Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Arestocrat screen has my PC locked [Solved]


  • This topic is locked This topic is locked

#1
talvar

talvar

    New Member

  • Member
  • Pip
  • 7 posts
My PC boots ok, but after the desktop is up, a fake warning pops up and the computer is unresponsive. I tried to boot to safe mode but it just keeps restarting to the desktop, etc. Any help would be greatly appreciated
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello talvar and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Can you tell me what OS you have (XP, Vista, 7, 8) and whether it is 32-bit or 64-bit? Then we can get started.
  • 0

#3
talvar

talvar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello,thanks for the reply. My desktop is running XP 32 bit.
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi talvar,

Do you have a CD burner? If not, let me know.


Please print these instruction out so that you know what you are doing

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 1

#5
talvar

talvar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
I do have a cd drive on the infected machine.I also have a laptop with a cd drive that I make a copy of the OTLPE boot disk.

OTL logfile created on: 4/5/2013 11:45:24 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 446.22 Gb Total Space | 250.98 Gb Free Space | 56.25% Space Free | Partition Type: NTFS
Drive D: | 298.02 Gb Total Space | 262.94 Gb Free Space | 88.23% Space Free | Partition Type: FAT32
Drive E: | 465.75 Gb Total Space | 277.70 Gb Free Space | 59.62% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (ACDaemon)
SRV - [2013/03/26 17:03:27 | 004,561,152 | ---- | M] () [Auto] -- C:\program files\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013/03/14 21:18:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/23 16:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 17:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Norton 360\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2010/08/24 00:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/03/04 18:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2010/03/04 18:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009/08/27 21:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008/08/07 15:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008/01/29 20:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (motusbdevice)
DRV - File not found [Kernel | On_Demand] -- -- (Motousbnet)
DRV - File not found [Kernel | On_Demand] -- -- (MotoSwitchService)
DRV - File not found [Kernel | On_Demand] -- -- (motmodem)
DRV - File not found [Kernel | On_Demand] -- -- (motccgpfl)
DRV - File not found [Kernel | On_Demand] -- -- (motccgp)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (kbeepm)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (BTCFilterService)
DRV - [2013/01/17 21:04:37 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20130316.006\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/17 21:04:37 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20130316.006\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/15 22:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20130301.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/08/31 20:34:04 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20130313.003\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/26 19:24:17 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/08/10 15:50:42 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/08/10 15:50:42 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/05 22:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- C:\WINDOWS\System32\Drivers\N360\0604010.00E\SRTSP.SYS -- (SRTSP)
DRV - [2012/07/05 22:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012/06/07 00:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccSetx86.sys -- (ccSet_N360)
DRV - [2012/05/21 21:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/04/17 22:13:32 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\System32\Drivers\N360\0604010.00E\SYMTDI.SYS -- (SYMTDI)
DRV - [2012/04/17 22:13:22 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012/04/17 21:42:14 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\Ironx86.SYS -- (SymIRON)
DRV - [2011/08/09 20:33:58 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2010/12/29 21:30:57 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/10/25 00:47:22 | 000,279,712 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/10/25 00:47:22 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/05/27 13:37:06 | 004,830,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010/05/17 08:04:06 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008/09/29 04:06:08 | 000,876,288 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2008/08/25 05:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/08/05 00:29:28 | 000,039,456 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2008/08/01 13:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 13:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/02/14 02:12:00 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (monfilt)
DRV - [2007/06/29 17:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007/04/16 19:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/10 18:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/06/29 17:58:28 | 000,146,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\V0220Dev.sys -- (V0220Dev)
DRV - [2006/06/08 20:00:52 | 000,006,272 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\V0220Vfx.sys -- (V0220Vfx)
DRV - [2004/08/14 20:00:00 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.in.honda....Asp/rraalog.asp
IE - HKU\Owner_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.in.honda....Asp/rraalog.asp
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Owner_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nbc.com/DirectPlayer: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: C:\Program Files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: C:\Program Files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: C:\Program Files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFFPlgn\ [2012/08/26 20:33:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\coFFPlgn\ [2013/04/04 21:45:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/29 22:35:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/14 21:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/14 21:17:32 | 000,000,000 | ---D | M]

[2013/03/14 21:17:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/14 21:18:05 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/02/03 00:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/09/16 15:27:16 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2013/02/27 23:36:57 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/02/28 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\Owner_ON_C\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Корпорация Майкрософт)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NapsterShell] File not found
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files\MAGIX\Movie_Edit_Pro_17_Plus\Trayserver_EN.exe (MAGIX AG)
O4 - HKLM..\Run: [V0220Mon.exe] C:\WINDOWS\V0220Mon.exe (Creative Technology Ltd.)
O4 - HKU\Owner_ON_C..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Owner\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\Owner_ON_C..\Run: [DW6] File not found
O4 - HKU\Administrator_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\Owner_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} http://www.in.honda....tingActiveX.cab (MeadCo ScriptX)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {297DE2B6-509A-4B36-93C5-A65276606900} http://www.in.honda....AX/RraainAX.CAB (RRAAINAX_02.RRAAINAX)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1361660573421 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} https://ediagnostics....com/serval.cab (Lexmark eDiagnostics Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 66.60.130.158 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/05 19:19:26 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/01/04 14:26:32 | 000,000,000 | ---D | M] - D:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2005/11/15 11:08:04 | 000,000,036 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2008/02/25 16:50:45 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/04/04 18:34:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/04/04 18:19:53 | 000,035,840 | ---- | C] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/04/03 20:26:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2013/04/03 09:33:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Avery
[2013/04/03 09:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Avery
[2013/04/03 09:22:13 | 096,643,496 | ---- | C] (Avery Dennison Corporation) -- C:\Documents and Settings\Owner\Desktop\Avery Wizard 4.01 - US 20111209.exe
[2013/03/26 22:13:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/21 20:51:46 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023x.sys
[2013/03/21 20:51:46 | 000,012,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usb8023.sys
[2013/03/14 21:17:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/04 22:54:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/04/04 22:35:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/04 22:11:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 22:10:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Owner.job
[2013/04/04 21:44:13 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/04/04 21:43:45 | 2146,615,296 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/04 21:37:21 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-329068152-725345543-1003.job
[2013/04/04 21:36:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Owner.job
[2013/04/04 21:36:54 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-329068152-725345543-1003.job
[2013/04/04 18:33:50 | 000,397,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/04/04 18:30:13 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/04/04 18:30:02 | 000,302,806 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/04/04 18:19:49 | 000,035,840 | ---- | M] (Корпорация Майкрософт) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/04/03 09:23:52 | 096,643,496 | ---- | M] (Avery Dennison Corporation) -- C:\Documents and Settings\Owner\Desktop\Avery Wizard 4.01 - US 20111209.exe
[2013/04/03 09:14:58 | 000,000,655 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2013/04/03 09:01:29 | 000,010,451 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\recycle.jpg
[2013/04/03 09:00:52 | 000,016,278 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tree .jpg
[2013/04/03 08:59:32 | 000,015,028 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\th.jpg
[2013/04/01 22:09:02 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Owner.job
[2013/04/01 01:26:04 | 013,500,416 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Home Accounts.mny
[2013/04/01 00:16:01 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Owner\default.pls
[2013/04/01 00:15:59 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/03/31 23:01:48 | 000,002,387 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Money 2002 (2).lnk
[2013/03/26 22:13:59 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/26 22:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/03/24 21:34:55 | 104,794,188 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wesnoth-1.10.6-win32.exe
[2013/03/19 18:40:43 | 000,160,768 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/16 22:13:18 | 000,484,436 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/16 22:13:17 | 000,080,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/15 19:22:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/15 19:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/03/06 19:50:05 | 004,236,288 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2013/03/06 19:50:05 | 001,957,888 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/04 18:30:13 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/04/04 18:29:59 | 000,302,806 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/04/03 09:09:17 | 000,804,351 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\100_3057.jpg
[2013/04/03 09:01:29 | 000,010,451 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\recycle.jpg
[2013/04/03 09:00:51 | 000,016,278 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tree .jpg
[2013/04/03 08:59:30 | 000,015,028 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\th.jpg
[2013/03/26 22:13:59 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/03/24 22:05:02 | 000,000,412 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Owner.job
[2013/03/24 22:05:00 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Owner.job
[2013/03/24 22:05:00 | 000,000,402 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Owner.job
[2013/03/24 19:46:31 | 104,794,188 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wesnoth-1.10.6-win32.exe
[2013/02/23 19:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2013/01/27 12:28:41 | 001,296,344 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-329068152-725345543-1003-0.dat
[2013/01/27 12:28:39 | 000,354,906 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/08/12 19:53:09 | 000,000,077 | ---- | C] () -- C:\WINDOWS\DVDSoftware.ini
[2012/08/06 00:15:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2012/01/29 21:26:54 | 000,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/12 21:44:00 | 004,137,304 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Setup-Super-Word-Search-Maker.exe
[2012/01/12 21:43:59 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\Setup-Super-Word-Search-Maker.md5
[2011/05/01 13:23:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/04/27 20:06:33 | 000,000,129 | ---- | C] () -- C:\WINDOWS\kofax200.ini
[2011/04/27 20:05:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\VRSUtil.dll
[2010/12/25 00:54:15 | 000,126,464 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/10/25 00:47:22 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/10/25 00:47:22 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/10/23 23:48:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/23 23:48:45 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2010/10/23 23:48:45 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2010/10/23 23:48:45 | 000,203,336 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/10/23 23:48:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2010/10/23 23:48:45 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/10/21 12:56:58 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2010/10/21 12:56:58 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2010/10/19 22:15:21 | 000,319,488 | R--- | C] () -- C:\WINDOWS\System32\MafiaSetup.exe
[2010/10/14 04:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010/10/10 20:15:15 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/05/07 19:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2010/02/24 23:39:30 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/10/28 15:28:49 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/10/10 18:07:25 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/09/07 16:36:27 | 000,001,316 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/09/05 19:34:58 | 000,442,880 | ---- | C] () -- C:\WINDOWS\rapidui.exe
[2009/08/19 19:52:46 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\kodakpcd.ini
[2009/08/05 19:19:26 | 000,001,277 | ---- | C] () -- C:\WINDOWS\VFO.INI
[2009/08/03 19:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 19:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/18 18:39:19 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Owner\default.pls
[2009/07/18 18:30:14 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/07/16 08:54:22 | 000,001,024 | ---- | C] () -- C:\Documents and Settings\Owner\.rnd
[2009/05/16 14:23:54 | 000,000,655 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2009/05/16 14:23:39 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2009/05/16 14:23:27 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2009/05/16 14:23:26 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBFIH.EXE
[2009/05/16 14:23:25 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2009/05/16 14:23:25 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2009/05/16 12:31:22 | 000,160,768 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/15 21:28:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/15 00:45:50 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/15 00:45:49 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/05/14 23:23:11 | 000,004,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2009/05/14 23:20:22 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009/05/14 23:19:26 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009/05/14 23:19:22 | 000,028,312 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/05/14 23:19:22 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/05/14 23:05:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/14 23:00:56 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/14 05:49:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/14 05:47:21 | 000,397,552 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/16 06:42:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/16 06:42:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/01/16 06:42:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/16 06:42:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009/01/16 06:42:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/16 06:42:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/16 06:42:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/01/16 06:42:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 12:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 12:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 12:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/27 14:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,484,436 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,080,706 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1998/10/11 03:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

========== LOP Check ==========

[2010/04/18 11:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2013/04/03 09:33:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Avery
[2011/01/12 10:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2010/12/29 21:41:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Lite
[2010/12/29 21:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DAEMON Tools Pro
[2009/09/05 19:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2009/06/03 10:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IDM
[2011/04/27 19:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\LinkManager 4.0
[2011/12/19 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MAGIX
[2011/04/21 00:02:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mobipocket
[2009/07/03 12:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NBC Direct
[2011/04/27 21:40:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OneTouch 4.0
[2011/04/20 22:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OverDrive
[2011/01/13 22:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Raptr
[2011/06/08 20:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ScanSoft
[2009/08/08 15:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2013/04/03 20:24:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent
[2009/08/23 23:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Windows Search
[2012/05/31 20:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2010/12/29 21:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/12/29 21:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
[2009/09/05 19:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/11/02 20:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Firefly Studios
[2011/04/27 20:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kofax
[2011/12/19 19:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MAGIX
[2010/10/21 21:28:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2009/07/03 12:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NBC Direct
[2009/09/05 19:40:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/02/04 21:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/08/07 20:19:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/08/07 20:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle Studio
[2011/06/08 20:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/08/07 20:34:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2013/03/21 21:40:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/27 20:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Visioneer
[2013/02/28 00:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2013/03/03 13:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC
[2013/04/01 22:09:02 | 000,000,406 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerUpdateFiles_Owner.job
[2013/04/04 22:10:00 | 000,000,402 | ---- | M] () -- C:\WINDOWS\Tasks\ReclaimerUpdateXML_Owner.job
[2013/04/04 21:36:58 | 000,000,412 | ---- | M] () -- C:\WINDOWS\Tasks\RNUpgradeHelperLogonPrompt_Owner.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2F2F703
< End of report >
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi talvar,


Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

If you can boot normally now, do the following:

Step 1: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 2: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • OTL fix log
  • adwCleaner log
  • aswMBR log
  • How is your computer running now?

Attached Files

  • Attached File  fix.txt   385bytes   32 downloads

  • 1

#7
talvar

talvar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
========== COMMANDS ==========
Error: Unable to interpret <[createrestorepoint]> in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 04052013_143041

# AdwCleaner v2.200 - Logfile created 04/05/2013 at 19:05:02
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - HOME-F4587C49B4
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\wlqjabrh.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [8634 octets] - [05/04/2013 14:54:17]
AdwCleaner[S2].txt - [769 octets] - [05/04/2013 19:05:02]

########## EOF - C:\AdwCleaner[S2].txt - [828 octets] ##########

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-05 15:13:00
-----------------------------
15:13:00.234 OS Version: Windows 5.1.2600 Service Pack 3
15:13:00.234 Number of processors: 2 586 0x203
15:13:00.234 ComputerName: HOME-F4587C49B4 UserName: Owner
15:13:05.468 Initialize success
15:17:50.578 AVAST engine defs: 13040501
15:20:25.343 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
15:20:25.343 Disk 0 Vendor: ST3500630A 3.AAF Size: 476938MB BusType: 3
15:20:25.343 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-18
15:20:25.343 Disk 1 Vendor: WDC_WD5000AACS-00G8B1 05.04C05 Size: 476940MB BusType: 3
15:20:25.484 Disk 1 MBR read successfully
15:20:25.484 Disk 1 MBR scan
15:20:25.562 Disk 1 Windows XP default MBR code
15:20:25.562 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 456926 MB offset 63
15:20:25.562 Disk 1 scanning sectors +935786250
15:20:25.671 Disk 1 scanning C:\WINDOWS\system32\drivers
15:20:44.343 Service scanning
15:21:08.343 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
15:21:15.218 Modules scanning
15:21:25.265 Disk 1 trace - called modules:
15:21:25.281 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvb.sys >>UNKNOWN [0x8a57c938]<<
15:21:25.281 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a46eab8]
15:21:25.281 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000007b[0x8a5c0448]
15:21:25.281 5 ACPI.sys[b9e74620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-18[0x8a4f7d98]
15:21:28.656 AVAST engine scan C:\WINDOWS
15:21:50.531 AVAST engine scan C:\WINDOWS\system32
15:29:32.000 AVAST engine scan C:\WINDOWS\system32\drivers
15:29:51.468 AVAST engine scan C:\Documents and Settings\Owner
15:38:40.968 AVAST engine scan C:\Documents and Settings\All Users
15:49:17.593 Scan finished successfully
15:49:42.421 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
15:49:42.437 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

My PC is working perfectly. Thank you so much for giving me your time and expertise to repair what I thought was a destroyed computer. It was fascinating watching how you diagnosed my problem. Have a great weekend.
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi talvar,

Great to hear! Let's run a scan to pick up any remnants and check for outdated software, then we can clean up.

Do you know about these two pictures?

C:\Documents and Settings\All Users\Application Data\1.bmp
C:\Documents and Settings\All Users\Application Data\1.jpg


They appear to have been used by the infection. If you don't know what they are, go ahead and delete them.

Step 1:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step 2:

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 1

#9
talvar

talvar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello Buddierdl, I deleted the bitmap and jpeg that you detected, they were both the same image to the Malware Screen. Here are the logs that you requested,

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.04.07.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: HOME-F4587C49B4 [administrator]

4/7/2013 11:03:20 AM
mbam-log-2013-04-07 (11-03-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 236528
Time elapsed: 12 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Owner\My Documents\Downloads\RemoveWGA.exe (PUP.RemoveWGA) -> Quarantined and deleted successfully.

(end)

Results of screen317's Security Check version 0.99.62
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton 360
Antivirus out of date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.70.0.1100
HijackThis 2.0.2
Java™ 6 Update 24
Java version out of Date!
Adobe Flash Player 11.5.502.135
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 19.0.2 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Sorry for taking so long.


Congratulations, talvar. :) Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process.

Make sure you re-enable and update your anti-virus.

Please update these programs, as old versions pose a security risk.

  • Java

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, then you should definitely update to the latest version:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, then click Remove JRE.
    • Run the built-in uninstallers for all copies of java listed
    • Click the Next button
    • Click the Next button again
    • Click the Java Manual Download link
    • A browser window will open with the Java download page
    • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
    • Run the installer
    • Close JavaRa
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:

    • Launch Adobe Reader.
    • Click on Edit and select Preferences.
    • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    • Click the OK button.
  • Firefox -> You can get the latest version here.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Reset SP3 Firewall: Make sure you don't have any open ports in your firewall.
Click on Start >> Run... and cut/paste in the following and click on OK
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK
Now click on the General tab >> select On(recommended) >> OK.

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click on Control Panel.
  • Double-click on Automatic Updates to bring up the configuration dialog. If you're in Category view, you'll have to click on Security Center.
  • Select the Automatic (recommended) option and click on OK at the bottom of the window.

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 1

#11
talvar

talvar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello Buddierdl, I have been enjoying my bug free PC.

I installed Avast anti virus. I updated Java and, promptly disabled it on all my browsers. I updated FF and updated Adobe Reader and applied the custom setting. Sorry but I was unclear on how to launch OTL and "clean up" that, the only options that I had was to: scan, quick scan and fix.
Could you clarify that process?

I also did the restore point creations and flushed the old ones. I reset the SP3 firewall with the recommended settings and turned on Windows Automatic updates. I will be using Secunia Personal Software to keep everything updated as well. Thanks,

Terry/talvar
  • 0

#12
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Sorry for taking so long to get back to you. I was checking on something.

Sorry but I was unclear on how to launch OTL and "clean up" that, the only options that I had was to: scan, quick scan and fix.
Could you clarify that process?



Actually I was mistaken because I hadn't realized that we never used the "regular" OTL. Just download it from here and run it. It should have a "CleanUp" button that will get rid of all our tools and logs. Anything else left over you can just delete.
  • 0

#13
talvar

talvar

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello Buddierdl, I did the OTL clean up and everything looks great.
  • 0

#14
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Glad we could help. Posted Image
  • 1

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP