Lost rights

View previous topic View next topic Go down

Lost rights

Post by GMK on Sun 21 Nov 2010, 5:00 pm

We removed a number of infections while in Safe Mode by repeatedly running the most current versions & definitions of cCleaner 3.00.1310, AVG Free 2011, AdAware 2011 (v10.0.1153), and MalewareBytes 1.46. We rebooted between scans and continued doing this till all scans came up clean. We need a policy I can apply to restore full admin rights to the original (owner) user ID. That owner ID cannot open Task Manager (it's grayed out) and there are a number of other things that can't be accessed, like while in Windows Explorer, when we click Tools, but options is not at the bottom of the list. I created another Admin ID, and while logged in as that user, these things are available. I changed the owner ID to a limited user account, rebooted and changed it back to an admin equivalent account, but didn't regain the missing functions.

The system is running WinXP Home, SP3, updates are current. The hardware is in good shape with plenty of free resources. A side note; I know this should be in a separate thread, but maybe someone would be willing to say if this is important. Speed Fan shows the 1.8GHz AMD Sempron processor cores running hot, as high as 58c/136F. Is this really hot or is it OK? Originally we had AVG 8.5 and had great difficulty uninstalling it to upgrade it. We used a dedicated removal tool from AVG's web site and were finally able to remove it and install AVG Free 2011.

Thank you very much.

GMK

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2009-11-18
Operating System : Windows XP Home SP3

View user profile

Back to top Go down

Re: Lost rights

Post by Belahzur on Mon 22 Nov 2010, 7:18 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lost rights

Post by GMK on Tue 23 Nov 2010, 3:50 am

Thank you Sir.

Included the 2 logs. In addition to the C drive (partition C and D), there is also a second HD (partitions J, K, L, M, N, O). I doubt the second HD has been scanned.


OTL logfile created on: 11/22/2010 10:32:43 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.72 Gb Total Space | 50.18 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.24% Space Free | Partition Type: FAT32
Drive E: | 7.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 175.78 Gb Total Space | 79.89 Gb Free Space | 45.45% Space Free | Partition Type: NTFS
Drive K: | 58.59 Gb Total Space | 45.44 Gb Free Space | 77.55% Space Free | Partition Type: NTFS
Drive L: | 58.59 Gb Total Space | 58.52 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive M: | 58.59 Gb Total Space | 58.43 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive N: | 58.59 Gb Total Space | 58.08 Gb Free Space | 99.13% Space Free | Partition Type: NTFS
Drive O: | 55.59 Gb Total Space | 55.14 Gb Free Space | 99.19% Space Free | Partition Type: NTFS

Computer Name: YOUR-05C516D783 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/22 10:31:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe


========== Modules (SafeList) ==========

MOD - [2010/11/22 10:31:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========


========== Driver Services (SafeList) ==========


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/15 21:34:14 | 000,000,000 | ---D | M]

[2009/10/25 18:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions

O1 HOSTS File: ([2008/07/30 23:52:12 | 000,256,715 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 [You must be registered and logged in to see this link.]
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8926 more lines...
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EPSON Stylus CX4800 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIADA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_19\bin\jusched.exe ()
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Plugin Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} [You must be registered and logged in to see this link.] (System Requirements Lab Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_19)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.4.2_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} [You must be registered and logged in to see this link.] (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 12:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2008/03/28 05:39:59 | 000,000,059 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\Shell - "" = AutoRun
O33 - MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\D\Shell - "" = Autorun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\Open\command - "" = system3_.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Installer_Windows.exe -- [2008/04/01 14:25:33 | 005,840,496 | R--- | M] ()
O33 - MountPoints2\J\Shell - "" = Autorun
O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\J\Shell\Open\command - "" = system3_.exe
O33 - MountPoints2\K\Shell - "" = Autorun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\Open\command - "" = system3_.exe
O33 - MountPoints2\L\Shell - "" = Autorun
O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\L\Shell\Open\command - "" = system3_.exe
O33 - MountPoints2\M\Shell - "" = Autorun
O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\M\Shell\Open\command - "" = system3_.exe
O33 - MountPoints2\N\Shell - "" = Autorun
O33 - MountPoints2\N\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\N\Shell\Open\command - "" = system3_.exe
O33 - MountPoints2\O\Shell - "" = Autorun
O33 - MountPoints2\O\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\O\Shell\Open\command - "" = system3_.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/22 10:31:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/21 17:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\ICAO
[2010/11/20 20:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/11/20 20:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Resume 2010
[2010/11/20 19:51:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Mysteriously Empty Folders
[2010/11/20 19:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\RIOT
[2010/11/20 19:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\For Sale
[2010/11/19 11:24:06 | 003,887,480 | ---- | C] (Sysinternals - [You must be registered and logged in to see this link.] -- C:\Documents and Settings\Owner\Desktop\procexp.exe
[2010/11/18 21:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Floppy Drive Archive
[2010/11/18 19:36:43 | 000,532,616 | ---- | C] (Microsoft Corporation ) -- C:\Documents and Settings\Owner\Desktop\Image Resizer Powertoy Setup.exe
[2010/11/18 19:01:25 | 000,266,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TweakUI.exe
[2010/11/18 09:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Travel Documents
[2010/11/17 16:18:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Invoices
[2010/11/16 04:18:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG10
[2010/11/15 21:35:37 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/15 21:33:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/15 21:33:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2010/11/15 21:07:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/15 16:57:42 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\All Users\Documents\avg_free_stb_all_2011_1153_Nov_2011.exe
[2010/11/12 23:23:33 | 000,000,000 | ---D | C] -- C:\Program Files\ATT-RC
[2010/11/12 21:31:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\My Received Files
[2010/11/12 21:04:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/12 21:04:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SimPlugins
[2010/11/12 21:04:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\OpenSceneryX Installer
[2010/11/12 21:04:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Weight & Balance
[2010/11/12 21:04:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\CivA
[2010/11/12 21:04:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Sparrow A1
[2010/11/12 21:04:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Hawkeye
[2010/11/12 21:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Hawk A2
[2010/11/12 21:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\F-14B TOMCAT VF-143-PUKIN-DOGS
[2010/11/12 21:04:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Socata_TB10_Tobago
[2010/11/12 21:04:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Cessna421_MkII
[2010/11/12 21:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MS-880
[2010/11/12 21:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SpaceshipTwo
[2010/11/12 21:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Twin Otter Wheels
[2010/11/12 21:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Jacks TwinOtter
[2010/11/12 21:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Twin Otter Float
[2010/11/12 21:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\F5 Tiger
[2010/11/12 21:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\X-32A
[2010/11/12 21:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Texas Jet
[2010/11/12 19:51:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/11/06 15:24:23 | 000,000,000 | ---D | C] -- C:\$AVG8(2).VAULT$
[2010/11/04 18:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GOALS
[2010/11/04 14:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Skydiving
[2010/11/02 05:29:27 | 000,000,000 | ---D | C] -- C:\$AVG
[2010/11/02 05:15:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/01 01:05:51 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\My Documents\My Dropbox
[2010/11/01 00:52:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Dropbox
[2010/10/30 11:45:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Resources
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/22 10:31:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/11/22 10:27:55 | 000,262,558 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/22 10:21:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/22 10:21:02 | 2145,898,496 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/22 10:12:21 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/22 09:00:00 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010/11/22 07:35:42 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{87319B22-74E1-412F-BC40-DD870FBFB390}.job
[2010/11/22 04:46:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/11/21 15:41:49 | 023,116,704 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Auk.zip
[2010/11/21 12:18:22 | 099,783,580 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/21 00:57:02 | 000,000,169 | ---- | M] () -- C:\WINDOWS\RtlRack.ini
[2010/11/20 20:43:44 | 000,001,773 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/11/20 19:41:14 | 000,005,678 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\GeekPolice.rtf
[2010/11/20 13:24:10 | 000,098,350 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tsa-1.jpg
[2010/11/20 13:24:09 | 000,088,674 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tsa-2.jpg
[2010/11/20 13:24:09 | 000,022,101 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tsa-3.jpg
[2010/11/20 02:09:24 | 000,000,250 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\garmin 1000 notes.rtf
[2010/11/20 01:35:03 | 000,000,174 | ---- | M] () -- C:\WINDOWS\RoutePlanner.INI
[2010/11/18 19:36:43 | 000,532,616 | ---- | M] (Microsoft Corporation ) -- C:\Documents and Settings\Owner\Desktop\Image Resizer Powertoy Setup.exe
[2010/11/18 18:36:05 | 000,116,566 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\shut-up-b****.jpg
[2010/11/18 11:30:36 | 000,107,647 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\plan-b.jpg
[2010/11/18 09:32:59 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Domestic Lien Template.doc
[2010/11/18 00:48:48 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Sample_Canada_Entry_Business_Letter.doc
[2010/11/17 00:43:50 | 023,617,654 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AptNav201012XP900.zip
[2010/11/16 18:35:11 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/16 09:29:41 | 002,332,134 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\x-planner.bmp
[2010/11/15 21:35:14 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/11/15 16:57:42 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\All Users\Documents\avg_free_stb_all_2011_1153_Nov_2011.exe
[2010/11/15 16:43:34 | 003,887,480 | ---- | M] (Sysinternals - [You must be registered and logged in to see this link.] -- C:\Documents and Settings\Owner\Desktop\procexp.exe
[2010/11/15 07:19:59 | 000,000,530 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to att.lnk
[2010/11/14 22:00:11 | 000,028,041 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\change.JPG
[2010/11/14 17:45:52 | 000,000,468 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Scan (thesecretscan).job
[2010/11/12 22:26:20 | 000,679,336 | ---- | M] () -- C:\startup programs.JPG
[2010/11/12 21:11:14 | 000,433,324 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/12 21:11:14 | 000,067,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/12 21:08:18 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/11 10:13:15 | 000,001,392 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\WED.prefs
[2010/11/09 08:43:31 | 000,008,181 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\3TO KIDP Internet and Sound.rtf
[2010/11/05 07:14:05 | 000,000,025 | ---- | M] () -- C:\WINDOWS\X-System 6 Language & Res.prf
[2010/11/04 12:37:26 | 000,003,070 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\trip expense estimate.rtf
[2010/11/01 01:05:52 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2010/11/01 01:05:51 | 000,001,001 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/10/31 05:37:41 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2010/10/31 02:09:30 | 000,002,920 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\WED Checklist.rtf
[2010/10/31 02:04:31 | 000,001,649 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\apt fale v1.dat
[2010/10/30 04:46:18 | 000,000,083 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\X-Plane Installer.prf
[2010/10/28 03:14:58 | 000,065,575 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\plugins.JPG
[17 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/22 10:12:21 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/11/21 15:41:49 | 023,116,704 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Auk.zip
[2010/11/21 12:18:22 | 099,783,580 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2010/11/20 20:43:44 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk
[2010/11/20 20:43:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/11/20 13:26:37 | 000,022,101 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tsa-3.jpg
[2010/11/20 13:25:44 | 000,088,674 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tsa-2.jpg
[2010/11/20 13:25:37 | 000,098,350 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tsa-1.jpg
[2010/11/20 01:38:17 | 000,000,250 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\garmin 1000 notes.rtf
[2010/11/18 19:01:25 | 000,160,217 | ---- | C] () -- C:\WINDOWS\System32\PowerToysLicense.rtf
[2010/11/18 18:39:17 | 000,116,566 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\shut-up-b****.jpg
[2010/11/18 11:31:29 | 000,107,647 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\plan-b.jpg
[2010/11/18 09:32:59 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Domestic Lien Template.doc
[2010/11/18 00:50:00 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Sample_Canada_Entry_Business_Letter.doc
[2010/11/17 00:43:50 | 023,617,654 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AptNav201012XP900.zip
[2010/11/16 18:35:11 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2010/11/16 09:29:41 | 002,332,134 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\x-planner.bmp
[2010/11/16 04:16:45 | 2145,898,496 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/15 21:35:14 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2010/11/15 07:19:59 | 000,000,530 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to att.lnk
[2010/11/14 22:00:11 | 000,028,041 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\change.JPG
[2010/11/12 20:32:35 | 000,002,425 | ---- | C] () -- C:\Documents and Settings\Owner\avgrep.txt
[2010/11/12 20:14:22 | 000,679,336 | ---- | C] () -- C:\startup programs.JPG
[2010/11/01 01:05:51 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Dropbox.lnk
[2010/11/01 01:05:51 | 000,001,001 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Dropbox.lnk
[2010/10/24 21:40:17 | 000,065,575 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\plugins.JPG
[2010/10/21 18:03:26 | 000,000,095 | ---- | C] () -- C:\WINDOWS\logbook.INI
[2010/02/06 03:03:15 | 000,000,212 | ---- | C] () -- C:\WINDOWS\GARMINWT.INI
[2010/01/10 07:46:16 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/20 20:52:25 | 000,000,174 | ---- | C] () -- C:\WINDOWS\RoutePlanner.INI
[2009/09/12 02:31:07 | 000,000,061 | ---- | C] () -- C:\WINDOWS\Riot.ini
[2009/08/16 16:15:55 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/08/16 16:15:54 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/08/16 16:15:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/03/05 08:30:10 | 000,001,392 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\WED.prefs
[2008/10/02 03:54:18 | 000,000,209 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/08/17 01:13:02 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/08/08 06:18:05 | 000,000,306 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\OpenSceneryX Installer.plist
[2008/05/16 22:09:44 | 000,000,083 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\X-Plane Installer.prf
[2008/04/12 09:25:13 | 000,002,396 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\x-plane_install.txt
[2007/10/28 14:38:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/07/23 08:03:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/07/23 08:03:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/04/20 01:45:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/04/19 23:21:09 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/13 06:55:20 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2006/02/01 03:58:27 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/01 03:58:27 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/01 03:27:54 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/01 03:27:50 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/01 03:22:55 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/08/27 04:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/26 10:12:43 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 10:12:43 | 000,000,484 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 04:54:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/11/01 00:11:00 | 001,613,824 | ---- | C] () -- C:\WINDOWS\System32\glstudio2_1_1.dll
[1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Owner\Desktop\7z465.exe:SummaryInformation

< End of report >



&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&



OTL Extras logfile created on: 11/22/2010 10:32:43 AM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.72 Gb Total Space | 50.18 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
Drive D: | 4.43 Gb Total Space | 2.71 Gb Free Space | 61.24% Space Free | Partition Type: FAT32
Drive E: | 7.27 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive J: | 175.78 Gb Total Space | 79.89 Gb Free Space | 45.45% Space Free | Partition Type: NTFS
Drive K: | 58.59 Gb Total Space | 45.44 Gb Free Space | 77.55% Space Free | Partition Type: NTFS
Drive L: | 58.59 Gb Total Space | 58.52 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive M: | 58.59 Gb Total Space | 58.43 Gb Free Space | 99.72% Space Free | Partition Type: NTFS
Drive N: | 58.59 Gb Total Space | 58.08 Gb Free Space | 99.13% Space Free | Partition Type: NTFS
Drive O: | 55.59 Gb Total Space | 55.14 Gb Free Space | 99.19% Space Free | Partition Type: NTFS

Computer Name: YOUR-05C516D783 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Cessna NAVIII G1000 Trainer v8.01\CDUSIMv2.exe" = C:\Program Files\Cessna NAVIII G1000 Trainer v8.01\CDUSIMv2.exe:*:Enabled:CDUSIMv2 -- ()
"J:\XP 9.50 FINAL\X-Plane.exe" = J:\XP 9.50 FINAL\X-Plane.exe:*:Disabled:X-Plane -- File not found
"C:\Documents and Settings\Owner\Desktop\X-PLANE 9.311 FINAL\X-Plane.exe" = C:\Documents and Settings\Owner\Desktop\X-PLANE 9.311 FINAL\X-Plane.exe:*:Disabled:X-Plane -- ()
"J:\XP 9.55 FINAL\X-Plane.exe" = J:\XP 9.55 FINAL\X-Plane.exe:*:Disabled:X-Plane -- File not found
"J:\XP 8.xx\XP 8.64\X-Plane 864.exe" = J:\XP 8.xx\XP 8.64\X-Plane 864.exe:*:Disabled:X-Plane 864 -- ()
"J:\XP 9.62 FINAL\X-Plane.exe" = J:\XP 9.62 FINAL\X-Plane.exe:*:Disabled:X-Plane -- ()
"C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- ()
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{23970E31-948B-466E-8376-1224D32FDF0C}" = Convert
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8424EF22-44CF-4DD4-B702-FADA3998F4BA}" = StuffIt 11
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C59E019B-0952-4B72-A382-68A72224F88F}" = GNS400W-500W Trainer
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9A12DD9-3D7D-451A-80A2-166C1DF63D4A}" = Riot 5.1.4
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEDF2885-0086-4534-9912-F9B97377ED07}" = AGEIA GAME System Software
"{E209F988-EF49-4B3D-84A6-3CBB67F058AC}" = Google SketchUp 7
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATT-PRT22" = ATT-PRT22
"ATT-RC" = ATT-RC Self Support Tool
"AVG" = AVG 2011
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"Cessna NAVIII G1000 Trainer v8.01" = Cessna NAVIII G1000 Trainer v8.01
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"DiagramStudio 5.4" = DiagramStudio 5.4
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 4.0 Home Edition
"Easy CAD to Image Converter_is1" = Easy CAD to Image Converter 2.0
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"G1000 Route Planning" = G1000 Route Planning
"Gadwin PrintScreen" = Gadwin PrintScreen
"HijackThis" = HijackThis 2.0.2
"Hoyle Board Games 5" = Hoyle Board Games 5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"Landing Pattern" = Landing Pattern 1.4.1021.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"OpenAL" = OpenAL
"Orbitron_is1" = Orbitron - Satellite Tracking System
"PC Wizard 2009_is1" = PC Wizard 2009.1.90
"SpeedFan" = SpeedFan (remove only)
"SystemRequirementsLab" = System Requirements Lab
"Tweak UI 2.10" = Tweak UI
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 10 Event Log Errors ==========

Error: Unable to start EventLog service!

< End of report >







GMK

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2009-11-18
Operating System : Windows XP Home SP3

View user profile

Back to top Go down

Re: Lost rights

Post by Belahzur on Tue 23 Nov 2010, 11:50 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O33 - MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\Shell - "" = AutoRun
    O33 - MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    O33 - MountPoints2\D\Shell - "" = Autorun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell\Open\command - "" = system3_.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Installer_Windows.exe -- [2008/04/01 14:25:33 | 005,840,496 | R--- | M] ()
    O33 - MountPoints2\J\Shell - "" = Autorun
    O33 - MountPoints2\J\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\J\Shell\Open\command - "" = system3_.exe
    O33 - MountPoints2\K\Shell - "" = Autorun
    O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\K\Shell\Open\command - "" = system3_.exe
    O33 - MountPoints2\L\Shell - "" = Autorun
    O33 - MountPoints2\L\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\L\Shell\Open\command - "" = system3_.exe
    O33 - MountPoints2\M\Shell - "" = Autorun
    O33 - MountPoints2\M\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\M\Shell\Open\command - "" = system3_.exe
    O33 - MountPoints2\N\Shell - "" = Autorun
    O33 - MountPoints2\N\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\N\Shell\Open\command - "" = system3_.exe
    O33 - MountPoints2\O\Shell - "" = Autorun
    O33 - MountPoints2\O\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\O\Shell\Open\command - "" = system3_.exe


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lost rights

Post by GMK on Thu 25 Nov 2010, 2:04 pm

I did run/scan again (I did not know if I had to "open" OTL or to "run" OTL). Then Run/Fix and I had to reboot the machine. After the reboot, this is the file that came up:

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6955e02a-61a3-11dd-b0c3-0040ca9696e2}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File system3_.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File move failed. E:\Installer_Windows.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File system3_.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\K\ not found.
File system3_.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
File system3_.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
File system3_.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\N\ not found.
File system3_.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\O\ not found.
File system3_.exe not found.

OTL by OldTimer - Version 3.2.17.3 log created on 11242010_202443

Files\Folders moved on Reboot...
File move failed. E:\Installer_Windows.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

Thank you for your time and expertise.

GMK




GMK

Newbie Surfer
Newbie Surfer

Posts : 22
Joined : 2009-11-18
Operating System : Windows XP Home SP3

View user profile

Back to top Go down

Re: Lost rights

Post by Belahzur on Fri 26 Nov 2010, 11:53 am

Hello.

  • Download combofix from here
    Link 1
    Link 2

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: Lost rights

Post by Sponsored content Today at 12:44 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum