Removed XP Security 2011 but can't open or run anything

View previous topic View next topic Go down

Removed XP Security 2011 but can't open or run anything

Post by GMan316 on Tue 12 Apr 2011, 11:09 pm

I managed to remove XP security 2011 but have run into a new problem. I can't open/run anything. Whenevever I try to open or run anything it takes me to the "Choose the program you want to open this file with:" screen. I can open firefox by using firefox to open (although it shows some java error) it but no other programs. I can't open any videos or music files. Whenever I try to open a video it takes it to windows media player and says windows doesn't recognized this type of file

When I try to use VLC player it gives me the error "C:\Documentlcs and Sttings\Jerome\Desktop\vlc-1.1.7\vlc.exe

Application not found"

I can open folders, pdf, mp3, and text files though. Oddly enough when I try to run MS word it says "Error: application not found"

I also can't access the icons on the bottom left of my desktop (The volume control and the safely remove hardware). I can't click on them but they won't open.

thanks

GMan316

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2009-08-23
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: Removed XP Security 2011 but can't open or run anything

Post by GMan316 on Tue 12 Apr 2011, 11:10 pm

I wasn't able to run OTL nor malwarebytes in normal mode or safe mode. But I was able to by logging in as the administrator user in safe mode.

Here is the OTL Log:

OTL logfile created on: 4/12/2011 10:00:22 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 836.00 Mb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 186.31 Gb Free Space | 20.00% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BENDER | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 21:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 21:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SCardSvr)
SRV - [2011/03/30 13:07:14 | 003,229,784 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010/04/28 14:30:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/22 17:19:32 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
SRV - [2004/05/17 15:33:10 | 000,106,557 | ---- | M] () [Auto | Stopped] -- C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2004/05/17 15:32:38 | 000,053,313 | ---- | M] () [Auto | Stopped] -- C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/02/28 03:30:34 | 000,020,548 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 17:10:28 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/06/02 19:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/05/16 23:00:54 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/05/16 23:00:52 | 000,033,280 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/04/02 00:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/17 05:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 17:43:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 04:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 04:05:38 | 000,000,000 | ---D | M]

[2011/04/11 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/20 22:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

Hosts file not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/28 14:17:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/01/05 15:41:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 20:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/11 20:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
[2011/04/11 20:15:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/11 20:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/11 19:57:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/11 19:56:49 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/11 19:56:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/11 15:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/04/11 15:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\anti spyware stuff
[2011/04/11 15:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Rkill stuff
[2011/04/11 15:38:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/04/11 15:38:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/04/11 15:38:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/04/11 15:38:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/04/11 15:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/04/11 15:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/04/11 15:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/04/11 15:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/04/11 15:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/04/11 15:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/04/11 15:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/03/18 11:32:34 | 000,000,000 | ---D | C] -- C:\commy5779c
[2010/08/21 22:50:15 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/04/12 21:59:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 21:58:29 | 000,029,676 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000002-80651102}.rfx
[2011/04/12 21:58:29 | 000,029,676 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000002-80651102}.rfx
[2011/04/12 21:58:29 | 000,017,108 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.rfx
[2011/04/12 21:58:29 | 000,017,108 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000002-80651102}.rfx
[2011/04/12 21:58:29 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/12 21:58:29 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/12 21:58:29 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
[2011/04/12 21:58:29 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
[2011/04/12 21:42:08 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/12 20:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 16:07:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 16:07:37 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/04/11 20:23:53 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/04/11 19:54:41 | 000,015,218 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yth666jq165614i6ki
[2011/04/11 19:48:46 | 004,318,978 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
[2011/04/11 19:45:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/11 16:03:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/11 15:01:08 | 003,374,149 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80651102}.CDF
[2011/04/11 15:01:08 | 003,374,149 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80651102}.BAK
[2011/04/10 23:08:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/09 14:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/03 00:01:42 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/03/22 17:45:19 | 000,016,080 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s744qe51d1d0r27pd42h21mhg08qn22
[2011/03/21 15:57:19 | 000,013,470 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\um5i483t2c842pqq0864k5vxp4wv25e6n7r0tjyvcirn6
[2011/03/20 15:13:03 | 000,004,682 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\24n5l270a1daj5c70b7ii
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qrn.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jjf.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\iow.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\iba.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ahh.exe
[2011/03/20 02:50:43 | 000,002,630 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
[2011/03/18 11:32:11 | 000,015,138 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\471u03t17unuhi5e0awl4f

========== Files Created - No Company Name ==========

[2011/04/11 20:23:53 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/04/11 19:56:51 | 004,318,978 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
[2011/04/11 15:38:42 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/04/11 15:38:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/04/11 15:38:12 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/04/11 15:04:57 | 000,015,218 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yth666jq165614i6ki
[2011/03/22 17:43:15 | 000,016,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s744qe51d1d0r27pd42h21mhg08qn22
[2011/03/21 14:43:15 | 000,013,470 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\um5i483t2c842pqq0864k5vxp4wv25e6n7r0tjyvcirn6
[2011/03/20 15:10:15 | 000,004,682 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\24n5l270a1daj5c70b7ii
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qrn.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jjf.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iow.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iba.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ahh.exe
[2011/03/20 02:48:53 | 000,002,630 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
[2011/03/18 10:54:03 | 000,015,138 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\471u03t17unuhi5e0awl4f
[2011/03/11 17:22:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/11 17:22:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/11 17:22:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/11 17:22:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/11 17:22:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/11 01:53:29 | 000,015,558 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\449590952
[2010/11/06 02:17:53 | 000,118,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/29 10:29:08 | 000,038,480 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/21 22:50:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
[2010/08/21 22:50:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
[2010/08/21 22:50:16 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/08/21 22:50:16 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/08/21 22:50:16 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/08/21 22:50:16 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2010/08/21 22:50:16 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2010/08/21 22:50:16 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/08/21 22:50:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/08/21 22:50:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/08/21 22:50:15 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/08/09 07:53:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xqafasaxogapogax.dat
[2010/08/09 07:53:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Txufinaqafot.bin
[2010/07/25 04:56:50 | 000,033,193 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/06/04 11:07:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/01 21:53:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/11 02:13:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/07 02:02:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/01/07 01:35:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/01/05 16:35:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010/01/05 16:35:41 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/01/05 16:35:40 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/01/05 16:35:22 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2010/01/05 16:35:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/01/05 16:16:43 | 000,099,873 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/01/05 16:06:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/05 15:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/05 15:43:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/05 15:39:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/05 07:35:25 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2010/01/05 07:34:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/05 07:33:34 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 21:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/30 23:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

GMan316

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2009-08-23
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: Removed XP Security 2011 but can't open or run anything

Post by DragonMaster Jay on Tue 12 Apr 2011, 11:52 pm

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-06
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Removed XP Security 2011 but can't open or run anything

Post by GMan316 on Wed 13 Apr 2011, 11:49 am

DragonMaster Jay wrote:Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.

When I try to run it it takes me to the "Choose a program you want to use to open this file." So I am unable to run it.


GMan316

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2009-08-23
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: Removed XP Security 2011 but can't open or run anything

Post by DragonMaster Jay on Wed 13 Apr 2011, 12:01 pm

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-06
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Removed XP Security 2011 but can't open or run anything

Post by GMan316 on Wed 13 Apr 2011, 5:45 pm

Hi jay, I tried to run combofix in safe mode under my normal user status and I ran into the same problem. However I was able to run it when I logged into the administrator. I didn't proceed though and I canceled when the disclaimer screen came up. The administrator desktop is empty compared to my normal desktop. Should I run combofix there or should I go with the creating boot cd option?

Thanks.

GMan316

Rookie Surfer
Rookie Surfer

Posts : 88
Joined : 2009-08-23
Operating System : Windows XP Pro

View user profile

Back to top Go down

Re: Removed XP Security 2011 but can't open or run anything

Post by DragonMaster Jay on Thu 14 Apr 2011, 3:35 am

Let's go with the boot cd.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-06
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Removed XP Security 2011 but can't open or run anything

Post by Sponsored content Today at 9:57 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum