Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i think i may have a virus /comp redirected to amazon [Solved]

Started by snowysdad43 , Sep 28 2012 05:26 PM

  • This topic is locked This topic is locked

#16
snowysdad43
Posted 06 October 2012 - 02:50 PM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
ok essex
i tried in normal and got 30 something task managers and had to force shutdown when i was looking into properties i found this i dont think its right
http://i78.photobuck...permissions.jpg
going to run combofix in safe as advised

edit combofix hung up again at the same file or command i have a screenshot if it helps determine anything lol

Edited by snowysdad43, 06 October 2012 - 03:20 PM.

  • 0

Advertisements

#17
Essexboy
Posted 06 October 2012 - 04:42 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you create a CD as something is in there really deep

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#18
snowysdad43
Posted 07 October 2012 - 01:11 PM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
i do not have a disk with my operating system
do you mean for me to create a recovery disk before proceeding with this next step
a while back i put a disk drive from another computer in this one it does read disks but i could not create a recover disk from here
if this didk drive does not burn disks could i create a disk from my laptop then put it in this machine ?
  • 0

#19
Essexboy
Posted 07 October 2012 - 01:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes create the disc on another computer, then boot the sick computer with the disc

This is an antivirus scanner that works whilst windows is inactive
  • 0

#20
snowysdad43
Posted 07 October 2012 - 03:30 PM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
Hi essex
here is whats going on
it seems i cant run disks from here i can read stuff of a disk but when i try to install anything
i get a message to install a disk in drive e but there is already a disk there
could i make a recovery "disk" but using a flash drive instead as i have the ability to upload or download to a usb flash drive ? and if so do i want a recovery disk ?a full xp operating system disk or just a boot disk ?
please forgive all the questions but i am still somewhat of a novice after about 7 years of using computers there is a lot i dont understand about the inner workings
And again thank you for all your help and patience
  • 0

#21
Essexboy
Posted 07 October 2012 - 03:52 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem we can make Dr Web run from a USB drive

Create an emergency repair USB drive:
Download Dr Web Live USB to your desktop
  • Connect a USB flash drive to the computer. Registering the plugging in event takes no more than 10 seconds.
  • Launch drwebliveusb.exe.
  • The program will detect available USB-devices automatically and prompt you to choose the one you’d like to use as an emergency repair drive. You can format the device if you like (a warning will be displayed before you proceed with formatting). In order to read the License agreement, follow a corresponding link found in the program window (the page containing the license agreement text will be loaded in your default browser).
    Posted Image
  • To create a bootable USB flash drive, press the Create Dr.Web LiveUSB button.
  • Files will be copied automatically.
  • Once the copying process is completed, press the Exit button to close the application.
  • Reboot the infected computer with the USB in the drive
  • Ensure that the first boot device is USB - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#22
snowysdad43
Posted 07 October 2012 - 06:43 PM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
essex i dont have a option for usb in the boot menu
my default settings are
1st boot device - floppy disk ( which arent even in my computer )
2nd boot device -cdrom group
3rdboot device -hdd group
4th boot device - network boot group
will any of these allow boot from usb ? it is considered a removable disk according to properties
  • 0

#23
Essexboy
Posted 08 October 2012 - 07:42 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you put the Dr Web CD into the computer, and then rebooted did you get the option "Press any key to boot from CD"
  • 0

#24
snowysdad43
Posted 08 October 2012 - 09:11 AM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
i did not try yet i wanted to check with you first
shall i try and see what happens

edit i tried to reboot with the usn dr web installed i checked cd rom group as ther was no option for usb
no i was not prompted to press any key to boot from cd
shall i try a different boot order for to see if usb will boot

Edited by snowysdad43, 08 October 2012 - 09:27 AM.

  • 0

#25
Essexboy
Posted 08 October 2012 - 11:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you create a CD version of Dr Web ?
  • 0

Advertisements

#26
snowysdad43
Posted 08 October 2012 - 11:06 AM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
my cd rom drive does not work i could make the cd on my laptop but wont be able to run it on the sick machine ?
this is why we did the usb version of dr web but i cant run that either as the boot menu does not have a usb option
i tried runnung it (usb version but it did not work

note i replaced the cd rom rom drive months ago but it has never worked i disconnected it reconnected it the device manager says its working properly the drivers are up to date so i dont know what to do
Holy cow i created the image burn disk on my win 7 laptop installed in my xp desktop and it is detected the name on the properties foe drive e is dr web
i guess i will run your prior instructions
will update :) shoot there may be hope after all

Edited by snowysdad43, 08 October 2012 - 11:41 AM.

  • 0

#27
Essexboy
Posted 08 October 2012 - 11:38 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry that was a misunderstanding on my part



  • Go to here
  • Click the download button under Kaspersky Security Scan
  • Download and run the file
  • It will start to download the Kaspersky Security Scan program data
  • Once downloaded the installer will begin
  • Click Next
  • Accept the License Agreement
  • Click Install
  • The program will now install
  • Click Finish
  • Kaspersky Security Scan will now start

    Posted Image
  • Click the Full Scan button

    Posted Image
  • The scan will take about an hour or two depending on the amount of data on your hard drive
  • If the scan detects problems it will open a Problems found window
  • Click Details to generate a scan results report

    Posted Image
  • Once the scan is complete do the following:
    • For XP: Navigate to C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\KSS2\DataRoot
      For Vista/7: Navigate to C:\ProgramData\Kaspersky Lab\KSS2\DataRoot
    • Right-click on the HtmlReport folder --> Click Send to --> Click Compressed (zipped) folder
    • Attach the HtmlReport zipped folder to your next post
      Posted Image
      Posted Image
      Posted Image
  • You can now close Kaspersky Security Scan

  • 0

#28
snowysdad43
Posted 10 October 2012 - 05:55 PM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
hi essex i ran dr web live and still cant run in normal mode
here are my otl logs
OTL logfile created on: 10/10/2012 7:45:16 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.48 Mb Total Physical Memory | 165.24 Mb Available Physical Memory | 37.01% Memory free
1.03 Gb Paging File | 0.83 Gb Available in Paging File | 81.09% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 141.94 Gb Total Space | 89.52 Gb Free Space | 63.07% Space Free | Partition Type: NTFS
Drive D: | 7.09 Gb Total Space | 0.38 Gb Free Space | 5.36% Space Free | Partition Type: FAT32

Computer Name: HOMECOMPUTER | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/10 19:44:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\OTL.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/11 09:55:50 | 000,161,736 | ---- | M] (Oracle Corporation) [Auto | Stopped] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/04 22:43:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/10 00:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/10/10 19:36:06 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{39EC7FC5-66D6-48C7-8F45-9411E3FCE44E}\MpKslb2b15457.sys -- (MpKslb2b15457)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2006/03/08 16:27:12 | 004,246,016 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2006/03/03 17:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 17:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\bb-run.sys -- (bb-run)
DRV - [2000/03/29 17:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ARIO&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.h...ARIO&pf=desktop
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.h...ARIO&pf=desktop
IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.foxnews.com/
IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\..\SearchScopes\{6ED14371-04C9-4569-A2A2-7E13A44498BD}: "URL" = http://www.google.co...utputEncoding?}
IE - HKU\S-1-5-21-619500614-27878474-2892155674-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll

O1 HOSTS File: ([2012/10/05 16:28:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found.
O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - c:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (hpWebHelper Class) - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll (TODO: <Company name>)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-619500614-27878474-2892155674-500\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - Startup: C:\Documents and Settings\Administrator.COURTNEYSROOM\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.COURTNEYSROOM.000\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Administrator.HOMECOMPUTER\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\UpdatusUser\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\UpdatusUser.YOUR-D0F670B45A\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-619500614-27878474-2892155674-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-619500614-27878474-2892155674-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &Google Search - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: &Translate English Word - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Backward Links - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Cached Snapshot of Page - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Similar Pages - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O8 - Extra context menu item: Translate Page into English - C:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} Reg Error: Value error. (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1349560396281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1329142607968 (MUWebControl Class)
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2E7E6700-594D-438B-BB29-8659D3A6F6F7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80443072-5384-4D29-A197-604ECE8884D8}: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\welcome.htm
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/12/05 02:50:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 15:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/10 19:44:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\OTL.exe
[2012/10/10 19:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2012/10/08 13:57:58 | 006,118,990 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\SetupImgBurn_2.5.7.0.exe
[2012/10/07 19:32:16 | 201,007,704 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\drwebliveusb.exe
[2012/10/06 16:10:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/05 18:53:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Application Data\Notepad++
[2012/10/05 18:14:57 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\tdsskiller.exe
[2012/10/05 17:06:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Start Menu\Programs\Administrative Tools
[2012/10/05 17:06:12 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/10/05 17:01:03 | 004,762,471 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\ComboFix.exe
[2012/10/05 16:28:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/04 18:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Local Settings\Application Data\Temp
[2012/09/29 18:29:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Recent
[2012/09/29 18:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012/09/29 18:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2012/09/29 14:41:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\IECompatCache
[2012/09/29 13:22:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Application Data\HPQ
[2012/09/27 23:11:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\My Documents\Downloads
[2012/09/27 22:13:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Local Settings\Application Data\Adobe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/10 19:44:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\OTL.exe
[2012/10/10 19:40:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/10/10 19:39:08 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{D9D5C556-3AD4-4C82-80C4-51CB5F825CF8}.job
[2012/10/10 19:36:10 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/10 19:36:00 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{4C224901-74F3-4B9A-ACF7-21DFFA1188AB}.job
[2012/10/10 19:35:53 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/10/10 19:35:53 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/10/10 03:08:37 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/10/09 07:01:38 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-619500614-27878474-2892155674-1009UA.job
[2012/10/08 13:58:25 | 006,118,990 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\SetupImgBurn_2.5.7.0.exe
[2012/10/07 19:32:52 | 201,007,704 | ---- | M] (Doctor Web, Ltd.) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\drwebliveusb.exe
[2012/10/07 15:54:02 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/10/07 15:21:20 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/10/05 19:14:49 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/10/05 19:14:47 | 000,387,830 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/10/05 19:14:47 | 000,055,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/10/05 18:15:21 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\tdsskiller.exe
[2012/10/05 17:02:29 | 004,762,471 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\ComboFix.exe
[2012/10/05 16:28:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012/10/04 18:48:03 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/10/03 17:40:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/29 18:31:10 | 000,170,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/28 17:04:38 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2012/09/27 03:59:01 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-619500614-27878474-2892155674-1009Core.job
[2012/09/22 03:03:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/09/21 20:10:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/08 11:01:43 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/10/05 19:14:49 | 000,000,800 | ---- | C] () -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/10/04 18:48:03 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/29 18:47:36 | 000,000,366 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/09/27 22:54:49 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/13 03:10:06 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/04/28 11:55:06 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2012/04/28 11:55:05 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2012/02/16 01:52:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/13 21:34:27 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/02/13 21:34:26 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/02/13 21:34:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/02/13 21:32:57 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/12 19:31:27 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2011/07/03 21:06:09 | 020,533,281 | ---- | C] () -- C:\Program Files\VLC.exe
[2011/03/08 10:30:47 | 000,360,482 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/04/23 14:37:15 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi
[2007/03/27 17:13:08 | 015,052,856 | ---- | C] () -- C:\Program Files\Word12_UpToSpeed_final_ZA10205099.wmv

========== ZeroAccess Check ==========

[2006/06/17 01:01:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010/08/27 18:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COURTNEYSROOM\Application Data\Viewpoint
[2010/08/30 19:16:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.COURTNEYSROOM.000\Application Data\Template
[2012/10/05 19:01:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Application Data\Notepad++
[2010/04/28 03:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2010/04/10 02:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Entertainment
[2011/02/01 14:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/08/31 20:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/03/04 09:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2010/02/07 04:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BanzaiInteractive
[2009/05/05 13:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\blg
[2010/06/11 23:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories
[2010/03/05 13:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flood Light Games
[2011/01/21 17:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Floodlight Games
[2009/11/11 04:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/03/01 21:21:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/08/25 22:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2010/04/06 01:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HoverBee Studios
[2011/10/27 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2011/10/27 17:50:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009/08/28 13:04:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IntDreams
[2010/02/26 14:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2010/06/28 00:32:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Little Games Company
[2011/01/26 19:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LittleGamesCompany
[2010/03/04 03:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009/05/31 13:22:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/07/27 02:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2010/03/26 23:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nevosoft
[2010/07/30 01:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2010/03/09 02:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PoBros
[2011/08/12 19:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QFX Software
[2010/02/23 02:26:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/12/08 03:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SOS
[2009/05/31 13:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/07/14 00:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SugarGames
[2012/09/29 18:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup
[2010/06/21 03:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Inquisitor
[2010/04/05 00:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2011/11/19 19:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2012/02/11 12:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker
[2011/04/10 20:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/10/06 12:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildWestQuest2
[2009/08/20 16:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2008/11/10 12:31:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010/04/28 03:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Absolutist
[2010/04/10 02:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Alawar Entertainment
[2010/08/05 02:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Artifex Mundi
[2010/03/30 02:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Awem
[2010/02/07 04:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BanzaiInteractive
[2009/05/05 13:51:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\blg
[2010/08/01 00:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Boolat Games
[2009/09/06 02:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\BrandX Games
[2010/01/20 14:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Cat's Eye Games
[2010/06/09 03:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DarkParablesBriarRoseSE_BFG
[2012/02/12 10:24:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\DNA
[2010/07/24 02:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Enlightenus_iWin
[2011/03/20 13:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\f.y.e. downloads unlimited
[2010/03/05 13:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Flood Light Games
[2011/01/21 17:46:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Floodlight Games
[2010/06/30 02:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Freeze Tag
[2010/07/05 22:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\FreezeTag
[2010/01/12 04:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Friday's games
[2009/10/10 03:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\funkitron
[2011/03/21 22:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GameInvest
[2010/07/01 01:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Games
[2009/03/02 02:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GARMIN
[2011/11/06 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GetRightToGo
[2010/01/19 06:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\GTM_Bodie
[2010/05/02 22:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\HdO Adventure
[2009/05/03 19:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\ICAClient
[2009/09/24 01:41:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\IronCode
[2011/11/09 09:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\KompoZer
[2010/06/11 18:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\LimeWire
[2010/06/28 00:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Little Games Company
[2010/02/25 04:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Little Worlds Online
[2011/01/26 19:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\LittleGamesCompany
[2010/06/16 22:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Magic3
[2010/01/11 04:03:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MastersOfMystery2
[2010/04/02 00:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MemoryClinic
[2010/01/18 15:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Meridian93
[2010/03/04 03:54:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Merscom
[2009/12/19 10:34:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mount&Blade
[2010/01/10 04:28:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\MysteryStudio
[2009/08/30 23:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Mysteryville2
[2010/06/14 02:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Namco
[2011/11/17 10:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Netscape
[2010/06/23 00:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Nevosoft Games
[2011/11/18 11:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Notepad++
[2010/03/14 04:35:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\OtherSide Realm of Eons
[2010/07/13 22:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Paige Harper and the Tome of Mystery
[2010/07/30 01:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PlayFirst
[2009/11/20 03:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Playrix Entertainment
[2010/03/09 02:57:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\PoBros
[2011/08/12 19:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\QFX Software
[2011/11/16 03:06:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\QuickScan
[2010/06/11 14:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Quirky Games
[2011/11/09 09:22:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Runaware
[2012/09/29 18:24:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Search Settings
[2009/09/19 01:04:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Shape games
[2010/03/28 02:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Silverback Productions
[2010/08/07 03:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\SoftGrid Client
[2009/01/01 19:57:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Template
[2010/06/21 03:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\The Inquisitor
[2010/01/17 03:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TheFixerUpper
[2010/02/09 15:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\TitanicMystery
[2010/04/05 00:29:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Valusoft
[2008/12/07 11:45:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Viewpoint
[2012/02/11 12:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\Web Page Maker
[2009/09/09 00:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WildGames 3 Days Zoo Mystery
[2010/08/10 18:09:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WildTangent(2)
[2010/07/01 22:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WildTangentv1000
[2010/05/04 01:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WildTangentv1001
[2009/04/17 07:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner\Application Data\WildTangentv1002
[2012/04/21 11:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Amazon
[2012/04/28 12:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\FUJIFILM
[2012/02/14 00:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Notepad++
[2012/04/16 13:04:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\QuickScan
[2012/02/14 09:47:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Compaq_Owner.YOUR-D0F670B45A\Application Data\Template
[2008/12/22 09:29:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Courtney's\Application Data\DNA
[2012/09/29 18:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Courtney's\Application Data\Search Settings
[2008/11/11 17:10:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Courtney's\Application Data\Template
[2008/12/03 18:41:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Courtney's\Application Data\Viewpoint

========== Purity Check ==========



< End of report >
  • 0

#29
Essexboy
Posted 11 October 2012 - 06:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still getting severe slow downs in normal windows ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:OTL
O2 - BHO: (no name) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - No CLSID value found.
O2 - BHO: (no name) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6FE79ACA-A498-45E5-8BC4-1B9F380CE468} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: vzTCPConfig Reg Error: Value error. (Reg Error: Key error.)
[2012/10/07 19:32:16 | 201,007,704 | ---- | C] (Doctor Web, Ltd.) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\drwebliveusb.exe
[2012/10/06 16:10:00 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/05 18:14:57 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator.HOMECOMPUTER\Desktop\tdsskiller.exe

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi]
"Description"="Provides systems management information to and from drivers."
"DisplayName"="Windows Management Instrumentation Driver Extensions"
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
  74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"ObjectName"="LocalSystem"
"Start"=dword:00000003
"Type"=dword:00000020

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  61,00,64,00,76,00,61,00,70,00,69,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,00,\
  00
"ServiceMain"="WdmWmiServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Wmi\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
  00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
  00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
  05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
  20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
  00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
  00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#30
snowysdad43
Posted 11 October 2012 - 06:04 PM

snowysdad43

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 233 posts
yes task managers poping up faster than i can delete them now my nternet connections have all been erased i will try the otl fix as soon as i can get them into the machine i am considering trashing the computer its so screwed up will post otl asap
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP