Fao Rorschach[INACTIVE]

shamus_1 · November 24, 2008

Dear Sir,

I have been away these last few days and my thread has been closed I have attached the Otscanit attachment as requested.

Thank you for your continued help apologies for any inconvenience caused,

Kind regards,

Shamus

OTScanIt.Txt

Rorschach112 · November 24, 2008

Hi

Start OTScanIt2. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[unregister Dlls]
[Processes - Safe List]
YN -> aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\aawservice.exe
[Registry - Safe List]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\"{7C5C0F58-E061-457D-9033-77307F5ED00C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> ShellBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\"{7C5C0F58-E061-457D-9033-77307F5ED00C}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "SigmatelSysTrayApp" -> [sttray.exe]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{CCA281CA-C863-46ef-9331-5C8D4460577F}" [HKLM] -> [@btrez.dll,-4015]
[Registry - Additional Scans - Safe List]
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
YN -> 1 -> FriendlyName = Privacy Protection
[Files/Folders - Created Within 90 Days]
NY -> 1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp
NY -> selectaname1.run -> %UserProfile%\Desktop\selectaname1.run
NY -> selectaname.run -> %UserProfile%\Desktop\selectaname.run
NY -> Runscanner.net -> %UserProfile%\Local Settings\Application Data\Runscanner.net
NY -> runscanner.zip -> %UserProfile%\Desktop\runscanner.zip
NY -> mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe
NY -> _OTMoveIt -> %SystemDrive%\_OTMoveIt
NY -> Shortcut to hijackthis.exe.lnk -> %UserProfile%\Desktop\Shortcut to hijackthis.exe.lnk
NY -> OTMoveIt3.exe -> %UserProfile%\Desktop\OTMoveIt3.exe
NY -> rsit -> %SystemDrive%\rsit
NY -> RSIT.exe -> %UserProfile%\Desktop\RSIT.exe
NY -> SDFix -> %SystemDrive%\SDFix
NY -> SDFix.exe -> %UserProfile%\Desktop\SDFix.exe
NY -> f49f4d98.dat -> %SystemRoot%\f49f4d98.dat
NY -> f49f4daa.dat -> %SystemRoot%\f49f4daa.dat
[Empty Temp Folders]
[start Explorer]
[Reboot]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here

I will review the information when it comes back in.

Also post a new HJT log

shamus_1 · November 25, 2008

Dear sir as requested,

Logfile of HijackThis v1.99.1

Scan saved at 02:57:30, on 25/12/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\notepad.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\zHotkey.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

C:\Program Files\O2\bin\sprtcmd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Registry Mechanic\RegMech.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Belkin\Bluetooth Software\BTTray.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\WINDOWS\system32\slserv.exe

C:\Program Files\O2\bin\sprtsvc.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\Belkin\BLUETO~1\BTSTAC~1.EXE

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\slrundll.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: BitZipperSearch Toolbar - {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - C:\Program Files\BitZipperSearch\tbBit1.dll

O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: BitZipperSearch Toolbar - {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - C:\Program Files\BitZipperSearch\tbBit1.dll

O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [intelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe

O4 - HKLM\..\Run: [intelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" BOOT

O4 - HKLM\..\Run: [O2] "C:\Program Files\O2\bin\sprtcmd.exe" /P O2

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"

O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S1A7.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

O20 - AppInit_DLLs: avgrsstx.dll

O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - Unknown owner - C:\Program Files\O2\bin\sprtsvc.exe" /service /p O2 (file missing)

O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe

Explorer killed successfully

[Processes - Safe List]

Unable to kill process aawservice.exe .

[Registry - Safe List]

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{7C5C0F58-E061-457D-9033-77307F5ED00C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5C0F58-E061-457D-9033-77307F5ED00C}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7C5C0F58-E061-457D-9033-77307F5ED00C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C5C0F58-E061-457D-9033-77307F5ED00C}\ not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SigmatelSysTrayApp deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCA281CA-C863-46ef-9331-5C8D4460577F}\ not found.

[Registry - Additional Scans - Safe List]

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1\\FriendlyName deleted successfully.

[Files/Folders - Created Within 90 Days]

C:\Documents and Settings\1102\Desktop\selectaname1.run moved successfully.

C:\Documents and Settings\1102\Desktop\selectaname.run moved successfully.

C:\Documents and Settings\1102\Local Settings\Application Data\Runscanner.net\Backups folder moved successfully.

C:\Documents and Settings\1102\Local Settings\Application Data\Runscanner.net folder moved successfully.

C:\Documents and Settings\1102\Desktop\runscanner.zip moved successfully.

C:\Documents and Settings\1102\Desktop\mbam-setup.exe moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\DOCUME~1\1102\LOCALS~1\Temp folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\DOCUME~1\1102\LOCALS~1 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\DOCUME~1\1102 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\DOCUME~1 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings\Temporary Internet Files folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5 folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings\Temp\History folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings\Temp\Cookies folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings\Temp folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService\Local Settings folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings\LocalService folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137\Documents and Settings folder moved successfully.

C:\_OTMoveIt\MovedFiles\12172008_223137 folder moved successfully.

C:\_OTMoveIt\MovedFiles folder moved successfully.

C:\_OTMoveIt folder moved successfully.

C:\Documents and Settings\1102\Desktop\Shortcut to hijackthis.exe.lnk moved successfully.

C:\Documents and Settings\1102\Desktop\OTMoveIt3.exe moved successfully.

C:\rsit folder moved successfully.

C:\Documents and Settings\1102\Desktop\RSIT.exe moved successfully.

C:\SDFix\backups_old folder moved successfully.

C:\SDFix\backups folder moved successfully.

C:\SDFix\apps\Replace\xp folder moved successfully.

C:\SDFix\apps\Replace\w2k folder moved successfully.

C:\SDFix\apps\Replace folder moved successfully.

C:\SDFix\apps folder moved successfully.

C:\SDFix folder moved successfully.

C:\Documents and Settings\1102\Desktop\SDFix.exe moved successfully.

C:\WINDOWS\f49f4d98.dat moved successfully.

C:\WINDOWS\f49f4daa.dat moved successfully.

[Empty Temp Folders]

File delete failed. C:\Documents and Settings\1102\Local Settings\Temp\WCESLog.log scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\1102\Local Settings\Temp\~DF3D6C.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\1102\Local Settings\Temp\~DFEDAE.tmp scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\1102\Local Settings\Temp\~DFEDB9.tmp scheduled to be deleted on reboot.

User's Temp folder emptied.

User's Temporary Internet Files folder emptied.

User's Internet Explorer cache folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.

Local Service Temp folder emptied.

File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.

Local Service Temporary Internet Files folder emptied.

File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_528.dat scheduled to be deleted on reboot.

Windows Temp folder emptied.

Java cache emptied.

RecycleBin -> emptied.

Explorer started successfully

< End of fix log >

OTScanIt2 by OldTimer - Version 1.0.0.35b fix logfile created on 12252008_023803

Files moved on Reboot...

C:\Documents and Settings\1102\Local Settings\Temp\WCESLog.log moved successfully.

C:\Documents and Settings\1102\Local Settings\Temp\~DF3D6C.tmp moved successfully.

File C:\Documents and Settings\1102\Local Settings\Temp\~DFEDAE.tmp not found!

File C:\Documents and Settings\1102\Local Settings\Temp\~DFEDB9.tmp not found!

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat moved successfully.

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat moved successfully.

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat moved successfully.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat moved successfully.

File C:\WINDOWS\temp\Perflib_Perfdata_528.dat not found!

Rorschach112 · November 26, 2008

Hello

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Sign In

Fao Rorschach[INACTIVE]

Recommended Posts

shamus_1

Link to post

Share on other sites

Rorschach112

Link to post

Share on other sites

shamus_1

Link to post

Share on other sites

Rorschach112

Link to post

Share on other sites

Browse

Activity