Log in

Corrosive · 1 Guess what.. System tools 2011.. on Fri Jan 07, 2011 12:20 am

Corrosive

Member
Member

My girls computer is infected and keeps getting a BSOD either when I try to start a program right after start-up (during start-up processes) or when I try to run certain programs, such as combofix. It always BSODs eventually. I was wondering if it's possible the virus has screwed her memory, or if it's probably just the virus choking off resources.

After that, how do I get rid of it? I've googled it and followed several methods and none seem to work, or I can't complete the entire process due to BSOD at the most inopportune moments Mad

I'm at my wits end and I'd really rather get to the bottom of it myself rather than paying some dude 100 dollars to do it.

Sorry, it's a windows vista. Should I try and do the log thing again. It crashed last time =/

DragonMaster Jay · 2 Re: Guess what.. System tools 2011.. on Fri Jan 07, 2011 8:48 pm

DragonMaster Jay

Site Owner

ComboFix is a dangerous tool. Do you have the log from it located at c:\combofix.txt?

Corrosive · 3 Re: Guess what.. System tools 2011.. on Sat Jan 08, 2011 1:35 am

Corrosive

Member
Member

It BSODd before it even ran the command prompt looking app.

DragonMaster Jay · 4 Re: Guess what.. System tools 2011.. on Mon Jan 10, 2011 12:52 am

DragonMaster Jay

Site Owner

Not good.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Network REATOGO Windows Recovery Environment.

Place a blank CD-R disc in to your CD burning drive.
Download OTLPENet.exe and double-click on it to burn to a CD using ISO Burner.
Reboot your system using the boot CD you just created.

Note : If you do not know how to set your computer to boot from CD follow the steps here
Your system should now display a REATOGO-X-PE desktop.
Double-click on the OTLPE icon.
When asked "Do you wish to load the remote registry", select Yes
When asked "Do you wish to load remote user profile(s) for scanning", select Yes
Ensure the box "Automatically Load All Remaining Users" is checked and press OK
OTL should now start. Change the following settings
- Change Drivers to Non-Microsoft
- Press Run Scan to start the scan.
- When finished, the file will be saved in drive C:\_OTL\MovedFiles
- Copy this file to your USB drive if you do not have internet connection on this system
- Please post the contents of the OTL.txt file in your reply.

Corrosive · 5 Re: Guess what.. System tools 2011.. on Fri Jan 14, 2011 1:39 am

Corrosive

Member
Member

OTL logfile created on: 1/14/2011 12:18:32 AM - Run
OTLPE by OldTimer - Version 3.1.44.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.74 Gb Total Space | 77.87 Gb Free Space | 56.95% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 5.40 Gb Free Space | 55.25% Space Free | Partition Type: NTFS
Drive X: | 436.55 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2010/08/30 10:03:22 | 001,145,816 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/08/13 14:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 12:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/04/26 16:58:12 | 000,256,512 | ---- | M] () [Auto] -- C:\32788R22FWJFW\pev.exe -- (PEVSystemStart)
SRV - [2010/03/18 14:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 15:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Disabled] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/08/23 15:35:30 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 15:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (BCM42RLY)
DRV - [2010/08/18 14:51:26 | 000,237,632 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/07/16 15:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\Windows\System32\drivers\pctDS.sys -- (pctDS)
DRV - [2008/01/25 00:42:14 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/20 21:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 21:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 21:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 21:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 21:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 21:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 21:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 21:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 21:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 21:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 21:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 21:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 21:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 21:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 21:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 21:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 21:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 21:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 21:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 21:23:21 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 21:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 21:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 21:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 21:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 21:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/12/12 01:02:00 | 001,044,984 | ---- | M] (Broadcom Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/11/13 01:26:12 | 003,078,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/11/13 01:26:12 | 003,078,144 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/10/24 05:02:58 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/08/28 00:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2007/08/28 00:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2006/11/02 21:43:30 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/11/02 21:42:18 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/11/02 21:42:08 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080313
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Elsa_Llerena_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080313
IE - HKU\Elsa_Llerena_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080313
IE - HKU\Elsa_Llerena_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Elsa_Llerena_ON_C\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\Elsa_Llerena_ON_C\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
IE - HKU\Elsa_Llerena_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Elsa_Llerena_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\Firefox [2010/12/20 03:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/12/21 05:15:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6C8DC7C7-3F08-4E8E-93EB-3B1EA2AC6014}: C:\Users\Elsa Llerena\AppData\Local\{6C8DC7C7-3F08-4E8E-93EB-3B1EA2AC6014} [2010/12/22 07:59:27 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/01/03 23:06:20 | 000,428,400 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14751 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\Elsa_Llerena_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Bing Bar] C:\Program Files\MSN Toolbar\Platform\5.0.1423.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [DELL Webcam Manager] C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Ihudub] File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKU\Elsa_Llerena_ON_C..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKU\Elsa_Llerena_ON_C..\Run: [Ihudub] File not found
O4 - HKU\Elsa_Llerena_ON_C..\Run: [JP595IR86O] File not found
O4 - HKU\Elsa_Llerena_ON_C..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\Elsa_Llerena_ON_C..\Run: [Metropolis] File not found
O4 - HKU\Elsa_Llerena_ON_C..\Run: [SoGYedsqoT98T] C:\ProgramData\SoGYedsqoT98T.exe (Optimization Corporation)
O4 - HKU\Elsa_Llerena_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\Elsa_Llerena_ON_C..\Run: [Wvulabokogikewej] File not found
O4 - HKU\Elsa_Llerena_ON_C..\Run: [YRUvoXXeDU.exe] C:\ProgramData\YRUvoXXeDU.exe (MOSE software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\Elsa_Llerena_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0bcd4c66-d186-11de-8754-001d094986fa}\Shell - "" = AutoRun
O33 - MountPoints2\{0bcd4c66-d186-11de-8754-001d094986fa}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{339ab57e-59f2-11de-b813-001d094986fa}\Shell\AutoRun\command - "" = nIKalod\Kanop\Orgapin.exe
O33 - MountPoints2\{339ab57e-59f2-11de-b813-001d094986fa}\Shell\open\command - "" = nIKalod\Kanop\Orgapin.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/04 20:34:45 | 000,000,000 | ---D | C] -- C:\Users\Elsa Llerena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Repair
[2011/01/04 03:03:45 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/01/03 23:14:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/03 23:14:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/03 23:14:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/03 23:14:52 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/03 23:14:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/01/03 23:14:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/03 23:13:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/22 17:17:44 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2010/12/22 17:17:44 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2010/12/22 17:17:42 | 000,247,824 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/12/22 17:17:42 | 000,102,184 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/12/22 17:17:35 | 000,237,632 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/12/22 17:17:35 | 000,159,296 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/12/22 17:17:27 | 000,123,968 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplfw.sys
[2010/12/22 17:17:27 | 000,087,400 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-PacketFilter.sys
[2010/12/22 17:17:27 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/12/22 17:17:27 | 000,031,960 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctNdis-DNS.sys
[2010/12/22 17:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/12/22 17:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2010/12/22 17:17:15 | 000,000,000 | ---D | C] -- C:\Users\Elsa Llerena\AppData\Roaming\PC Tools
[2010/12/22 14:55:52 | 000,000,000 | ---D | C] -- C:\Users\Elsa Llerena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
[2010/12/22 07:59:26 | 000,000,000 | ---D | C] -- C:\Users\Elsa Llerena\AppData\Local\{6C8DC7C7-3F08-4E8E-93EB-3B1EA2AC6014}
[2010/12/22 07:56:48 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/12/22 07:52:31 | 000,210,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Lroxab.exe
[2010/12/22 07:42:31 | 000,210,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Lroxaa.exe
[2010/12/20 03:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Toolbar
[2010/12/20 03:09:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/12/20 03:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/12/20 03:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Bing Bar Installer
[2010/12/16 22:33:12 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/12/16 22:33:05 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010/12/16 22:33:05 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010/12/16 22:33:05 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010/12/16 22:33:00 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010/12/16 22:32:56 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/12/16 22:32:56 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010/12/16 22:32:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/12/16 22:32:49 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010/12/16 22:32:47 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/12/16 22:32:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/12/16 22:32:42 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010/12/16 22:32:42 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/12/16 22:32:42 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010/12/16 22:32:42 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010/12/16 22:32:42 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/12/16 22:32:42 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/12/16 22:32:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010/12/16 22:32:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2008/01/20 21:24:21 | 000,229,376 | ---- | C] (Ask.com) -- C:\Users\Elsa Llerena\AppData\Local\iluzevuqanalepe.dll

========== Files - Modified Within 30 Days ==========

[2011/01/14 01:03:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/14 01:01:57 | 000,000,120 | ---- | M] () -- C:\Users\Elsa Llerena\AppData\Local\Jfuwipokidupap.dat
[2011/01/14 01:01:50 | 000,000,000 | ---- | M] () -- C:\Users\Elsa Llerena\AppData\Local\Ewobofivutamux.bin
[2011/01/14 01:01:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 01:01:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/14 01:01:30 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\Vwlx.job
[2011/01/14 01:00:56 | 3084,914,688 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/05 20:28:56 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/05 20:28:56 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/05 20:13:29 | 195,861,646 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/01/04 20:34:45 | 000,000,600 | ---- | M] () -- C:\Users\Elsa Llerena\Desktop\Disk Repair.lnk
[2011/01/04 15:25:43 | 000,007,944 | ---- | M] () -- C:\Users\Elsa Llerena\AppData\Local\d3d9caps.dat
[2011/01/03 23:06:20 | 000,428,400 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/22 15:22:12 | 000,033,792 | ---- | M] () -- C:\Users\Elsa Llerena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/22 07:52:23 | 000,210,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Lroxab.exe
[2010/12/22 07:42:23 | 000,126,464 | RHS- | M] () -- C:\Windows\System32\dns-sd4.dll
[2010/12/22 07:42:22 | 000,210,944 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Lroxaa.exe
[2010/12/19 17:35:05 | 000,000,488 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Elsa Llerena.job
[2010/12/17 04:29:21 | 000,422,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/01/05 20:21:47 | 3084,914,688 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/04 20:34:45 | 000,000,600 | ---- | C] () -- C:\Users\Elsa Llerena\Desktop\Disk Repair.lnk
[2011/01/03 23:14:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/03 23:14:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/03 23:14:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/03 23:14:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/03 23:14:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/22 07:59:28 | 000,000,120 | ---- | C] () -- C:\Users\Elsa Llerena\AppData\Local\Jfuwipokidupap.dat
[2010/12/22 07:59:28 | 000,000,000 | ---- | C] () -- C:\Users\Elsa Llerena\AppData\Local\Ewobofivutamux.bin
[2010/12/22 07:42:24 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\Vwlx.job
[2010/12/22 07:42:23 | 000,126,464 | RHS- | C] () -- C:\Windows\System32\dns-sd4.dll
[2010/11/22 07:54:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2010/11/22 07:54:55 | 000,331,776 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2010/03/03 21:57:22 | 000,007,944 | ---- | C] () -- C:\Users\Elsa Llerena\AppData\Local\d3d9caps.dat
[2009/12/21 14:45:46 | 000,047,104 | ---- | C] () -- C:\Windows\System32\KMVIDC32.DLL
[2009/11/10 16:21:19 | 000,000,000 | ---- | C] () -- C:\Users\Elsa Llerena\AppData\Roaming\wklnhst.dat
[2009/11/07 20:39:14 | 000,000,000 | ---- | C] () -- C:\Windows\pcfriend.INI
[2008/07/04 16:39:06 | 000,033,792 | ---- | C] () -- C:\Users\Elsa Llerena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/13 16:33:50 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/13 16:33:48 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/03/13 14:02:05 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/01/20 21:24:21 | 000,090,112 | ---- | C] () -- C:\Users\Elsa Llerena\AppData\Local\acfd1b.dll
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:02:10 | 000,000,680 | ---- | C] () -- C:\Windows\System32\config\systemprofile\AppData\Local\d3d9caps.dat
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[1998/10/11 03:07:38 | 000,088,576 | ---- | C] () -- C:\Windows\System32\Iticheck.dll

========== LOP Check ==========

[2011/01/05 20:55:18 | 000,032,656 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/14 01:01:30 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\Vwlx.job

========== Purity Check ==========

< End of report >

DragonMaster Jay · 6 Re: Guess what.. System tools 2011.. on Sun Jan 16, 2011 2:21 pm

DragonMaster Jay

Site Owner

Please run OTLPE scanner

Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:otl O4 - HKU\Elsa_Llerena_ON_C..\Run: [Ihudub] File not found O4 - HKU\Elsa_Llerena_ON_C..\Run: [JP595IR86O] File not found O4 - HKU\Elsa_Llerena_ON_C..\Run: [Metropolis] File not found O4 - HKU\Elsa_Llerena_ON_C..\Run: [SoGYedsqoT98T] C:\ProgramData\SoGYedsqoT98T.exe (Optimization Corporation) O4 - HKU\Elsa_Llerena_ON_C..\Run: [Wvulabokogikewej] File not found O4 - HKU\Elsa_Llerena_ON_C..\Run: [YRUvoXXeDU.exe] C:\ProgramData\YRUvoXXeDU.exe (MOSE software) [2011/01/04 20:34:45 | 000,000,000 | ---D | C] -- C:\Users\Elsa Llerena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Repair [2010/12/22 07:52:31 | 000,210,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Lroxab.exe [2010/12/22 07:42:31 | 000,210,944 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Lroxaa.exe [2011/01/04 20:34:45 | 000,000,600 | ---- | C] () -- C:\Users\Elsa Llerena\Desktop\Disk Repair.lnk :commands [emptytemp] [reboot]
Then click the Run Fix button at the top.
Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)

Corrosive · 7 Re: Guess what.. System tools 2011.. on Sun Jan 16, 2011 8:07 pm

Corrosive

Member
Member

After the first run, the program asked if I wanted to reboot to get rid of the rest of the files, I clicked ok, and the program just sat there. I went to restart, and went that route and her computer froze. I ran it again after I rebooted, and followed your instructions again, and the program still didn't reboot me on it's own, but I was able to restart successfully.

This is the log from the first one.

========== OTL ==========
Registry value HKEY_USERS\Elsa_Llerena_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Ihudub deleted successfully.
Registry value HKEY_USERS\Elsa_Llerena_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O deleted successfully.
Registry value HKEY_USERS\Elsa_Llerena_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Metropolis deleted successfully.
Registry value HKEY_USERS\Elsa_Llerena_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\SoGYedsqoT98T deleted successfully.
C:\ProgramData\SoGYedsqoT98T.exe moved successfully.
Registry value HKEY_USERS\Elsa_Llerena_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\Wvulabokogikewej deleted successfully.
Registry value HKEY_USERS\Elsa_Llerena_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\YRUvoXXeDU.exe deleted successfully.
C:\ProgramData\YRUvoXXeDU.exe moved successfully.
C:\Users\Elsa Llerena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Repair folder moved successfully.
C:\Windows\Lroxab.exe moved successfully.
C:\Windows\Lroxaa.exe moved successfully.
C:\Users\Elsa Llerena\Desktop\Disk Repair.lnk moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Elsa Llerena
->Temp folder emptied: 8724858 bytes
->Temporary Internet Files folder emptied: 5595602 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 405 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2796 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 101772402 bytes

Total Files Cleaned = 111.00 mb

OTLPE by OldTimer - Version 3.1.44.0 log created on 01162011_173937

DragonMaster Jay · 8 Re: Guess what.. System tools 2011.. on Mon Jan 17, 2011 1:52 pm

DragonMaster Jay

Site Owner

Now try to boot in to normal Windows and tell me if it works.

Corrosive · 9 Re: Guess what.. System tools 2011.. on Tue Jan 18, 2011 10:23 pm

Corrosive

Member
Member

Yes, I ran the computer for an hour and a half or so just idling before she actually got to home and did something with it but so far it's been working without a hitch and I really appreciate it a ton.

DragonMaster Jay · 10 Re: Guess what.. System tools 2011.. on Wed Jan 19, 2011 1:20 am

DragonMaster Jay

Site Owner

ESET Online Scan

Please run a free online scan with the ESET Online Scanner

Tick the box next to YES, I accept the Terms of Use
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats and the option Scan unwanted applications is checked
Click Scan (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Ad Bot

Ad Bot

1 Guess what.. System tools 2011.. on Fri Jan 07, 2011 12:20 am

Corrosive

2 Re: Guess what.. System tools 2011.. on Fri Jan 07, 2011 8:48 pm

DragonMaster Jay

3 Re: Guess what.. System tools 2011.. on Sat Jan 08, 2011 1:35 am

Corrosive

4 Re: Guess what.. System tools 2011.. on Mon Jan 10, 2011 12:52 am

DragonMaster Jay

5 Re: Guess what.. System tools 2011.. on Fri Jan 14, 2011 1:39 am

Corrosive

6 Re: Guess what.. System tools 2011.. on Sun Jan 16, 2011 2:21 pm

DragonMaster Jay

7 Re: Guess what.. System tools 2011.. on Sun Jan 16, 2011 8:07 pm

Corrosive

8 Re: Guess what.. System tools 2011.. on Mon Jan 17, 2011 1:52 pm

DragonMaster Jay

9 Re: Guess what.. System tools 2011.. on Tue Jan 18, 2011 10:23 pm

Corrosive

10 Re: Guess what.. System tools 2011.. on Wed Jan 19, 2011 1:20 am

DragonMaster Jay

Ad Bot

Log in