Win32:Malware-gen trojan infection
Started by
gregahoffman
, Sep 24 2013 01:33 PM
#46
Posted 27 September 2013 - 01:05 PM
#47
Posted 27 September 2013 - 01:59 PM
Click on My Computer and then on View System Information. It should say Registered to, then give a name then there should be a long string of numbers, letters and dashes. Copy those down. That is your license key. Don't post it.
Now open explore and navigate to C:\windows\system32.
Do you have a wpa.dbl file? Right click and select Properties. What date is on it and how big is it?
Do you also have:
idwlog.exe
wpabaln.exe
regwizc.dll
licdll.dll
Now open explore and navigate to C:\windows\system32.
Do you have a wpa.dbl file? Right click and select Properties. What date is on it and how big is it?
Do you also have:
idwlog.exe
wpabaln.exe
regwizc.dll
licdll.dll
#48
Posted 27 September 2013 - 02:20 PM
Do you have a wpa.dbl file? Right click and select Properties. What date is on it and how big is it?
created 12-31-2002 2.15KB size, 4.00KB size on disk
Do you also have:
idwlog.exe - no
wpabaln.exe - yes
regwizc.dll - yes
licdll.dll - yes
created 12-31-2002 2.15KB size, 4.00KB size on disk
Do you also have:
idwlog.exe - no
wpabaln.exe - yes
regwizc.dll - yes
licdll.dll - yes
#49
Posted 27 September 2013 - 02:36 PM
Copy the text in the code box:
Run OTL
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
then Run Scan.
You should get 1 log. Please copy and paste it.
/md5start wpa.dbl idwlog.exe wpabaln.exe regwizc.dll licdll.dll /md5stop
Run OTL
Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes
then Run Scan.
You should get 1 log. Please copy and paste it.
#50
Posted 27 September 2013 - 02:44 PM
still can't get OTL to run, i'll log in in safe mode and run it
#51
Posted 27 September 2013 - 02:55 PM
heres the log
OTL logfile created on: 9/27/2013 3:47:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 84.37% Memory free
3.84 Gb Paging File | 3.70 Gb Available in Paging File | 96.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.02 Gb Free Space | 73.86% Space Free | Partition Type: NTFS
Computer Name: TEMP-6A27591C80 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/09/25 13:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2002/12/31 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2002/12/31 07:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
========== Services (SafeList) ==========
SRV - [2013/09/24 10:24:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/06/07 18:27:01 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/07 18:26:33 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/01/31 11:58:04 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2012/07/25 16:03:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 02:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/08/30 02:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/06/07 18:26:34 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/29 18:27:34 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/01/31 11:58:04 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/02/25 04:27:32 | 000,118,656 | ---- | M] (TRENDware International, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/22 07:22:52 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 14 25 A8 C2 BB CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2013/09/27 13:50:28 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{308E3A72-D076-4737-B06F-201DDC587F7C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/20 10:14:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/27 14:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/09/27 13:51:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/09/27 13:18:23 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/09/27 13:16:23 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/09/27 12:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/09/27 11:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/09/26 13:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/26 13:02:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/26 09:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/09/25 13:56:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/09/25 13:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/09/25 13:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/09/25 13:54:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2013/09/25 13:54:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/09/25 13:53:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/09/25 13:53:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/09/25 13:53:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/09/25 13:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/09/25 13:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/09/25 13:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/09/25 13:53:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/09/25 13:53:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/09/25 13:53:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/09/25 13:53:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/09/25 13:53:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/09/25 13:53:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/09/25 13:42:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/25 11:58:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/09/24 17:35:33 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/09/24 17:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/09/24 16:21:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/24 16:13:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/24 16:10:13 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/09/24 16:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/09/24 16:10:12 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/09/24 16:10:10 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/09/24 16:10:10 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/09/24 16:10:09 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/09/24 16:09:38 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/09/24 16:09:37 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/09/24 11:04:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/24 10:48:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/24 10:48:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/24 10:48:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/24 10:48:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/24 10:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2013/09/24 08:48:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/24 08:48:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/23 14:04:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/09/23 12:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/23 12:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/23 07:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/09/19 07:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2013/09/18 09:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/18 09:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 30 Days ==========
[2013/09/27 15:46:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/27 15:45:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/27 15:41:32 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/27 15:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/27 14:01:49 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/27 13:56:00 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/09/27 13:50:28 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/27 13:48:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/09/27 13:48:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/09/27 13:47:22 | 000,474,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/27 13:47:22 | 000,084,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/26 13:02:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/25 14:20:46 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\VEW.exe
[2013/09/25 13:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/09/25 12:23:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_611
[2013/09/24 17:35:33 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/24 17:14:15 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/09/24 16:10:13 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/24 11:05:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/09/24 10:32:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/24 10:30:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/09/24 10:24:50 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/24 10:24:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/08/30 02:48:13 | 000,177,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/08/30 02:48:12 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/08/30 02:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/08/30 02:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
========== Files Created - No Company Name ==========
[2013/09/26 13:02:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/25 14:20:46 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\VEW.exe
[2013/09/25 13:53:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/09/25 13:53:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2013/09/24 17:35:35 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/09/24 17:35:34 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/09/24 17:14:15 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/09/24 16:10:13 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/24 16:10:08 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/24 11:05:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/09/24 11:05:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/24 10:48:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/24 10:48:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/24 10:48:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/24 10:48:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/24 10:48:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/24 10:31:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/07/01 07:35:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\Pbtrvd32.dll
[2013/07/01 07:35:02 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\Sbtrv32.dll
[2013/07/01 07:35:02 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Swcomp32.dll
[2013/07/01 07:35:01 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[2013/07/01 07:35:01 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Pedtconv.dll
[2013/07/01 07:35:01 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Vamngr32.dll
[2013/07/01 07:34:51 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2013/07/01 07:34:51 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2013/07/01 07:34:51 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2013/07/01 07:34:51 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2012/10/01 07:22:35 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/09/20 10:40:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/20 10:17:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/09/20 10:11:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/20 04:56:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/09/20 04:55:06 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/11 16:59:30 | 000,009,584 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
========== ZeroAccess Check ==========
[2012/09/27 07:20:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/06/28 16:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2002/12/31 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< MD5 for: LICDLL.DLL >
[2002/12/31 07:00:00 | 000,423,936 | ---- | M] (Microsoft Corporation) MD5=A693A49A67673F2C8D76797EA9A628D0 -- C:\WINDOWS\system32\dllcache\licdll.dll
[2002/12/31 07:00:00 | 000,423,936 | ---- | M] (Microsoft Corporation) MD5=A693A49A67673F2C8D76797EA9A628D0 -- C:\WINDOWS\system32\licdll.dll
< MD5 for: REGWIZC.DLL >
[2002/12/31 07:00:00 | 000,397,824 | ---- | M] (Microsoft) MD5=8B0DC42333E6F52D40F4AE4FFB72C056 -- C:\WINDOWS\system32\dllcache\regwizc.dll
[2002/12/31 07:00:00 | 000,397,824 | ---- | M] (Microsoft) MD5=8B0DC42333E6F52D40F4AE4FFB72C056 -- C:\WINDOWS\system32\regwizc.dll
< MD5 for: WPA.DBL >
[2013/09/27 15:46:09 | 000,002,206 | ---- | M] () MD5=D9F304C4FAA93A9ADAAC4AE7B2027BEA -- C:\WINDOWS\system32\wpa.dbl
< MD5 for: WPABALN.EXE >
[2002/12/31 07:00:00 | 000,032,256 | ---- | M] (Microsoft Corporation) MD5=90CE97657B3F0B651EE8F438A4AB577E -- C:\WINDOWS\system32\dllcache\wpabaln.exe
[2002/12/31 07:00:00 | 000,032,256 | ---- | M] (Microsoft Corporation) MD5=90CE97657B3F0B651EE8F438A4AB577E -- C:\WINDOWS\system32\wpabaln.exe
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wpa.dbl:SummaryInformation
< End of report >
OTL logfile created on: 9/27/2013 3:47:49 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.99 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 84.37% Memory free
3.84 Gb Paging File | 3.70 Gb Available in Paging File | 96.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.02 Gb Free Space | 73.86% Space Free | Partition Type: NTFS
Computer Name: TEMP-6A27591C80 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013/09/25 13:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/03/10 22:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2002/12/31 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2002/12/31 07:00:00 | 000,015,360 | ---- | M] () -- C:\WINDOWS\system32\tsd32.dll
========== Services (SafeList) ==========
SRV - [2013/09/24 10:24:51 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/30 02:47:33 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/06/07 18:27:01 | 000,202,576 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2013/06/07 18:26:33 | 000,375,120 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2013/01/31 11:58:04 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2012/07/25 16:03:12 | 000,045,056 | ---- | M] (Intuit) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2012/06/08 12:06:24 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2013/08/30 02:48:13 | 000,177,864 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2013/08/30 02:48:12 | 000,049,376 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2013/06/07 18:26:34 | 000,086,888 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2013/05/29 18:27:34 | 000,013,624 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2013/01/31 11:58:04 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2012/06/08 12:06:24 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2009/02/25 04:27:32 | 000,118,656 | ---- | M] (TRENDware International, Inc ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/11/16 15:36:00 | 001,047,816 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/10/22 07:22:52 | 000,016,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hppaufd0.sys -- (dot4ufd)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 98 14 25 A8 C2 BB CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2013/09/27 13:50:28 | 000,000,855 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{308E3A72-D076-4737-B06F-201DDC587F7C}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/09/20 10:14:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013/09/27 14:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/09/27 13:51:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2013/09/27 13:18:23 | 000,181,064 | ---- | C] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/09/27 13:16:23 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/09/27 12:56:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
[2013/09/27 11:53:52 | 000,000,000 | ---D | C] -- C:\Program Files\Tweaking.com
[2013/09/26 13:02:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/26 13:02:49 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/09/26 09:14:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2013/09/25 13:56:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/09/25 13:54:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2013/09/25 13:54:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2013/09/25 13:54:19 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2013/09/25 13:54:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2013/09/25 13:53:47 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\Cookies
[2013/09/25 13:53:37 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2013/09/25 13:53:37 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Application Data
[2013/09/25 13:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2013/09/25 13:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2013/09/25 13:53:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2013/09/25 13:53:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2013/09/25 13:53:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2013/09/25 13:53:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\SendTo
[2013/09/25 13:53:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2013/09/25 13:53:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Templates
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Recent
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\NetHood
[2013/09/25 13:53:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2013/09/25 13:53:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2013/09/25 13:42:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/09/25 11:58:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2013/09/24 17:35:33 | 000,066,336 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/09/24 17:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/09/24 16:21:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/09/24 16:13:45 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/24 16:10:13 | 000,029,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/09/24 16:10:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2013/09/24 16:10:12 | 000,369,584 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/09/24 16:10:10 | 000,056,080 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/09/24 16:10:10 | 000,049,760 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/09/24 16:10:09 | 000,770,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/09/24 16:09:38 | 000,041,664 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/09/24 16:09:37 | 000,229,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/09/24 11:04:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/24 10:48:04 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/24 10:48:04 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/24 10:48:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/24 10:48:04 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/24 10:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2013/09/24 08:48:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/24 08:48:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/23 14:04:01 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/09/23 12:58:19 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/09/23 12:58:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/09/23 07:45:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2013/09/19 07:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\WinUtilities
[2013/09/18 09:41:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/09/18 09:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
========== Files - Modified Within 30 Days ==========
[2013/09/27 15:46:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/27 15:45:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/27 15:41:32 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/27 15:23:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/27 14:01:49 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/27 13:56:00 | 000,181,064 | ---- | M] (Sysinternals) -- C:\WINDOWS\PSEXESVC.EXE
[2013/09/27 13:50:28 | 000,000,855 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/27 13:48:48 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2013/09/27 13:48:48 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2013/09/27 13:47:22 | 000,474,954 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/27 13:47:22 | 000,084,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/26 13:02:54 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/25 14:20:46 | 000,061,440 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\VEW.exe
[2013/09/25 13:56:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/09/25 12:23:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts_bak_611
[2013/09/24 17:35:33 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/09/24 17:14:15 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/09/24 16:10:13 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/24 11:05:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/09/24 10:32:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/24 10:30:44 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2013/09/24 10:24:50 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/24 10:24:50 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/30 02:48:13 | 000,369,584 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/08/30 02:48:13 | 000,177,864 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/08/30 02:48:13 | 000,056,080 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/08/30 02:48:12 | 000,770,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/08/30 02:48:12 | 000,049,760 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/08/30 02:48:12 | 000,049,376 | ---- | M] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/08/30 02:48:11 | 000,066,336 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswMonFlt.sys
[2013/08/30 02:48:11 | 000,029,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/08/30 02:47:40 | 000,041,664 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/08/30 02:47:32 | 000,229,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
========== Files Created - No Company Name ==========
[2013/09/26 13:02:54 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/25 14:20:46 | 000,061,440 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\VEW.exe
[2013/09/25 13:53:37 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2013/09/25 13:53:37 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2013/09/24 17:35:35 | 000,177,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013/09/24 17:35:34 | 000,049,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013/09/24 17:14:15 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Speccy.lnk
[2013/09/24 16:10:13 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/09/24 16:10:08 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/09/24 11:05:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/09/24 11:05:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/24 10:48:04 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/24 10:48:04 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/24 10:48:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/24 10:48:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/24 10:48:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/24 10:31:51 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/07/01 07:35:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\System32\Pbtrvd32.dll
[2013/07/01 07:35:02 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\Sbtrv32.dll
[2013/07/01 07:35:02 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\Swcomp32.dll
[2013/07/01 07:35:01 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\W32mkde.exe
[2013/07/01 07:35:01 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Pedtconv.dll
[2013/07/01 07:35:01 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\Vamngr32.dll
[2013/07/01 07:34:51 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2013/07/01 07:34:51 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2013/07/01 07:34:51 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2013/07/01 07:34:51 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2012/10/01 07:22:35 | 000,000,090 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2012/09/20 10:40:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/09/20 10:17:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/09/20 10:11:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/09/20 04:56:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/09/20 04:55:06 | 000,280,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/11 16:59:30 | 000,009,584 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
========== ZeroAccess Check ==========
[2012/09/27 07:20:09 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/06/28 16:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2002/12/31 07:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ==========
< MD5 for: LICDLL.DLL >
[2002/12/31 07:00:00 | 000,423,936 | ---- | M] (Microsoft Corporation) MD5=A693A49A67673F2C8D76797EA9A628D0 -- C:\WINDOWS\system32\dllcache\licdll.dll
[2002/12/31 07:00:00 | 000,423,936 | ---- | M] (Microsoft Corporation) MD5=A693A49A67673F2C8D76797EA9A628D0 -- C:\WINDOWS\system32\licdll.dll
< MD5 for: REGWIZC.DLL >
[2002/12/31 07:00:00 | 000,397,824 | ---- | M] (Microsoft) MD5=8B0DC42333E6F52D40F4AE4FFB72C056 -- C:\WINDOWS\system32\dllcache\regwizc.dll
[2002/12/31 07:00:00 | 000,397,824 | ---- | M] (Microsoft) MD5=8B0DC42333E6F52D40F4AE4FFB72C056 -- C:\WINDOWS\system32\regwizc.dll
< MD5 for: WPA.DBL >
[2013/09/27 15:46:09 | 000,002,206 | ---- | M] () MD5=D9F304C4FAA93A9ADAAC4AE7B2027BEA -- C:\WINDOWS\system32\wpa.dbl
< MD5 for: WPABALN.EXE >
[2002/12/31 07:00:00 | 000,032,256 | ---- | M] (Microsoft Corporation) MD5=90CE97657B3F0B651EE8F438A4AB577E -- C:\WINDOWS\system32\dllcache\wpabaln.exe
[2002/12/31 07:00:00 | 000,032,256 | ---- | M] (Microsoft Corporation) MD5=90CE97657B3F0B651EE8F438A4AB577E -- C:\WINDOWS\system32\wpabaln.exe
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\wpa.dbl:SummaryInformation
< End of report >
#52
Posted 27 September 2013 - 11:59 PM
See if it will let you rename C:\WINDOWS\system32\wpa.dbl to C:\WINDOWS\system32\oldwpa.dbl Then reboot and try the validation again.
#53
Posted 28 September 2013 - 07:00 AM
i'm having trouble finding that folder, i looked in explorer but only found a wpabaln.exe in the dll cache
#54
Posted 28 September 2013 - 07:42 AM
Double-click on the My Computer icon.
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button
Select the Tools menu and click Folder Options.
After the new window appears select the View tab.
Put a checkmark in the checkbox labeled Display the contents of system folders.
Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
Remove the checkmark from the checkbox labeled Hide protected operating system files.
Press the Apply button and then the OK button
#55
Posted 28 September 2013 - 08:31 AM
it was still configured to show hidden files. i also searched for the file but couldn't find it. am i doing something wrong? i apologize for the hassle
#56
Posted 28 September 2013 - 09:08 AM
i searched for the file again and found it but i am not sure where its at or how to rename it
#57
Posted 28 September 2013 - 09:09 AM
OTL says it is there:
C:\WINDOWS\system32\wpa.dbl
Are you able to get to C:\WINDOWS\system32 ?
I guess we can use OTL to rename it:
Copy the text in the code box by highlighting and Ctrl + c
then Double click on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL may not need to reboot the PC when it is done. Save the log and copy and paste it into a reply.
C:\WINDOWS\system32\wpa.dbl
Are you able to get to C:\WINDOWS\system32 ?
I guess we can use OTL to rename it:
Copy the text in the code box by highlighting and Ctrl + c
:files ren C:\WINDOWS\system32\wpa.dbl C:\WINDOWS\system32\oldwpa.dbl /c
then Double click on OTL to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL may not need to reboot the PC when it is done. Save the log and copy and paste it into a reply.
#58
Posted 28 September 2013 - 09:10 AM
i'll have to go to safe mode. thanks, be right back, i hope
#59
Posted 28 September 2013 - 09:21 AM
heres the log
========== FILES ==========
< ren C:\WINDOWS\system32\wpa.dbl C:\WINDOWS\system32\oldwpa.dbl /c >
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 09282013_102043
========== FILES ==========
< ren C:\WINDOWS\system32\wpa.dbl C:\WINDOWS\system32\oldwpa.dbl /c >
C:\Documents and Settings\Administrator\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Administrator\Desktop\cmd.txt deleted successfully.
OTL by OldTimer - Version 3.2.69.0 log created on 09282013_102043
#60
Posted 28 September 2013 - 09:21 AM
weird that OTL won't run in normal mode
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users