgxd.dll (Creative Technology Ltd.)
    O20 - Winlogon\Notify\NecUsb30Sevice: DllName - (usbnlw32.dll) - C:\WINDOWS\System32\usbnlw32.dll ()
    O20 - Winlogon\Notify\usbnlw32: DllName - (usbnlw32.dll) - C:\WINDOWS\System32\usbnlw32.dll ()

    :files
    C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}
    C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}
    C:\WINDOWS\System32\usbnlw32.dll
    C:\WINDOWS\System32\itldvupd.dat
    C:\WINDOWS\System32\itlsvc.dat
    C:\WINDOWS\System32\shimg.dll

    :Commands
    [EMPTYJAVA]
    [REBOOT]

  • Return to OTL, right click in the "Custom Scans/Fixes" window and choose Paste.
  • Click the red Run Fix button.
  • The computer will restart
  • A report will be produced and saved in the C:\_OTL\MovedFiles folder. Open that report and post its contents in a reply.


Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#3
Gambit80

Gambit80

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL Report

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Softonic deleted successfully.
C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\Softonic\azovmgxd.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NecUsb30Sevice\ deleted successfully.
C:\WINDOWS\system32\usbnlw32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\usbnlw32\ deleted successfully.
File C:\WINDOWS\System32\usbnlw32.dll not found.
========== FILES ==========
C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\U folder moved successfully.
C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\L folder moved successfully.
C:\WINDOWS\Installer\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5} folder moved successfully.
C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\U folder moved successfully.
C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5}\L folder moved successfully.
C:\Documents and Settings\wjankowski.sja\Local Settings\Application Data\{157a4a6d-e86f-ae26-4820-d6affa5fbaa5} folder moved successfully.
File\Folder C:\WINDOWS\System32\usbnlw32.dll not found.
C:\WINDOWS\System32\itldvupd.dat moved successfully.
C:\WINDOWS\System32\itlsvc.dat moved successfully.
C:\WINDOWS\System32\shimg.dll moved successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Administrator

User: All Users

User: cdaugherty

User: Default User

User: LocalService

User: NetworkService

User: William Jamkowski

User: wjankowski

User: wjankowski.sja
->Java cache emptied: 0 bytes

User: WJankowski.SJA.new

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07042012_132533

ComboFix Report

ComboFix 12-07-04.04 - wjankowski 07/04/2012 13:54:57.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1534.797 [GMT -4:00]
Running from: c:\documents and settings\WJankowski.SJA\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\WJankowski.SJA\Application Data\Dealio
c:\documents and settings\WJankowski.SJA\Application Data\Dealio\res\widgets.xml
c:\documents and settings\WJankowski.SJA\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\1.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\a.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\b.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\c.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\d.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\e.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\f.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\g.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\h.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\i.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\J.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\k.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\l.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\m.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\n.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\o.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\p.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\q.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\r.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\s.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\t.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\u.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\v.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\w.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\x.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\y.xml
c:\documents and settings\WJankowski.SJA\Application Data\PriceGong\Data\z.xml
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\IE\6.0\config.ini
c:\program files\Dealio Toolbar\IE\6.0\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\facebook.gif
c:\program files\Dealio Toolbar\Res\googleplus.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\Lang\res1031.ini
c:\program files\Dealio Toolbar\Res\Lang\res1033.ini
c:\program files\Dealio Toolbar\Res\Lang\res1034.ini
c:\program files\Dealio Toolbar\Res\Lang\res1036.ini
c:\program files\Dealio Toolbar\Res\Lang\res1040.ini
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\radio-close.gif
c:\program files\Dealio Toolbar\Res\radio-minimize.gif
c:\program files\Dealio Toolbar\Res\radiobeta.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_baidu.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\search_yandex.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\twitter.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
-------\Legacy_IAS
-------\Legacy_NEC_USB3.0
-------\Service_Ias
-------\Service_NEC Usb3.0
.
.
((((((((((((((((((((((((( Files Created from 2012-06-04 to 2012-07-04 )))))))))))))))))))))))))))))))
.
.
2012-07-04 17:25 . 2012-07-04 17:25 -------- d-----w- C:\_OTL
2012-07-04 00:33 . 2012-06-18 07:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{31E39455-5EE6-4C31-97BD-06964B75E9C8}\mpengine.dll
2012-07-04 00:16 . 2012-07-04 00:16 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-03 23:34 . 2012-07-03 23:34 -------- d-----w- c:\documents and settings\WJankowski.SJA\Local Settings\Application Data\LogMeIn
2012-07-03 23:34 . 2012-05-11 14:40 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-07-03 23:34 . 2012-05-11 14:40 30592 ----a-w- c:\windows\system32\LMIport.dll
2012-07-03 23:34 . 2012-05-11 14:40 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-07-03 23:34 . 2012-04-02 16:17 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-07-03 23:34 . 2012-05-11 14:40 87424 ----a-w- c:\windows\system32\LMIinit.dll
2012-07-03 23:33 . 2012-07-04 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2012-07-03 23:33 . 2012-07-03 23:59 -------- d-----w- c:\program files\LogMeIn
2012-07-03 22:46 . 2012-07-03 23:25 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-07-03 22:02 . 2012-07-03 22:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Softonic
2012-07-03 12:09 . 2012-07-03 12:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-07-02 23:23 . 2012-07-04 00:16 -------- d-----w- C:\IT CLean
2012-07-02 23:19 . 2012-06-18 07:14 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-07-02 23:19 . 2012-02-23 14:18 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-07-02 23:14 . 2012-07-03 21:56 -------- d-----w- c:\program files\Windows Defender
2012-07-02 21:08 . 2012-07-02 21:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2012-07-02 19:55 . 2012-07-02 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-07-02 19:47 . 2012-07-02 19:47 -------- d-----w- c:\documents and settings\WJankowski.SJA\Application Data\Malwarebytes
2012-07-02 19:46 . 2012-07-02 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-02 19:46 . 2012-07-02 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-02 19:46 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 19:37 . 2012-07-04 17:25 -------- d-----w- c:\documents and settings\WJankowski.SJA\Local Settings\Application Data\Softonic
2012-07-02 12:02 . 2012-07-02 12:02 -------- d-----w- c:\documents and settings\WJankowski.SJA\Application Data\Search Settings
2012-07-02 12:02 . 2012-07-02 12:02 -------- d-----w- c:\program files\Common Files\Spigot
2012-07-02 12:02 . 2012-07-02 12:02 -------- d-----w- c:\program files\Application Updater
2012-06-14 03:33 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-13 16:29 . 2012-06-13 16:29 -------- d-----w- c:\documents and settings\WJankowski.SJA\Application Data\Unity
2012-06-13 16:16 . 2012-06-13 16:16 -------- d-----w- c:\documents and settings\WJankowski.SJA\Local Settings\Application Data\Unity
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-02 19:19 . 2009-08-07 00:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2010-04-02 00:57 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2010-04-02 00:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2010-04-02 00:57 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2010-04-02 00:57 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2010-04-02 00:57 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2009-08-07 00:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2009-08-07 00:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2009-08-07 00:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2010-04-02 00:57 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2010-04-02 00:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-05-12 12:22 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-05-12 12:22 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 19:18 . 2010-05-12 12:22 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2004-08-04 12:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2004-08-04 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2004-08-03 22:59 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2010-04-02 00:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a8938ed0-6c0c-4143-a80e-e12136c5c69a}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Radio_Bar_1.1\prxtbRad1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{a8938ed0-6c0c-4143-a80e-e12136c5c69a}"= "c:\program files\Radio_Bar_1.1\prxtbRad1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a8938ed0-6c0c-4143-a80e-e12136c5c69a}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A8938ED0-6C0C-4143-A80E-E12136C5C69A}"= "c:\program files\Radio_Bar_1.1\prxtbRad1.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a8938ed0-6c0c-4143-a80e-e12136c5c69a}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2012-04-02 63048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2012-05-11 14:40 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 15:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-04 03:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2006-02-10 02:05 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
2012-06-27 21:11 1090440 ----a-w- c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2005-03-22 22:20 339968 ----a-w- c:\windows\stsystra.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 18:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"PskSvc"=2 (0x2)
"PsImSvc"=2 (0x2)
"PMShellSrv"=2 (0x2)
"PavSrv"=2 (0x2)
"PavReport"=3 (0x3)
"PavPrSrv"=2 (0x2)
"PavAtScheduler"=2 (0x2)
"PAVAGENTE"=2 (0x2)
"Panda Software Controller"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Argos Billing Dialog"=2 (0x2)
"Application Updater"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\Shldrv51.sys [5/13/2011 3:16 PM 37448]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 8:00 AM 14336]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [5/11/2012 10:40 AM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/2/2012 12:17 PM 12856]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/2/2012 3:46 PM 654408]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [5/13/2011 3:16 PM 163848]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/2/2012 3:46 PM 22344]
S4 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [6/27/2012 5:01 PM 791488]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/7/2011 12:44 PM 136176]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/7/2011 12:44 PM 136176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
NECUsb3 REG_MULTI_SZ NEC Usb3.0
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 16:44]
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-07 16:44]
.
2012-07-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 216.199.0.132 216.199.46.11 192.168.1.99
TCP: Interfaces\{D82550BD-948D-4C84-AA4B-BA6676691C07}: NameServer = 192.168.1.99,4.2.2.1
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Akamai NetSession Interface - c:\documents and settings\wjankowski\Local Settings\Application Data\Akamai\netsession_win.exe
Notify-NecUsb30Sevice - usbnlw32.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-Panda Controller Client - c:\program files\Panda Software\AVTC\PSCtrlC.exe
MSConfigStartUp-xBuRdeRWhJWa - c:\documents and settings\All Users\Application Data\xBuRdeRWhJWa.exe
AddRemove-Akamai - c:\documents and settings\wjankowski\Local Settings\Application Data\Akamai\uninstall.exe
AddRemove-Google Chrome - c:\documents and settings\wjankowski\Local Settings\Application Data\Google\Chrome\Application\18.0.1025.168\Installer\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-07-04 17:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\LMIinit.dll
c:\program files\LogMeIn\x86\LMIhook.000.dll
c:\windows\system32\wininet.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(1736)
c:\windows\system32\WININET.dll
c:\program files\LogMeIn\x86\LMIhook.000.dll
c:\windows\system32\AcSignIcon.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
.
**************************************************************************
.
Completion time: 2012-07-04 17:32:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-04 21:32
.
Pre-Run: 440,626,061,312 bytes free
Post-Run: 442,836,271,104 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 30A34D6F5F2029A7A8AA68E16793AE77


Thanks!
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,934 posts
I would recommend AVAST as an antivirus.


Lets scan for remnants:

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#5
Gambit80

Gambit80

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I will have this data shortly. I apologize for the delay. Thanks for the help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP