Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

fbi money pan, no safe networking mode [Solved]


  • This topic is locked This topic is locked

#1
Anthroanne

Anthroanne

    Member

  • Member
  • PipPip
  • 68 posts
Dear Geeks to Go,
my HP , widows xp, computer has been infected with the FBI money Pack and i can not boot up in safe networking mode (ive tried unplugging the internet cord as well), i can get to safe mode with command prompt but i dont know what to do then. i am typing this on my friends mac at the moment. thanks a bunch!
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Can you download the following programme to a USB

[*]Download Farbar Recovery Scan Tool


Start the infected system at the safe mode command prompt

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#3
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
I'm sorry what I should have said was that I can access the recovery console command prompt which provides me with the c:forward slash Windows. notebook is no is not a valid command for the Recovery Console I believe I am in the dos menu.. Thank You sorry for m
y mistake munication
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not a problem are you able to burn a CD from the mac using a Windows ISO file ?

Details on how to do it here

I am just uploading the OTLPE ISO to this download link it should be ready in about ten minutes from now

Burn the ISO to CD and then copy to the same CD the following programme
[*]Download Farbar Recovery Scan Tool


  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the Programme needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
  • Locate the FSRT file and run
  • The tool will start to run.
    Posted Image
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

  • 0

#5
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Ok New update, friend needed her Mac. Just located hubby's computer, vasio attempting to boot that one up now. On my cell at moment. Will update when his compture is up and tu.Ming so I can access ISO link and the other to burn cd..(first time burner.. Yippie!) Brb Anne
  • 0

#6
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ok puter up and going to burn cd.. thanks for all your patience and help!
  • 0

#7
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ok the ISO link is not working. I receive a 404 error. i was able to burn the other file (frst). :)
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Try it now please :)
  • 0

#9
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ok worked great. will be booting from cd rom and will be back shortly after tea. :)
  • 0

#10
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ok i must be doing somethng wrong. i cant get it to boot on the cd. i have to drives, one is a dvd r/w and the other a dvd. i tried both slections in bios. i even tried to disable the hard drive to force it ti boot on the first selection. didn't work. i've tried the pop-up menu to select boot drive - didn't work. i tried the F1 to go to bios and select the boot drive as well - for each option. it reads the drive momentarily but does not boot from it.
  • 0

Advertisements


#11
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
My apologies, the ISO program did not load to CD. It will take approx one hour to copy according to file copier.
  • 0

#12
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ok i still cant my computer to boot from the cd. at least i know the new iso is on the cd. what should i do now?
  • 0

#13
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
ok finally realized that although the files were on the cdc i had not "burned" your files. it is now booting up at the moment. :)
  • 0

#14
Anthroanne

Anthroanne

    Member

  • Topic Starter
  • Member
  • PipPip
  • 68 posts
Attached File  FRST.txt   42.2KB   25 downloads

here are the files there are 2 the frst1 is with the default boxes checked, the other is all the boxes checked.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2013
Ran by SYSTEM on 24-04-2013 00:14:30
Running from G:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet003

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe [59392 2004-08-10] (Microsoft Corporation)
HKLM\...\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe [52736 1998-05-07] (Hewlett-Packard Company)
HKLM\...\Run: [HPHUPD06] c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe [49152 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe [659456 2004-06-07] (Hewlett-Packard)
HKLM\...\Run: [KBD] C:\HP\KBD\KBD.EXE [61440 2003-02-12] (Hewlett-Packard Company)
HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [233472 2004-04-15] ()
HKLM\...\Run: [AGRSMMSG] AGRSMMSG.exe [x]
HKLM\...\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2004-09-10] (ATI Technologies, Inc.)
HKLM\...\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [253952 2004-10-15] (Hewlett-Packard Company)
HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]
HKLM\...\Run: [AlcWzrd] ALCWZRD.EXE [x]
HKLM\...\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe [458752 2005-06-08] (Logitech Inc.)
HKLM\...\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe [217088 2005-06-08] (Logitech Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [282624 2007-12-05] (Apple Computer, Inc.)
HKLM\...\Run: [PS2] C:\WINDOWS\system32\ps2.exe [81920 2002-10-16] (Hewlett-Packard Company)
HKLM\...\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" [1219248 2013-03-25] ()
HKLM\...\Run: [PMBVolumeWatcher] C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe [597792 2009-10-24] (Sony Corporation)
HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [296096 2012-10-24] (RealNetworks, Inc.)
HKLM\...\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY [4394032 2013-03-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [SoundDrivers] "C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe" [124928 2013-04-22] (Hilgraeve, Inc.)
HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]
HKLM\...\Winlogon: [System]
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [X]
Winlogon\Notify\AtiExtEvent: Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess
HKU\Administrator\...\RunOnce: [avg_spchecker] "C:\Program Files\AVG\AVG8\Notification\SPChecker.exe" /start [x]
HKU\HP_Administrator\...\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe [ 2006-05-18] (Logitech)
HKU\HP_Administrator\...\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot [ 2005-06-08] (Logitech Inc.)
HKU\HP_Administrator\...\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup [ 2012-09-03] (Exent Technologies Ltd.)
HKU\HP_Administrator\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation)
HKU\HP_Administrator\...\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart [ 2013-03-07] (Google)
HKU\HP_Administrator\...\Run: [q] "xidpwooedd.exe" [x]
HKU\HP_Administrator\...\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1 [ 2006-03-30] (Adobe Systems Incorporated)
HKU\HP_Administrator\...\Run: [SoundDrivers] "C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe" [x]
HKU\HP_Administrator\...\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~3.EXE -Update -1103472 -"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 3.1)" -"http://clubgames.pog...=pAllGames_lnk" [x]
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
ShortcutTarget: Logitech Desktop Messenger.lnk -> C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk
ShortcutTarget: NkbMonitor.exe.lnk -> C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
ShortcutTarget: Updates from HP.lnk -> C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe (No File)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\AutoTBar.exe (Hewlett-Packard)
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart

========================== Services (Whitelisted) =================

S2 AOL ACS; C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe [1434848 2004-04-21] (America Online, Inc.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-02-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [282624 2013-02-19] (AVG Technologies CZ, s.r.o.)
S2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [352248 2012-08-03] (Verizon)
S3 iPodService; C:\Program Files\iPod\bin\iPodService.exe [401408 2004-06-04] (Apple Computer, Inc.)
S2 LightScribeService; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [38912 2004-09-23] ()
S2 PGMTrusted; C:\Program Files\Pogo Games\PGMTrusted.exe [519920 2012-10-29] (iWin Inc.)
S2 vToolbarUpdater15.0.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe [990896 2013-03-25] ()
S2 WANMiniportService; C:\WINDOWS\wanmpsvc.exe [65536 2003-08-27] (America Online, Inc.)
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

S3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [798208 2004-09-10] (ATI Technologies Inc.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-02-26] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-02-14] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [33624 2013-03-25] (AVG Technologies)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S2 CX23880; C:\Windows\System32\drivers\cx88vid.sys [160256 2004-10-13] (Conexant Systems, Inc.)
S2 CX88ENC; C:\Windows\System32\drivers\cx88enc.sys [297344 2004-10-13] (Conexant Systems, Inc.)
S3 CXAVXBAR; C:\Windows\System32\drivers\cxavxbar.sys [9472 2004-10-13] (Conexant Systems, Inc.)
S2 CXTUNE; C:\Windows\System32\drivers\CX88TUNE.sys [31616 2004-10-13] (Conexant Systems, Inc.)
S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-03-19] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-03-19] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-03-19] (HP)
S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [737874 2004-08-21] (Intel Corporation)
S3 IrBus; C:\Windows\System32\DRIVERS\IrBus.sys [46592 2008-04-13] (Microsoft Corporation)
S3 Iviaspi; C:\Windows\System32\drivers\iviaspi.sys [21060 2003-09-11] (InterVideo, Inc.)
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-27] (Logitech Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-04-22] (Malwarebytes Corporation)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [7136 2005-05-27] (Logitech Inc.)
S3 Pfc; C:\Windows\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.)
S3 PID_08A0; C:\Windows\System32\DRIVERS\LV302AV.SYS [913280 2005-05-27] (Logitech Inc.)
S3 rtl8139; C:\Windows\System32\DRIVERS\R8139n51.SYS [46976 2002-10-04] (Realtek Semiconductor Corporation )
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [9968 2010-02-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [4096 2006-02-16] (SuperAdBlocker, Inc.)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [74480 2010-02-10] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [229888 2004-09-30] (Silicon Integrated Systems Corporation)
S1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [12928 2004-09-24] (Silicon Integrated Systems Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
S3 utc0mzuw; C:\WINDOWS\system32\Drivers\utc0mzuw.sys [7168 2010-07-07] ()
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S2 X4HSEx_Pr143; C:\Program Files\Free Ride Games\X4HSEx_Pr143.Sys [58696 2012-08-02] (Exent Technologies Ltd.)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
S3 catchme; \??\C:\DOCUME~1\HP_ADM~1\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
S4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S3 WDICA; No ImagePath
S1 WS2IFSL;
S2 X4HS32Ex; \??\C:\Program Files\Free Ride Games\X4HS32Ex.Sys [x]
S2 X4HSEx; \??\C:\Program Files\Free Ride Games\X4HSEx.Sys [x]

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2013-04-23 21:44 - 2013-04-23 21:44 - 00000000 ____D C:\FRST
2013-04-23 16:15 - 2013-04-23 16:15 - 00090112 ____A C:\Windows\Minidump\Mini042313-03.dmp
2013-04-23 16:11 - 2013-04-23 16:11 - 00090112 ____A C:\Windows\Minidump\Mini042313-02.dmp
2013-04-23 16:08 - 2013-04-23 16:08 - 00090112 ____A C:\Windows\Minidump\Mini042313-01.dmp
2013-04-22 18:08 - 2013-04-22 20:40 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-04-22 15:40 - 2013-04-22 15:40 - 00098304 ____A C:\Windows\Minidump\Mini042213-01.dmp
2013-04-22 10:23 - 2013-04-22 10:23 - 00124928 ____A (Hilgraeve, Inc.) C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe
2013-04-21 23:23 - 2013-04-21 23:21 - 00068320 ___AH C:\Windows\Minidump\Mini042113-01.dmp
2013-04-10 03:12 - 2013-04-10 03:13 - 00085769 ____A C:\Windows\KB2817183-IE8.log
2013-04-10 03:11 - 2013-04-10 03:11 - 00000215 ____A C:\Windows\System32\MRT.INI
2013-04-10 03:11 - 2013-04-10 03:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-04-10 03:11 - 2013-04-10 03:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$
2013-04-10 03:03 - 2013-04-10 03:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-04-10 03:02 - 2013-04-10 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-04-09 16:40 - 2013-04-10 03:12 - 00150496 ____A C:\Windows\KB2808735.log
2013-04-09 16:40 - 2013-04-10 03:11 - 00149500 ____A C:\Windows\KB2820917.log
2013-04-09 16:40 - 2013-04-10 03:03 - 00149739 ____A C:\Windows\KB2813345.log
2013-04-01 19:19 - 2013-04-01 19:19 - 00000000 ____D C:\1fca4a979587afe1b176b92e79876fe7
2013-04-01 19:13 - 2013-04-01 19:12 - 00068320 ___AH C:\Windows\Minidump\Mini040113-01.dmp
2013-03-25 20:40 - 2013-03-25 20:40 - 00000000 ____D C:\Program Files\AVG Secure Search

==================== One Month Modified Files and Folders ========

2013-04-23 21:44 - 2013-04-23 21:44 - 00000000 ____D C:\FRST
2013-04-23 20:25 - 2004-11-05 04:47 - 01951465 ____A C:\Windows\WindowsUpdate.log
2013-04-23 20:25 - 2004-11-05 03:25 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-04-23 20:24 - 2012-10-24 16:55 - 00000300 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
2013-04-23 20:24 - 2004-11-05 04:44 - 00000000 ____D C:\Windows\Registration
2013-04-23 20:23 - 2004-11-04 20:40 - 00000159 ____A C:\Windows\wiadebug.log
2013-04-23 20:23 - 2004-11-04 20:40 - 00000049 ____A C:\Windows\wiaservc.log
2013-04-23 20:22 - 2010-02-15 15:46 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-04-23 20:22 - 2010-02-15 15:46 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-04-23 20:22 - 2005-03-19 18:34 - 00000062 __ASH C:\Documents and Settings\HP_Administrator\Local Settings\desktop.ini
2013-04-23 20:22 - 2004-11-05 04:56 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-04-23 20:22 - 2004-11-05 04:56 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-04-23 20:22 - 2004-11-05 04:56 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-23 18:54 - 2011-09-12 01:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-04-23 16:15 - 2013-04-23 16:15 - 00090112 ____A C:\Windows\Minidump\Mini042313-03.dmp
2013-04-23 16:11 - 2013-04-23 16:11 - 00090112 ____A C:\Windows\Minidump\Mini042313-02.dmp
2013-04-23 16:08 - 2013-04-23 16:08 - 00090112 ____A C:\Windows\Minidump\Mini042313-01.dmp
2013-04-23 15:46 - 2012-10-24 16:48 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-04-22 23:55 - 2012-10-24 16:55 - 00000308 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2438911799-3484224873-888160877-1008.job
2013-04-22 23:55 - 2012-08-14 02:10 - 00000000 ___SD C:\Documents and Settings\HP_Administrator\My Documents\Google Drive
2013-04-22 20:59 - 2004-11-05 04:56 - 00032574 ____A C:\Windows\SchedLgU.Txt
2013-04-22 20:40 - 2013-04-22 18:08 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-04-22 15:40 - 2013-04-22 15:40 - 00098304 ____A C:\Windows\Minidump\Mini042213-01.dmp
2013-04-22 15:40 - 2006-03-03 20:26 - 00000000 ____D C:\Windows\Minidump
2013-04-22 10:23 - 2013-04-22 10:23 - 00124928 ____A (Hilgraeve, Inc.) C:\Documents and Settings\All Users\Application Data\f34rfcdsfwe.exe
2013-04-21 23:28 - 2005-03-19 18:34 - 00000278 ___SH C:\Documents and Settings\HP_Administrator\ntuser.ini
2013-04-21 23:21 - 2013-04-21 23:23 - 00068320 ___AH C:\Windows\Minidump\Mini042113-01.dmp
2013-04-12 21:22 - 2012-08-10 23:03 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Desktop\Ferret Inn
2013-04-10 03:30 - 2004-11-04 20:36 - 00282928 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 03:13 - 2013-04-10 03:12 - 00085769 ____A C:\Windows\KB2817183-IE8.log
2013-04-10 03:13 - 2004-11-04 20:37 - 03184341 ____A C:\Windows\FaxSetup.log
2013-04-10 03:13 - 2004-11-04 20:37 - 01533685 ____A C:\Windows\ocgen.log
2013-04-10 03:13 - 2004-11-04 20:37 - 01461881 ____A C:\Windows\tsoc.log
2013-04-10 03:13 - 2004-11-04 20:37 - 01001693 ____A C:\Windows\iis6.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00975208 ____A C:\Windows\msmqinst.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00901212 ____A C:\Windows\comsetup.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00571198 ____A C:\Windows\netfxocm.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00547958 ____A C:\Windows\ntdtcsetup.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00361999 ____A C:\Windows\plusoc.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00267952 ____A C:\Windows\MedCtrOC.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00172531 ____A C:\Windows\ehOCGen.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00160060 ____A C:\Windows\tabletoc.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00157953 ____A C:\Windows\msgsocm.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00149192 ____A C:\Windows\ocmsn.log
2013-04-10 03:13 - 2004-11-04 20:37 - 00001374 ____A C:\Windows\imsins.log
2013-04-10 03:12 - 2013-04-09 16:40 - 00150496 ____A C:\Windows\KB2808735.log
2013-04-10 03:12 - 2010-09-05 10:25 - 00000000 ____D C:\Windows\ie8updates
2013-04-10 03:12 - 2005-07-08 23:22 - 00354788 ____A C:\Windows\updspapi.log
2013-04-10 03:12 - 2005-07-08 19:07 - 00000000 ___HD C:\Windows\$hf_mig$
2013-04-10 03:12 - 2004-11-04 20:37 - 00001374 ____A C:\Windows\imsins.BAK
2013-04-10 03:11 - 2013-04-10 03:11 - 00000215 ____A C:\Windows\System32\MRT.INI
2013-04-10 03:11 - 2013-04-10 03:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$
2013-04-10 03:11 - 2013-04-10 03:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$
2013-04-10 03:11 - 2013-04-09 16:40 - 00149500 ____A C:\Windows\KB2820917.log
2013-04-10 03:04 - 2006-04-15 07:29 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-10 03:03 - 2013-04-10 03:03 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$
2013-04-10 03:03 - 2013-04-09 16:40 - 00149739 ____A C:\Windows\KB2813345.log
2013-04-10 03:02 - 2013-04-10 03:02 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$
2013-04-05 08:20 - 2012-10-31 15:26 - 00000713 ____A C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
2013-04-03 22:07 - 2011-01-10 19:12 - 00000000 ____D C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Turbine
2013-04-01 19:19 - 2013-04-01 19:19 - 00000000 ____D C:\1fca4a979587afe1b176b92e79876fe7
2013-04-01 19:12 - 2013-04-01 19:13 - 00068320 ___AH C:\Windows\Minidump\Mini040113-01.dmp
2013-03-25 20:40 - 2013-03-25 20:40 - 00000000 ____D C:\Program Files\AVG Secure Search
2013-03-25 20:40 - 2012-09-04 01:14 - 00033624 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx86.sys
2013-03-25 20:40 - 2011-12-19 10:49 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG Secure Search
2013-03-25 20:39 - 2012-06-21 22:15 - 00059238 ____A C:\Windows\setupapi.log

==================== Known DLLs (ALL) =========================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-04-21 19:02 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2020

RP: -> 2013-04-20 13:52 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2019

RP: -> 2013-04-18 21:04 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2018

RP: -> 2013-04-17 17:41 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2017

RP: -> 2013-04-16 13:47 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2016

RP: -> 2013-04-15 12:54 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2015

RP: -> 2013-04-14 08:09 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2014

RP: -> 2013-04-13 07:56 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2013

RP: -> 2013-04-11 05:21 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2012

RP: -> 2013-04-10 03:01 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2011

RP: -> 2013-04-10 01:44 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2010

RP: -> 2013-04-08 19:29 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2009

RP: -> 2013-04-07 13:21 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2008

RP: -> 2013-04-06 13:15 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2007

RP: -> 2013-04-05 07:49 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2006

RP: -> 2013-04-04 07:25 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2005

RP: -> 2013-04-02 21:17 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2004

RP: -> 2013-04-01 19:19 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2003

RP: -> 2013-04-01 00:49 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2002

RP: -> 2013-03-30 12:59 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2001

RP: -> 2013-03-29 12:00 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP2000

RP: -> 2013-03-28 10:11 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1999

RP: -> 2013-03-27 09:42 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1998

RP: -> 2013-03-25 20:42 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1997

RP: -> 2013-03-25 20:38 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1996

RP: -> 2013-03-25 20:37 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1995

RP: -> 2013-03-25 20:37 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1994

RP: -> 2013-03-25 12:31 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1993

RP: -> 2013-03-24 09:08 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1992

RP: -> 2013-03-23 07:13 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1991

RP: -> 2013-03-22 03:00 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1990

RP: -> 2013-03-22 00:33 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1989

RP: -> 2013-03-21 00:33 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1988

RP: -> 2013-03-19 21:48 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1987

RP: -> 2013-03-18 02:10 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1986

RP: -> 2013-03-16 09:42 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1985

RP: -> 2013-03-15 09:39 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1984

RP: -> 2013-03-14 07:41 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1983

RP: -> 2013-03-13 03:00 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1982

RP: -> 2013-03-12 20:00 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1981

RP: -> 2013-03-11 18:55 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1980

RP: -> 2013-03-10 16:29 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1979

RP: -> 2013-03-09 00:38 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1978

RP: -> 2013-03-07 23:37 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1977

RP: -> 2013-03-04 10:23 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1976

RP: -> 2013-03-03 06:45 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1975

RP: -> 2013-03-01 21:47 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1974

RP: -> 2013-02-25 07:59 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1973

RP: -> 2013-02-23 15:40 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1972

RP: -> 2013-02-22 08:12 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1971

RP: -> 2013-02-21 03:04 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1970

RP: -> 2013-02-18 22:09 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1969

RP: -> 2013-02-15 22:28 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1968

RP: -> 2013-02-14 19:15 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1967

RP: -> 2013-02-13 04:01 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1966

RP: -> 2013-02-12 12:56 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1965

RP: -> 2013-02-11 11:42 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1964

RP: -> 2013-02-10 10:17 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1963

RP: -> 2013-02-09 08:56 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1962

RP: -> 2013-02-07 23:18 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1961

RP: -> 2013-02-06 22:09 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1960

RP: -> 2013-02-05 11:23 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1959

RP: -> 2013-02-03 12:38 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1958

RP: -> 2013-02-02 12:22 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1957

RP: -> 2013-02-01 12:06 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1956

RP: -> 2013-01-31 11:49 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1955

RP: -> 2013-01-30 06:35 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1954

RP: -> 2013-01-29 01:34 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1953

RP: -> 2013-01-27 12:38 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1952

RP: -> 2013-01-26 09:24 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1951

RP: -> 2013-01-25 01:37 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1950

RP: -> 2013-01-23 21:50 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1949

RP: -> 2013-01-22 18:45 - 028672 _restore{6F354F18-CACC-49BA-8A22-3DF3CA9BD55B}\RP1948


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2047.3 MB
Available physical RAM: 1768.6 MB
Total Pagefile: 1877.92 MB
Available Pagefile: 1812.26 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.54 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: (HP_PAVILION) (Fixed) (Total:272.7 GB) (Free:221.12 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (HP_RECOVERY) (Fixed) (Total:6.74 GB) (Free:0.67 GB) FAT32 ==>[Drive with boot components (Windows XP)]
Drive g: (DISKGO) (Removable) (Total:14.93 GB) (Free:14.87 GB) NTFS
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 279 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 6918 MB 32 KB
Partition 2 Primary 273 GB 6918 MB
==================================================================================

Disk: 0
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E HP_RECOVERY FAT32 Partition 6918 MB Healthy
=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C HP_PAVILION NTFS Partition 273 GB Healthy
=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 279 GB) (Disk ID: 5FE34B69)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
Partition 2: (Active) - (Size=273 GB) - (Type=07) (NTFS)
Partition 3: (Active) - (Size=0 byte) - (Type=00)

====================================================================
Disk: 2 (Size: 15 GB) (Disk ID: DD63145A)
Partition 1: (Not Active) - (Size=15 GB) - (Type=07) (NTFS)

==================== End Of Log ============================

Attached Files


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download and copy the attached fixlist.txt to the same location as FRST

Run FRST as before and then press fix

Once it has completed then reboot to normal windows and run the following :

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    winsock.*
    /md5stop
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP