Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware removal - USB disabled / unable to access internet

Started by Ihatemalwaretoo , Mar 07 2011 09:09 PM

  • Please log in to reply

#1
Ihatemalwaretoo
Posted 07 March 2011 - 09:09 PM

Ihatemalwaretoo

    Member

  • Member
  • PipPip
  • 22 posts
My computer will start up to a black screen with a pop-up box stating that "Windows Boot Failure. Press 'OK' to fix boot failure". When exited out of the pop-up, a new pop-up appears "Windows Disk Diagnostic Tool will scan the system to identify performance issues", with two check boxes "check hard drive sectors" and "system integrity". Then another pop-up: "A problem with the hard drive has been detected. It is strongly recommended that you download and install the following certified software to fix detected hard drive errors. Do you want to download recommended software?". Then a program comes up called "WindowsSafemode"and starts to perform scans etc..

The computer wont let me do anything else...

I have read other theads about using OTL however I can't get passed the first above screen to enable access to the internet to download and when trying to use a USB stick it would appear that the ports are possibly disabled as the USB stick is not recognized on inserting into the port. Any idea how I can instal OTL to be able to diagnose the problem. In addition the task manager has been disabled too. Thanks a lot. Steve

A little progress, here are the OTL logs:
OTL logfile created on: 08/03/2011 03:30:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = G:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

959.00 Mb Total Physical Memory | 710.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 17.79 Gb Free Space | 23.87% Space Free | Partition Type: NTFS
Drive F: | 488.23 Mb Total Space | 473.63 Mb Free Space | 97.01% Space Free | Partition Type: FAT
Drive G: | 1.46 Mb Total Space | 0.70 Mb Free Space | 48.19% Space Free | Partition Type: FAT

Computer Name: HOME | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/08 03:29:40 | 000,672,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\45828.exe
PRC - [2011/03/08 02:35:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- G:\OTL(2).exe
PRC - [2008/04/14 12:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/08 02:35:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- G:\OTL(2).exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Pml Driver HPZ12)
SRV - File not found [Auto | Stopped] -- -- (Net Driver HPZ12)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/12/21 12:43:52 | 000,886,176 | ---- | M] (Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\Streaming Client\RadeSvc.exe -- (RadeSvc)
SRV - [2010/12/21 12:43:06 | 000,120,232 | ---- | M] (Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Citrix\Streaming Client\RadeHlprSvc.exe -- (RadeHlprSvc)
SRV - [2010/02/01 12:06:06 | 000,320,832 | ---- | M] (Citrix Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Citrix\System32\CdfSvc.exe -- (CdfSvc)
SRV - [2009/09/18 18:48:28 | 000,009,216 | ---- | M] (Vodafone) [Auto | Stopped] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2009/07/26 00:38:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/12/01 18:59:52 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper) getPlus®
SRV - [2008/08/15 12:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)


========== Driver Services (SafeList) ==========

DRV - [2010/12/09 06:19:18 | 000,200,312 | ---- | M] (Citrix Systems, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CtxSbx.sys -- (CtxSbx)
DRV - [2010/12/09 06:19:18 | 000,058,488 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ctxpidmn.sys -- (ctxpidmn)
DRV - [2010/01/19 01:32:56 | 000,031,280 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\cdfdrv.sys -- (cdfdrv)
DRV - [2009/07/23 12:57:22 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/07/23 12:57:22 | 000,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/07/23 12:57:22 | 000,100,480 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2007/06/19 00:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/01 16:55:48 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/29 22:12:28 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/08/29 22:11:08 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/08/29 22:10:56 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/07/27 22:44:42 | 000,581,632 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2006/06/28 17:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/03/05 23:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006/03/03 00:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 00:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/01/27 08:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2006/01/27 08:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/01/02 04:21:44 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005/08/02 15:00:36 | 000,232,192 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2004/09/29 18:28:36 | 000,016,292 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCANDIS5.SYS -- (PCANDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/30 16:58:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/02/17 23:05:21 | 000,000,000 | ---D | M]

[2011/02/17 23:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/17 23:05:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/03 17:47:02 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/12/03 17:47:02 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/12/03 17:47:02 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/12/03 17:47:02 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/07/26 01:17:42 | 000,001,665 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 3 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (PriceGongCtrl Class) - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - C:\Program Files\PriceGong\1.5.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [F5D8071] C:\Program Files\Belkin\F5D8071v1\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bitmeter2.lnk = C:\Program Files\Codebox\BitMeter\BitMeter2.exe ( )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/01 21:26:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll) - C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/08 03:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Start Menu\Programs\Windows Safemode
[2011/03/08 03:29:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.HOME\Application Data\Microsoft
[2011/03/08 03:29:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator.HOME\Cookies
[2011/03/08 03:29:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.HOME\SendTo
[2011/03/08 03:29:34 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator.HOME\Application Data
[2011/03/08 03:29:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HOME\Start Menu\Programs\Startup
[2011/03/08 03:29:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HOME\Start Menu
[2011/03/08 03:29:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator.HOME\Start Menu\Programs\Accessories
[2011/03/08 03:29:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HOME\Templates
[2011/03/08 03:29:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HOME\Recent
[2011/03/08 03:29:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HOME\PrintHood
[2011/03/08 03:29:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HOME\NetHood
[2011/03/08 03:29:34 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator.HOME\Local Settings
[2011/03/08 03:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\My Documents
[2011/03/08 03:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Local Settings\Application Data\Microsoft
[2011/03/08 03:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Application Data\Macromedia
[2011/03/08 03:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Favorites
[2011/03/08 03:29:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Desktop
[2011/03/08 03:25:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/02 03:03:22 | 000,733,184 | ---- | C] (ACTS) -- C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll
[2011/02/20 09:35:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/17 23:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Citrix
[2011/02/17 23:20:45 | 000,000,000 | ---D | C] -- C:\Program Files\Citrix
[2011/02/17 23:19:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011/02/17 23:05:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/02/17 23:05:21 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/02/17 23:05:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/02/17 23:05:21 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/08 03:29:50 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Desktop\Windows Safemode.lnk
[2011/03/08 03:29:42 | 000,000,344 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\45828
[2011/03/08 03:29:40 | 000,672,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\45828.exe
[2011/03/08 03:29:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/08 03:25:55 | 000,672,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\86140.exe
[2011/03/08 03:12:02 | 000,000,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~75328
[2011/03/08 03:12:01 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~75328r
[2011/03/08 03:12:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/08 03:05:55 | 000,000,392 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\75328
[2011/03/08 03:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/03/08 02:59:17 | 000,436,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/08 02:59:17 | 000,068,668 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/08 02:55:17 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/08 00:53:28 | 000,014,863 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/03/08 00:53:24 | 000,672,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\75328.exe
[2011/03/08 00:16:22 | 000,672,256 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\39265.exe
[2011/03/08 00:08:43 | 000,696,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
[2011/03/07 20:38:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/02 03:03:22 | 000,733,184 | ---- | M] (ACTS) -- C:\Documents and Settings\All Users\Application Data\KKttWaNfnwBvi.dll
[2011/02/18 14:03:15 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/16 22:07:16 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/08 03:29:50 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Desktop\Windows Safemode.lnk
[2011/03/08 03:29:42 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\45828
[2011/03/08 03:29:40 | 000,672,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\45828.exe
[2011/03/08 03:29:35 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/08 03:29:35 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Application Data\Microsoft\Internet Explorer\Quick Launch\jZip.lnk
[2011/03/08 03:29:34 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Start Menu\Programs\Remote Assistance.lnk
[2011/03/08 03:29:34 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Start Menu\Programs\Windows Media Player.lnk
[2011/03/08 03:25:55 | 000,672,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\86140.exe
[2011/03/08 01:45:39 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~75328
[2011/03/08 01:45:39 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~75328r
[2011/03/08 00:53:29 | 000,000,392 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\75328
[2011/03/08 00:53:24 | 000,672,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\75328.exe
[2011/03/08 00:16:22 | 000,672,256 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\39265.exe
[2011/03/08 00:08:43 | 000,696,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\KDfipsQcxuWorYT.dll
[2011/01/30 16:58:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/28 10:01:17 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/05/09 14:00:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/02/22 03:00:05 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2009/08/28 15:16:16 | 000,130,238 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2009/04/25 22:31:06 | 000,002,048 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2006/07/21 04:58:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/07/21 04:58:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/07/21 04:58:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/07/21 04:58:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/07/21 04:58:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/07/21 04:58:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/07/21 04:58:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/07/21 04:58:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/07/21 04:58:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/01/02 04:30:04 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/01/02 04:27:19 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/01 21:29:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/01 21:22:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/01 13:13:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/01 13:12:19 | 002,136,624 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 12:00:00 | 000,436,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 12:00:00 | 000,068,668 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Use the below from a previous thread and it worked, thanks all
:OTL
IE - HKU\Carol_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Carol_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\All Users\Application Data\IleLeRrJUXqVhEh.dll) - C:\Documents and Settings\All Users\Application Data\IleLeRrJUXqVhEh.dll ()

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Edited by Ihatemalwaretoo, 07 March 2011 - 10:12 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP