Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer freezes during start up..


  • This topic is locked This topic is locked
14 replies to this topic

#1 IPT

IPT

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 28 May 2010 - 03:37 PM

I got some virus, can't even remember which one now. i was running an antispware (I had already run Malware and that didn't get it..this was another program I think was also recommended here). Well, I got tied up and I think the battery died while it was scanning. Now if I try to start up in regular mode I get a blank screen. If I do the F8 I get the boot menu. I have tried to startup in safe mode and in safe mode with Netwroking. As it runs thru the system list it gets to the line ending in "ISAPNP.SYS" and stops there...then nothing. What if anything can I do for this? Is this thing fried now?
XP-Pro

BC AdBot (Login to Remove)

 


#2 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:02:21 AM

Posted 28 May 2010 - 07:29 PM

Do you have the XP Pro installation disk?


If you have the disk, you can boot to it and choose repair.


Please read this information from Microsofts web site.

http://support.microsoft.com/kb/978788
Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:21 AM

Posted 29 May 2010 - 03:51 AM

Hello there, please try to follow the steps below. I will move this topic to a more appropriate forum.

Please download OTLPE (filesize 120,9 MB)
  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 IPT

IPT
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 31 May 2010 - 04:07 AM


sorry, where has this thread been moved too? smile.gif, thanks.

Edited by IPT, 31 May 2010 - 04:07 AM.


#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:21 AM

Posted 31 May 2010 - 04:11 AM

Its just here, you posted in the right place smile.gif

Please proceed with the instructions from my previous post.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 IPT

IPT
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 01 June 2010 - 02:28 AM

Thank you Elise ... here is the file.


OTL logfile created on: 6/1/2010 12:22:20 AM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 813.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 845.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.93 Gb Total Space | 43.74 Gb Free Space | 63.45% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (Thdisf)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/08/12 23:37:44 | 000,337,160 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2009/08/12 23:37:42 | 000,648,456 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe -- (tmproxy)
SRV - [2009/08/12 23:37:42 | 000,488,768 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe -- (TmPfw)
SRV - [2009/08/12 23:37:06 | 000,703,008 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe -- (SfCtlCom)
SRV - [2008/12/09 19:01:22 | 000,024,576 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/10/23 20:09:28 | 000,296,368 | ---- | M] (SonicWALL Inc.) [Auto] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
SRV - [2007/05/24 11:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/02 13:07:51 | 000,086,528 | ---- | M] (Google) [On_Demand] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2005/05/04 02:04:28 | 009,150,464 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe -- (MSSQL$MICROSOFTSMLBIZ)
SRV - [2005/05/03 23:42:56 | 000,323,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTSMLBIZ)
SRV - [2004/04/07 14:07:32 | 001,135,728 | ---- | M] (America Online, Inc.) [Auto] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/05/28 14:38:49 | 000,823,808 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pzdrkx.sys -- (pzdrkx)
DRV - [2009/08/13 00:38:42 | 001,223,832 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/08/13 00:38:42 | 000,225,808 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/08/13 00:38:40 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/08/12 23:38:42 | 000,335,376 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TM_CFW.sys -- (tmcfw)
DRV - [2009/08/12 23:38:42 | 000,157,712 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/08/12 23:38:42 | 000,066,320 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2009/08/12 23:38:42 | 000,052,752 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2009/08/12 23:38:42 | 000,050,192 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2008/05/28 14:33:38 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/05/28 14:33:36 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/28 14:33:36 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/10/23 20:09:18 | 000,019,376 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2007/06/17 06:43:49 | 000,186,592 | R--- | M] (Jungo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2007/01/02 13:05:48 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/23 02:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 09:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/25 01:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/03/08 20:35:10 | 000,191,872 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/01/10 13:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 17:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 17:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 17:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/06 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/12/06 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/12/06 03:05:00 | 000,086,586 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/12/06 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/12/06 03:05:00 | 000,025,883 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/12/06 03:05:00 | 000,015,227 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/12/06 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/12/06 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/12/06 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/12/01 05:22:00 | 000,087,488 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/11/23 04:56:00 | 000,040,480 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/12 19:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004/08/04 01:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004/08/04 00:59:44 | 000,095,360 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2004/02/13 18:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 18:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/08/26 22:29:42 | 000,023,387 | ---- | M] (Magic Control Technology Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\u2s2kxp.sys -- (U2SP) USB to Serial Converter Driver(Philips)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\Louis_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4070102
IE - HKU\Louis_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Louis_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\Louis_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\Louis_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Louis_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Louis_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found


O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\e1fstphfds.dll) - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\WINDOWS\system32\e1fstphfds.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\Louis_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\Louis_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [cqbbcwwl] C:\Documents and Settings\Louis\Local Settings\Application Data\vppamxwog\betdpgxtssd.exe ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [eodfaqzfjamys] C:\WINDOWS\System32\gstnhthptlfv.dll ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\lkzfefti.exe ()
O4 - HKLM..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Privat)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [skb] C:\WINDOWS\System32\ujamfrgf.dll ()
O4 - HKLM..\Run: [SonicWALLNetExtender] C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEGui.exe (SonicWALL Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe (Microsoft® Corporation)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\Administrator_ON_C..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe File not found
O4 - HKU\Guest_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\Guest_ON_C..\Run: [OE_OEM] C:\Program Files\Trend Micro\Internet Security 14\TMAS_OE\TMAS_OEMon.exe File not found
O4 - HKU\Louis_ON_C..\Run: [cqbbcwwl] C:\Documents and Settings\Louis\Local Settings\Application Data\vppamxwog\betdpgxtssd.exe ()
O4 - HKU\Louis_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Louis_ON_C..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Documents and Settings\Louis\Local Settings\Temp\dsel0l07e.exe ()
O4 - HKU\Louis_ON_C..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Documents and Settings\Louis\Local Settings\Temp\nvsvc32.exe ()
O4 - HKU\Louis_ON_C..\Run: [mcexecwin] C:\Documents and Settings\Louis\Local Settings\Temp\o0b9wr5.dll ()
O4 - HKU\Louis_ON_C..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\Louis_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe File not found
O4 - Startup: C:\Documents and Settings\Louis\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Louis\Application Data\SystemProc\lsass.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = [binary data]
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThemesTab = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoColorChoice = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSizeChoice = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVisualStyleChoice = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 204.17.139.2 209.112.128.2
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2006\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\a43e7dc4922: DllName - C:\WINDOWS\system32\gptext32.dll - C:\WINDOWS\system32\gptext32.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O22 - SharedTaskScheduler: {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - har98fefiesjfs93s8i9sejsdf - C:\WINDOWS\system32\e1fstphfds.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 19:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Louis\Local Settings\Application Data\Windows Server\zetypv.dll) - C:\Documents and Settings\Louis\Local Settings\Application Data\Windows Server\zetypv.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/28 13:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Application Data\Street-Ads
[2010/05/27 21:36:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/05/27 21:36:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/05/27 17:45:20 | 000,000,000 | ---D | C] -- C:\Program Files\$NtUninstallWTF1012$
[2010/05/27 17:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Local Settings\Application Data\vppamxwog
[2010/05/27 17:43:48 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Louis\Application Data\SystemProc
[2010/05/27 17:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Local Settings\Application Data\Windows Server
[2010/05/27 17:42:28 | 000,036,439 | ---- | C] (Privat) -- C:\WINDOWS\System32\net.net
[2010/05/24 13:24:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/05/18 14:30:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\My Documents\neck pain pts
[2010/05/18 14:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\My Documents\Back pain pts
[2010/05/13 21:51:51 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/05/11 14:34:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\My Documents\denali spring
[2010/05/04 19:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[25 C:\Documents and Settings\Louis\My Documents\*.tmp files -> C:\Documents and Settings\Louis\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/28 14:38:49 | 000,823,808 | ---- | M] () -- C:\WINDOWS\System32\drivers\pzdrkx.sys
[2010/05/28 13:46:34 | 000,554,366 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/28 13:46:34 | 000,463,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/28 13:46:34 | 000,080,328 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/28 13:42:39 | 000,003,321 | -HS- | M] () -- C:\Documents and Settings\Louis\Application Data\020000008404a04f922P.manifest
[2010/05/28 13:42:39 | 000,000,013 | -HS- | M] () -- C:\Documents and Settings\Louis\Application Data\020000008404a04f922C.manifest
[2010/05/28 13:42:39 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Louis\Application Data\020000008404a04f922S.manifest
[2010/05/28 13:42:39 | 000,000,011 | -HS- | M] () -- C:\Documents and Settings\Louis\Application Data\020000008404a04f922O.manifest
[2010/05/28 13:42:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/28 13:41:40 | 000,262,144 | ---- | M] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2010/05/28 13:41:40 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/05/28 13:41:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/28 13:41:32 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Louis\NTUSER.DAT
[2010/05/28 13:41:32 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Louis\ntuser.ini
[2010/05/28 13:41:23 | 005,747,682 | -H-- | M] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\IconCache.db
[2010/05/28 13:32:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/05/27 20:57:25 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/27 17:45:22 | 000,050,981 | ---- | M] () -- C:\WINDOWS\System32\vszgdmachtmynfke.exe
[2010/05/27 17:43:42 | 000,182,272 | ---- | M] () -- C:\WINDOWS\System32\gptext32.dll
[2010/05/27 17:43:34 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\e1fstphfds.dll
[2010/05/27 17:42:29 | 000,036,439 | ---- | M] (Privat) -- C:\WINDOWS\System32\net.net
[2010/05/27 07:57:10 | 000,169,472 | ---- | M] () -- C:\WINDOWS\System32\gstnhthptlfv.dll
[2010/05/26 21:01:32 | 000,000,190 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/05/25 01:38:04 | 000,309,248 | ---- | M] () -- C:\WINDOWS\System32\papjgrmp.dll
[2010/05/25 01:37:48 | 000,327,680 | ---- | M] () -- C:\WINDOWS\System32\ujamfrgf.dll
[2010/05/24 13:55:39 | 000,070,788 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\pl6.jpg
[2010/05/24 13:54:46 | 000,166,294 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\pl5.jpg
[2010/05/24 13:50:44 | 000,162,456 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\pl4.jpg
[2010/05/24 13:36:50 | 000,128,074 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\pl3.jpg
[2010/05/24 13:34:17 | 000,237,987 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\pl2.jpg
[2010/05/24 13:33:44 | 000,160,866 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\pl.jpg
[2010/05/24 13:29:55 | 000,093,960 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\plant-2.jpg
[2010/05/24 13:28:28 | 000,111,771 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\plant1.jpg
[2010/05/24 12:31:20 | 000,040,633 | ---- | M] () -- C:\WINDOWS\System32\lkzfefti.exe
[2010/05/20 15:50:16 | 019,382,272 | R--- | M] () -- C:\Documents and Settings\Louis\My Documents\Integrative Physical Therapy updated.QBW
[2010/05/20 15:50:16 | 002,686,976 | R--- | M] () -- C:\Documents and Settings\Louis\My Documents\Integrative Physical Therapy updated.QBW.TLG
[2010/05/20 15:50:16 | 000,000,387 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\Integrative Physical Therapy updated.QBW.nd
[2010/05/19 13:59:27 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\Market- 5-10.doc
[2010/05/18 14:21:31 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/13 21:03:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/13 14:00:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/11 14:10:54 | 001,484,576 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\Denali pics.zip
[2010/05/10 22:32:23 | 000,088,440 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\cubs.jpg
[2010/05/10 19:34:48 | 000,077,752 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\Lynx.jpg
[2010/05/05 13:37:54 | 000,011,439 | ---- | M] () -- C:\Documents and Settings\Louis\My Documents\FOR RENT.docx
[2010/05/04 21:54:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[25 C:\Documents and Settings\Louis\My Documents\*.tmp files -> C:\Documents and Settings\Louis\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/27 20:57:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/05/27 17:45:22 | 000,050,981 | ---- | C] () -- C:\WINDOWS\System32\vszgdmachtmynfke.exe
[2010/05/27 17:44:52 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\pzdrkx.sys
[2010/05/27 17:43:43 | 000,003,321 | -HS- | C] () -- C:\Documents and Settings\Louis\Application Data\020000008404a04f922P.manifest
[2010/05/27 17:43:43 | 000,000,013 | -HS- | C] () -- C:\Documents and Settings\Louis\Application Data\020000008404a04f922C.manifest
[2010/05/27 17:43:43 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Louis\Application Data\020000008404a04f922S.manifest
[2010/05/27 17:43:43 | 000,000,011 | -HS- | C] () -- C:\Documents and Settings\Louis\Application Data\020000008404a04f922O.manifest
[2010/05/27 17:43:42 | 000,182,272 | ---- | C] () -- C:\WINDOWS\System32\gptext32.dll
[2010/05/27 17:43:34 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\e1fstphfds.dll
[2010/05/27 07:57:10 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\gstnhthptlfv.dll
[2010/05/25 01:38:04 | 000,309,248 | ---- | C] () -- C:\WINDOWS\System32\papjgrmp.dll
[2010/05/25 01:37:48 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\ujamfrgf.dll
[2010/05/24 13:55:39 | 000,070,788 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\pl6.jpg
[2010/05/24 13:54:46 | 000,166,294 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\pl5.jpg
[2010/05/24 13:50:43 | 000,162,456 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\pl4.jpg
[2010/05/24 13:36:44 | 000,128,074 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\pl3.jpg
[2010/05/24 13:34:16 | 000,237,987 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\pl2.jpg
[2010/05/24 13:33:43 | 000,160,866 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\pl.jpg
[2010/05/24 13:29:55 | 000,093,960 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\plant-2.jpg
[2010/05/24 13:28:27 | 000,111,771 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\plant1.jpg
[2010/05/24 12:31:20 | 000,040,633 | ---- | C] () -- C:\WINDOWS\System32\lkzfefti.exe
[2010/05/19 13:59:27 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\Market- 5-10.doc
[2010/05/11 14:10:54 | 001,484,576 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\Denali pics.zip
[2010/05/10 22:32:21 | 000,088,440 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\cubs.jpg
[2010/05/10 19:34:46 | 000,077,752 | ---- | C] () -- C:\Documents and Settings\Louis\My Documents\Lynx.jpg
[2010/05/04 20:03:52 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/22 15:06:13 | 000,208,904 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/05/13 21:55:11 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2007/12/17 15:19:18 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHealr.dll
[2007/10/09 18:08:13 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2007/10/09 18:08:11 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat
[2007/10/09 18:08:11 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Guest\ntuser.dat.LOG
[2007/10/09 18:08:11 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Guest\ntuser.ini
[2007/02/07 16:58:35 | 000,000,190 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007/01/15 04:31:18 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/15 04:31:18 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\EF4B384ABF.sys
[2007/01/11 03:07:12 | 000,053,248 | ---- | C] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/08 23:01:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Louis\Application Data\wklnhst.dat
[2007/01/08 22:43:00 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Louis\Local Settings\Application Data\fusioncache.dat
[2007/01/08 22:42:54 | 004,456,448 | ---- | C] () -- C:\Documents and Settings\Louis\NTUSER.DAT
[2007/01/08 22:42:54 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\Louis\ntuser.dat.LOG
[2007/01/08 22:42:54 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Louis\ntuser.ini
[2007/01/02 13:22:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/01/02 13:17:34 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2007/01/02 13:13:48 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/01/02 13:12:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/01/02 13:06:29 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/01/02 12:56:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/01/02 12:55:58 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/01/02 12:31:36 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/01/02 12:31:22 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 01:20:24 | 000,786,432 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2004/08/12 01:20:15 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\LocalService\NTUSER.DAT
[2004/08/12 01:20:15 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2004/08/11 19:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:20:25 | 000,086,016 | -H-- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat.LOG
[2004/08/11 19:20:25 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2004/08/11 19:20:16 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\LocalService\ntuser.ini
[2004/08/11 19:20:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[2004/08/11 19:20:15 | 000,008,192 | -H-- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat.LOG
[2004/08/11 19:20:15 | 000,000,020 | -HS- | C] () -- C:\Documents and Settings\NetworkService\ntuser.ini
[2004/08/11 19:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 00:59:44 | 000,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007/01/13 18:11:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Canon
[2007/11/27 00:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Digital Aquatics
[2007/01/11 03:08:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Leadertech
[2010/05/28 13:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Street-Ads
[2010/05/28 13:32:40 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Louis\Application Data\SystemProc
[2008/02/05 17:02:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\TACX
[2007/01/08 23:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Louis\Application Data\Template
[2010/05/28 13:32:08 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========


< End of report >




#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:21 AM

Posted 01 June 2010 - 03:27 AM

Well done smile.gif

There is a lot of stuff to fix there, but first of all we need to find a replacement copy for an infected driver file.

Please rerun OTLPE and copy/paste the text below into the "run scan/fix" field. Now click the NONE button and then the Run Scan button.

CODE
/md5start
atapi.sys
/md5stop
Please post me the resulting log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 IPT

IPT
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 01 June 2010 - 01:26 PM

Okay, there are many fields where I can click "none". Which ones shuld I change to "none" and which ones should I leave marked as they are?

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:21 AM

Posted 01 June 2010 - 02:03 PM

In the Top Left corner, click the NONE button. This will set all options to NONE. The reason we do this is to shorten the log. At this point only the custom scan results are of interest.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 IPT

IPT
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 01 June 2010 - 02:41 PM

okay...here it is.

OTL logfile created on: 6/1/2010 2:29:40 PM - Run
OTLPE by OldTimer - Version 3.1.39.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 814.00 Mb Available Physical Memory | 80.00% Memory free
902.00 Mb Paging File | 845.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.93 Gb Total Space | 42.75 Gb Free Space | 62.02% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 433.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] () MD5=180C34747AC1E243666757A962C2D5B9 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 00:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
< End of report >

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:21 AM

Posted 01 June 2010 - 03:25 PM

Well done, now lets attempt some fixing smile.gif

Rerun OTLPE, copy/paste the text in the codebox into the "run scan/fix" field and click Run Fix. Afterwards try to boot and let me know what happens.
CODE
:files
C:\WINDOWS\system32\drivers\atapi.sys|C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys /replace

:otl
DRV - [2010/05/28 14:38:49 | 000,823,808 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pzdrkx.sys -- (pzdrkx)
IE - HKU\Louis_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\Louis_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Louis_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin File not found
O2 - BHO: (C:\WINDOWS\system32\e1fstphfds.dll) - {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - C:\WINDOWS\system32\e1fstphfds.dll ()
O4 - HKLM..\Run: [cqbbcwwl] C:\Documents and Settings\Louis\Local Settings\Application Data\vppamxwog\betdpgxtssd.exe ()
O4 - HKLM..\Run: [eodfaqzfjamys] C:\WINDOWS\System32\gstnhthptlfv.dll ()
O4 - HKLM..\Run: [MChk] C:\WINDOWS\system32\lkzfefti.exe ()
O4 - HKLM..\Run: [net] C:\WINDOWS\System32\net.net (Privat)
O4 - HKLM..\Run: [skb] C:\WINDOWS\System32\ujamfrgf.dll ()
O4 - HKU\Louis_ON_C..\Run: [cqbbcwwl] C:\Documents and Settings\Louis\Local Settings\Application Data\vppamxwog\betdpgxtssd.exe ()
O4 - HKU\Louis_ON_C..\Run: [hsfe8owijfisjhgs7ye39gjsoighsd7y3eu] C:\Documents and Settings\Louis\Local Settings\Temp\dsel0l07e.exe ()
O4 - HKU\Louis_ON_C..\Run: [hsfg9w8gujsokgahi8gysgnsdgefshyjy] C:\Documents and Settings\Louis\Local Settings\Temp\nvsvc32.exe ()
O4 - HKU\Louis_ON_C..\Run: [mcexecwin] C:\Documents and Settings\Louis\Local Settings\Temp\o0b9wr5.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Documents and Settings\Louis\Application Data\SystemProc\lsass.exe ()
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = [binary data]
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\Louis_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - Winlogon\Notify\a43e7dc4922: DllName - C:\WINDOWS\system32\gptext32.dll - C:\WINDOWS\system32\gptext32.dll ()
O22 - SharedTaskScheduler: {C7BA40A1-74F2-52BD-F411-04B15A2C8953} - har98fefiesjfs93s8i9sejsdf - C:\WINDOWS\system32\e1fstphfds.dll ()
O36 - AppCertDlls: AppSecDll - (C:\Documents and Settings\Louis\Local Settings\Application Data\Windows Server\zetypv.dll) - C:\Documents and Settings\Louis\Local Settings\Application Data\Windows Server\zetypv.dll ()
[2010/05/27 17:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Louis\Local Settings\Application Data\vppamxwog
[2010/05/25 01:38:04 | 000,309,248 | ---- | M] () -- C:\WINDOWS\System32\papjgrmp.dll

:commands
[emptytemp]


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 IPT

IPT
  • Topic Starter

  • Members
  • 99 posts
  • OFFLINE
  •  
  • Local time:10:21 PM

Posted 01 June 2010 - 06:19 PM

Elise - that seems to have resolved the issue. I am able to start up normally without the disc and also navagate my Network and get online. Thank you so much for your help and guidence. Do you have any other recommendations at this time? Thanks again for your help, it is very much appreciated.
Louis

Edited by IPT, 01 June 2010 - 07:37 PM.


#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:21 AM

Posted 02 June 2010 - 03:41 AM

Hi, I'm glad to hear that smile.gif

To be sure lets doublecheck, there was a lot of nasty stuff out there ;)

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Please also rerun OTLPE, make sure under "extra registry" Use Safelist is checked and run the scan. When done, post me c:\extra.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:21 AM

Posted 10 June 2010 - 06:26 AM

Hello, are you still there?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,091 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:21 AM

Posted 15 June 2010 - 06:06 AM

Due to lack of activity this topic is now closed.

If you are the original topic starter and you need this topic reopened, please send me a PM.

Everyone else, please start a new topic.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users