Security Tool Removal Failure

View previous topic View next topic Go down

Security Tool Removal Failure

Post by bruston on Tue 05 Oct 2010, 11:47 pm

I downloaded Malwarebytes & did a scan in safe mode, removing Security Tool. When I restarted it is still there. I cannot open Task Manager to stop the Security Tool process. It opens for a second & disappears.
Please help!

bruston

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-05
Operating System : Windows 7

View user profile

Back to top Go down

Re: Security Tool Removal Failure

Post by TheAvatar on Wed 06 Oct 2010, 12:04 am

Hi bruston,

Welcome to GeekPolice.net

My name is TheAvatar and I will be tying to help you resolve your issues.

If you have already received help elsewhere please inform me so that this topic can be closed.

If you haven't, please keep reading.
Note Before we start the process you should:

  • POST your logs, don't attach them, as it makes it harder to read.
  • Each time I instruct you to download a file to use it, please do it even if I have told you before to download it again. This is because these tools are frequently updated to detect newer infections.
  • Please be patient, there is no quick fix for malware. Removal can take several attempts. Just because symptoms have gone away, does not mean the infection is gone.
  • Last, as most of the tools we use here need administrative rights in order to function properly, I expect that you will be running them from an administrator account.
  • If I have not replied to your thread within 2 days, please PM me.



Please do the following:

Step 1:

Note: If your security software warns about Rkill, ignore & allow the download to continue.
Download RKill by Grinler from Here & save it to your Desktop.
Alternate download links:
Two
Three
Four
  • Double click Rkill to run it
  • A command window will open then disappear upon completion, this is normal
    • If this does not happen... delete the file, then download & use the next link provided
    • If it does not work, repeat the process & attempt to use one of the remaining links until the tool runs
  • Do not reboot your machine until asked to do so. If no version of Rkill would run, please let me know
  • When finished, Notepad will open with a log file, automatically saved at C:\rkill.log
  • Copy/paste the contents of the rkill.log file in your next reply
  • Leave Rkill on the Desktop unless instructed otherwise

Note: If you get an alert that Rkill is infected, ignore it. The alert is a fake warning given by the rogue software, trying to "protect" itself from being terminated or removed. If you see such a warning, leave the warning on the screen, then run Rkill again. By not closing the warning, this sometimes allows you to bypass the malware's attempt to protect itself, so that Rkill can perform its routine.

After running RKill continue to do the following, it is important in this time you do not reboot your PC.


Step 2:

Please download OTL from one of the following links
  • LINK 1
  • LINK 2

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in;

      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.


In your next reply please include:
  • The RKill log.
  • The OTL logs.

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Ran Rkill

Post by bruston on Wed 06 Oct 2010, 12:59 am

Hi,
Thank you for trying to help me with this!
I ran Rkill & it appeared to work, but when I try to open the C:/rkill.log file it only stays open for a second & disappears. When I try to copy it, I cannot paste it into my reply. My computer then shut itself down.

bruston

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-05
Operating System : Windows 7

View user profile

Back to top Go down

Re: Security Tool Removal Failure

Post by TheAvatar on Wed 06 Oct 2010, 9:47 am

Hi bruston,

Please skip RKill and try doing the OTL scan in Safe Mode

NOTE: You may wish to print the instructions out as you will be unable to access this site in Safe Mode.

Open notepad and copy/paste the custom scan in and save it to your Desktop to access it in safe mode.

THEN

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Continue scanning with OTL in safe mode. Then boot into normal mode to post the logs.

Thanks.

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Security Tool Removal Failure

Post by bruston on Wed 06 Oct 2010, 1:00 pm

I could not even copy the custom scan into notepad because it wouldn't stay open. When I tried to open anything it just flashed on the screen & disappeared. However, as I was trying to figure out what to do, my Microsoft Security Essentials notified me that there was a threat, I selected clean or delete & it seems to have removed it. I had run a scan when I first got
it & nothing came up on the scan, but now it has recognized it. Thank you again for your help with this.
Is there something I should do to be sure that it is really totally removed from my computer?

bruston

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-05
Operating System : Windows 7

View user profile

Back to top Go down

Re: Security Tool Removal Failure

Post by TheAvatar on Wed 06 Oct 2010, 1:06 pm

Hi bruston,

That is great to hear however I urge you to continue to the OTL scan and post the log here so we can ensure any remnants are removed and get your machine back up at running at top notch.

As I said in my first post:

Just because symptoms have gone away, does not mean the infection is gone.

Thanks.

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Security Tool Removal Failure

Post by bruston on Wed 06 Oct 2010, 2:27 pm

I copy below the results of the OTL scan. Once again, thank you.
OTL logfile created on: 10/5/2010 10:14:10 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\Bev\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 65.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 241.05 Gb Free Space | 84.47% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 2.10 Gb Free Space | 16.73% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEV-LAPTOP
Current User Name: Bev
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/10/05 22:10:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
PRC - [2010/09/02 10:38:28 | 000,176,408 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe
PRC - [2010/08/12 10:37:40 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/02/07 19:34:07 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/30 19:34:49 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/08 21:05:37 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/07/26 17:44:34 | 003,883,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


========== Modules (SafeList) ==========

MOD - [2010/10/05 22:10:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
MOD - [2009/07/13 20:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 20:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/09/02 10:38:28 | 000,176,408 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010/02/07 19:34:07 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/21 17:51:12 | 030,963,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2009/06/24 12:53:32 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys -- (USBCCID)
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys -- (RtsUIR)
DRV:64bit: - [2010/03/09 20:11:54 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2010/03/09 20:11:53 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/01/08 13:31:08 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/10/05 10:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/24 12:53:34 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/06/24 12:53:14 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/06/24 12:52:52 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2009/06/24 12:52:46 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/06/24 12:52:32 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/06/23 19:28:22 | 000,684,544 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/06/18 23:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/23 01:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 10:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/04 23:54:19 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_14)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} [You must be registered and logged in to see this link.] (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a021ded2-d057-11de-a2e4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a021ded2-d057-11de-a2e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Owners_Info_PC.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/10/05 22:10:26 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
[2010/10/05 08:35:35 | 000,000,000 | R--D | C] -- C:\Users\Bev\Documents\Scanned Documents
[2010/10/05 08:35:35 | 000,000,000 | ---D | C] -- C:\Users\Bev\Documents\Fax
[2010/10/04 14:56:50 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\Malwarebytes
[2010/10/04 14:56:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/04 14:56:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/10/04 14:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/10/04 14:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/04 13:37:55 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Users\Bev\Desktop\HijackThis.exe
[2010/10/04 13:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/09/23 15:28:14 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\blg
[2010/09/23 15:28:14 | 000,000,000 | ---D | C] -- C:\ProgramData\blg
[2010/09/23 12:55:33 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\BigFish
[2010/09/23 12:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\BigFish
[2010/09/19 21:04:00 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\Jane s Hotel Family Hero
[2010/09/12 13:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010/09/12 13:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/09/07 18:07:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iWin Games
[2010/09/01 12:19:08 | 000,000,000 | R--D | C] -- C:\Users\Bev\AppData\Roaming\Brother
[2010/08/14 22:33:41 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\Jane s Hotel
[2010/08/13 10:22:40 | 000,000,000 | ---D | C] -- C:\ProgramData\GoBit Games
[2010/08/12 19:15:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\iWin
[2010/07/19 21:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2010/07/19 18:47:47 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\Hotdog Hotshot
[2010/07/19 15:01:52 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\SulusGames
[2010/07/13 22:10:05 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Local\ElevatedDiagnostics
[2010/07/13 07:50:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo
[2010/07/13 07:49:58 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\KitchenBrigade
[2010/07/12 08:24:52 | 000,000,000 | ---D | C] -- C:\Users\Bev\AppData\Roaming\Go-Go Gourmet Chef of the Year

========== Files - Modified Within 90 Days ==========

[2010/10/05 22:15:33 | 003,145,728 | -HS- | M] () -- C:\Users\Bev\NTUSER.DAT
[2010/10/05 22:10:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bev\Desktop\OTL.exe
[2010/10/05 21:32:35 | 000,000,082 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/10/05 21:25:04 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/05 20:40:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 20:40:36 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/05 20:33:34 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/10/05 20:33:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/05 20:33:11 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/05 20:33:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/05 20:33:00 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/05 09:31:01 | 002,250,363 | -H-- | M] () -- C:\Users\Bev\AppData\Local\IconCache.db
[2010/10/04 14:56:39 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/04 13:37:56 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Users\Bev\Desktop\HijackThis.exe
[2010/10/04 13:00:53 | 000,720,082 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/04 13:00:53 | 000,623,784 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/04 13:00:53 | 000,109,736 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/09/19 21:49:32 | 000,001,262 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/09/19 20:39:25 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Janes Hotel Family Hero.lnk
[2010/09/19 20:35:00 | 000,001,939 | ---- | M] () -- C:\Users\Bev\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/09/19 20:35:00 | 000,001,915 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/09/12 13:44:38 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/21 10:28:01 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/08/15 21:02:43 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/08/15 21:02:43 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/08/14 22:33:27 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Janes Hotel.lnk
[2010/08/13 09:13:00 | 000,435,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/12 19:20:30 | 000,002,046 | ---- | M] () -- C:\Users\Public\Desktop\Cooking Dash.lnk
[2010/08/12 19:16:44 | 000,002,040 | ---- | M] () -- C:\Users\Public\Desktop\Burger Shop.lnk
[2010/08/12 19:13:18 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Jewel Quest.lnk
[2010/07/31 16:08:52 | 000,002,086 | ---- | M] () -- C:\Users\Public\Desktop\Jessicas Cupcake Cafe.lnk
[2010/07/19 13:47:10 | 000,002,124 | ---- | M] () -- C:\Users\Public\Desktop\Delicious Emilys Tea Garden.lnk
[2010/07/19 13:33:49 | 000,002,134 | ---- | M] () -- C:\Users\Public\Desktop\Cake Mania Lights, Camera, Action!.lnk
[2010/07/12 08:24:19 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\Go Go Gourmet Chef of the Year.lnk
[2010/07/12 08:18:24 | 000,002,064 | ---- | M] () -- C:\Users\Public\Desktop\Kitchen Brigade.lnk

========== Files Created - No Company Name ==========

[2010/10/05 21:32:35 | 000,000,082 | -H-- | C] () -- C:\aaw7boot.cmd
[2010/10/04 14:56:39 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/19 21:49:32 | 000,001,262 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2010/09/19 20:39:25 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Janes Hotel Family Hero.lnk
[2010/09/19 20:35:00 | 000,001,939 | ---- | C] () -- C:\Users\Bev\Application Data\Microsoft\Internet Explorer\Quick Launch\Game Manager.lnk
[2010/09/19 20:35:00 | 000,001,915 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2010/09/12 13:44:38 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010/08/15 21:02:43 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/08/15 21:02:43 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010/08/14 22:33:27 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Janes Hotel.lnk
[2010/08/12 19:20:30 | 000,002,046 | ---- | C] () -- C:\Users\Public\Desktop\Cooking Dash.lnk
[2010/08/12 19:16:44 | 000,002,040 | ---- | C] () -- C:\Users\Public\Desktop\Burger Shop.lnk
[2010/08/12 19:13:18 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\Jewel Quest.lnk
[2010/08/02 10:01:51 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010/07/31 16:08:52 | 000,002,086 | ---- | C] () -- C:\Users\Public\Desktop\Jessicas Cupcake Cafe.lnk
[2010/07/19 13:47:10 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Delicious Emilys Tea Garden.lnk
[2010/07/19 13:33:49 | 000,002,134 | ---- | C] () -- C:\Users\Public\Desktop\Cake Mania Lights, Camera, Action!.lnk
[2010/07/12 08:24:19 | 000,002,128 | ---- | C] () -- C:\Users\Public\Desktop\Go Go Gourmet Chef of the Year.lnk
[2010/07/12 08:18:24 | 000,002,064 | ---- | C] () -- C:\Users\Public\Desktop\Kitchen Brigade.lnk
[2010/02/03 20:28:40 | 000,000,426 | ---- | C] () -- C:\Users\Bev\AppData\Roaming\wklnhst.dat
[2010/01/08 22:52:53 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/04 23:53:57 | 000,000,361 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/01/04 23:02:20 | 000,000,000 | ---- | C] () -- C:\Users\Bev\AppData\Local\QSwitch.txt
[2010/01/04 23:02:20 | 000,000,000 | ---- | C] () -- C:\Users\Bev\AppData\Local\DSwitch.txt
[2010/01/04 23:02:20 | 000,000,000 | ---- | C] () -- C:\Users\Bev\AppData\Local\AtStart.txt
[2010/01/04 23:02:16 | 000,000,429 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/11/13 08:28:43 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/11/13 08:28:35 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/11/13 08:28:18 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/11/13 08:27:55 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/11/13 08:27:12 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/11/13 08:26:46 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009/10/25 23:27:20 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/08/21 13:55:19 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/08/21 13:51:03 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/08/21 13:49:17 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/08/21 13:48:35 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/23 15:28:14 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\blg
[2010/09/23 13:56:08 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Boolat Games
[2010/07/12 08:25:43 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2010/07/19 18:47:47 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Hotdog Hotshot
[2010/08/14 22:33:41 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Jane s Hotel
[2010/09/19 21:04:00 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Jane s Hotel Family Hero
[2010/08/12 21:05:21 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\PlayFirst
[2010/03/13 12:03:23 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\ShinyTales
[2010/07/19 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\SulusGames
[2010/02/03 20:29:40 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Template
[2010/04/21 20:57:46 | 000,000,000 | ---D | M] -- C:\Users\Bev\AppData\Roaming\Total Eclipse
[2010/09/18 08:01:40 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/05 21:32:35 | 000,000,082 | -H-- | M] () -- C:\aaw7boot.cmd
[2010/10/05 20:32:59 | 000,036,172 | ---- | M] () -- C:\aaw7boot.log
[2009/07/13 20:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/03/03 15:41:02 | 000,096,264 | ---- | M] (Microsoft Corporation) -- C:\GameuxInstallHelper.dll
[2010/10/05 20:33:00 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/08 22:22:29 | 000,000,186 | ---- | M] () -- C:\hpqlb.log
[2010/10/05 20:33:00 | 4193,456,128 | -HS- | M] () -- C:\pagefile.sys
[2010/10/05 08:31:50 | 000,000,205 | ---- | M] () -- C:\rkill.log
[2010/02/08 22:15:09 | 000,000,184 | ---- | M] () -- C:\setup.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:0E67073E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:48F5C64F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:C76BA037
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:B722BCE5
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:F35AE645
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:3D0C4F47
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:6C1A9365
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:393F7B1E
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:0915A718
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:38337420
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:16F2A6FF
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:A1023D41
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:9A647C37
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D53D29CC
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:04BB186B
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:DA23AD9A
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D354012D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:36CB2BB0
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:10D45FC3
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:9B2BD056
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:91E2E553
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5FC8527A
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:969736FD
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:68B61847
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3D2DDD84
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:1E53D1D0
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:CA8D6B60
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:03D08225
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:C6CD88E9
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:9CD3B6D1
< End of report >

bruston

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-05
Operating System : Windows 7

View user profile

Back to top Go down

Re: Security Tool Removal Failure

Post by TheAvatar on Wed 06 Oct 2010, 2:46 pm

Hi bruston,

Thanks for sticking to the thread. Please do the following:

Step 1:

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    Code:
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O33 - MountPoints2\{a021ded2-d057-11de-a2e4-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{a021ded2-d057-11de-a2e4-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Owners_Info_PC.exe -- File not found

    :Commands
    [purity]
    [emptytemp]
    [emptyflash]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • After rebooting, please post the OTL you are presented with on startup.



Step 2:

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.




  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply



In your next reply please include:
  • The log from OTL.
  • The Kaspersky Scan log.

Thanks.

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Security Tool Removal Failure

Post by bruston on Thu 07 Oct 2010, 1:05 pm

OTL fix copied below:

All processes killed
Error: Unable to interpret in the current context!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a021ded2-d057-11de-a2e4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a021ded2-d057-11de-a2e4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a021ded2-d057-11de-a2e4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a021ded2-d057-11de-a2e4-806e6f6e6963}\ not found.
File E:\Owners_Info_PC.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bev
->Temp folder emptied: 892709767 bytes
->Temporary Internet Files folder emptied: 65397809 bytes
->Java cache emptied: 52673843 bytes
->Google Chrome cache emptied: 6451994 bytes
->Flash cache emptied: 8862 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 134094590 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67563 bytes
RecycleBin emptied: 23273041 bytes

Total Files Cleaned = 1,120.00 mb


[EMPTYFLASH]

User: All Users

User: Bev
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10062010_194319

Files\Folders moved on Reboot...
C:\Users\Bev\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Bev\AppData\Local\Temp\~DF139D03B5D7969488.TMP not found!
File\Folder C:\Users\Bev\AppData\Local\Temp\~DF9CB1E46A0CDFDFCC.TMP not found!
File\Folder C:\Users\Bev\AppData\Local\Temp\~DF9D856773931D9E9F.TMP not found!
File\Folder C:\Users\Bev\AppData\Local\Temp\~DFBEEAAB7B234649BA.TMP not found!
File\Folder C:\Users\Bev\AppData\Local\Temp\~DFDE72F7991F9827B6.TMP not found!
File\Folder C:\Users\Bev\AppData\Local\Temp\~DFE11B343A6EEF2F43.TMP not found!
C:\Users\Bev\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\6VR3ZN7Z\security-tool-removal-failure-t24053[1].htm moved successfully.
C:\Users\Bev\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Users\Bev\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...

I cannot run the Kaspersky scan. The accept button is not available. It has the JAVA message in red, but I have the most current version of Java. I disabled Microsoft Security Essentials & Adaware, but in red is the message about disabling antivirus, etc.

bruston

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-05
Operating System : Windows 7

View user profile

Back to top Go down

Re: Security Tool Removal Failure

Post by TheAvatar on Thu 07 Oct 2010, 8:35 pm

Hi bruston,

Please try ESET as an alternative for the Kaspersky scan:


Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.


  • Please go here then click on:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: (Selecting Uninstall application on close if you so wish)



TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Security Tool Removal Failure

Post by bruston on Fri 08 Oct 2010, 1:12 am

Hi,
I have another problem. When I try to run the ESET scan in step 2 I get Unexpected Error 2002 and stalls. I disabled Microsoft Security and Ad Aware.

bruston

Newbie Surfer
Newbie Surfer

Posts : 7
Joined : 2010-10-05
Operating System : Windows 7

View user profile

Back to top Go down

Re: Security Tool Removal Failure

Post by TheAvatar on Fri 08 Oct 2010, 10:18 am

Hi bruston,

I have a suspicion towards the infection that is preventing you from doing the online scans. Please do the following:

Step 1:

Please launch Malwarebytes Anti-malware.
  • Once the program has loaded click the "Update taband then "Check for Updates" if any are found they will be downloaded. When prompted click Ok to install the updates.
  • After updating navigate to the main menu and check Perform Full Scan, then click Scan.
    The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to restart. Restart if it tells you to.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.



Step 2:

Do you connect via a router?

If so please reset the router:

  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. HERE
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.


THEN

1. Click the Microsoft Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter:


ipconfig /flushdns


7. You will see the following confirmation:


Windows IP Configuration
Successfully flushed the DNS Resolver Cache.


Step 3:

Please try the ESET online scan again.


In your next reply please include:
  • The MBAM log.
  • The ESET log (or details if it was unsuccessful)


Thanks.

TheAvatar

Malware Advisor
Malware Advisor

Posts : 137
Joined : 2010-10-02
Operating System : Windows XP SP3

View user profile

Back to top Go down

Re: Security Tool Removal Failure

Post by Sponsored content Today at 6:22 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum