MS Removal Tool Problem

Page 1 of 2 1, 2  Next

View previous topic View next topic Go down

MS Removal Tool Problem

Post by squitman on Sun 01 May 2011, 1:52 pm

Ok heres the deal. I was fallowing your instructions on how to remove the problem
step 1. under my connections tab in Lan Settings, the box for using a proxy server is unchecked. so i moved on
step 2. when pressing f8 the option of starting safe mode isnt there, it shows something about choosing from different drives.
step 3. when i try using the malwarebytes program (the site would't come up so i found another download site) the ms removal says its infected, so i read that you told others to use a OTL program, so i tried that but ms removal also says that is infected

i am very unsure of what to do please help
if it helps i am using a windows xp system
if you need more info ill try to help if i understand what you need thx!

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by Belahzur on Mon 02 May 2011, 3:52 am

Hello.

Download OTL by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Mon 02 May 2011, 4:55 am

It won't let the program run, it keeps telling me its infected.

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by Belahzur on Tue 03 May 2011, 3:59 am

Hello.

We need to use the RKill Tool by Grinler

Rkill.com <--- Download site

  • Please Download Rkill.com. Save it to your Desktop.
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.

  • NOTE: If you are unable to connect to the site to download rkill, then you should download it to a clean computer and copy it to the infected one via a USB flash drive or CDROM.

  • Once it is downloaded, double-click on the rkill.com in order to automatically attempt to stop any processes associated with Rogue programs.
  • Please be patient while the program looks for various malware programs and ends them.
  • When it has finished, the black window will automatically close and you can continue with the next step.
NOTE: If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the rogue program, when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the rogue program. So, please try running Rkill until the malware is no longer running. You will then be able to proceed with the rest of the steps.

If you continue having problems running rkill.com, you can download:
iExplore.exe or eXplorer.exe
which are renamed copies of rkill.com, and try them instead.

Try using OTL now.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Thu 05 May 2011, 10:30 pm

Extras.Txt

OTL Extras logfile created on: 5/5/2011 7:17:20 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\teresa\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 108.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 40.11 Gb Free Space | 17.94% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 9.29 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

Computer Name: TERESA-6ADA04CE | User Name: teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9355:TCP" = 9355:TCP:*:Enabled:bnvenzs
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\BitTorrent.exe" = C:\Program Files\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.0.0.9
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{97DF1C46-FCCE-4591-9974-5A12CE667B9D}" = Tournament Maker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC8E0363-B20C-4792-8A1C-8DF5E01B68A6}" = GoGear VIBE Device Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E623BB3F-F7ED-4148-BEB5-A0D1DB28B4DE}" = Media Converter for Philips
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Display Driver" = ATI Display Driver
"Be Rich 1.00" = Be Rich 1.00
"BigJon PCGames Config Wizard1.1" = BigJon PCGames Config Wizard
"BitTorrent" = BitTorrent
"BitTorrentBar Toolbar" = BitTorrentBar Toolbar
"Casino-Worldwide" = Casino-Worldwide (Remove Only)
"conduitEngine" = Conduit Engine
"Deal or No Deal3.5.x" = Deal or No Deal
"Deal or No Deal3.6.x" = Deal or No Deal
"Eastside UK Free Agent Utility - NHL EHM 2007_is1" = Eastside UK Free Agent Utility v2007.2
"Eastside UK pre-game Editor for NHL EHM 2007_is1" = Eastside UK pre-game Editor v2007.1.7
"Eastside UK saved game Editor for NHL EHM 2007_is1" = Eastside UK saved game Editor v2007.0.4
"Fish Tycoon_is1" = Fish Tycoon
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Swag_Bucks Toolbar" = Swag Bucks Toolbar
"vShare" = vShare Plugin
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Your Product1.0" = Your Product

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/26/2011 5:54:21 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/26/2011 5:54:21 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/26/2011 5:57:28 PM | Computer Name = TERESA-6ADA04CE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/26/2011 5:57:30 PM | Computer Name = TERESA-6ADA04CE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/27/2011 7:24:17 PM | Computer Name = TERESA-6ADA04CE | Source = Application Hang | ID = 1002
Description = Hanging application ehm2007.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/29/2011 1:30:52 AM | Computer Name = TERESA-6ADA04CE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/30/2011 4:09:55 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The server name or address could not be resolved

Error - 4/30/2011 4:09:55 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131077
Description = Failed auto update retrieval of third-party root certificate from:

with error: The server name or address could not be resolved

Error - 4/30/2011 4:09:55 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 4/30/2011 4:09:55 PM | Computer Name = TERESA-6ADA04CE | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 5/4/2011 11:52:39 PM | Computer Name = TERESA-6ADA04CE | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 5/4/2011 11:52:40 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Google Update Service
(gupdate) service to connect.

Error - 5/4/2011 11:52:40 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 5/4/2011 11:52:40 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7034
Description = The IMAPI CD-Burning COM Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/4/2011 11:52:57 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Media Player
Network Sharing Service service to connect.

Error - 5/4/2011 11:52:57 PM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7000
Description = The Windows Media Player Network Sharing Service service failed to
start due to the following error: %%1053

Error - 5/4/2011 11:57:35 PM | Computer Name = TERESA-6ADA04CE | Source = DCOM | ID = 10010
Description = The server {FBA44040-BD27-4A09-ACC8-C08B7C723DCD} did not register
with DCOM within the required timeout.

Error - 5/5/2011 10:14:43 AM | Computer Name = TERESA-6ADA04CE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/5/2011 10:14:48 AM | Computer Name = TERESA-6ADA04CE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5/5/2011 10:14:58 AM | Computer Name = TERESA-6ADA04CE | Source = Service Control Manager | ID = 7023
Description = The Shell Support service terminated with the following error: %%1114


< End of report >

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Thu 05 May 2011, 10:30 pm

OTL.Txt

OTL logfile created on: 5/5/2011 7:17:20 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\teresa\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

446.00 Mb Total Physical Memory | 108.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.55 Gb Total Space | 40.11 Gb Free Space | 17.94% Space Free | Partition Type: NTFS
Drive D: | 9.34 Gb Total Space | 9.29 Gb Free Space | 99.47% Space Free | Partition Type: NTFS

Computer Name: TERESA-6ADA04CE | User Name: teresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 13:53:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\teresa\Desktop\OTL.exe
PRC - [2011/03/24 17:51:18 | 000,400,760 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/12/03 13:05:08 | 001,701,224 | ---- | M] (Philips) -- C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe
PRC - [2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 13:53:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\teresa\Desktop\OTL.exe
MOD - [2004/08/04 05:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)


========== Driver Services (SafeList) ==========

DRV - [2011/03/13 12:49:40 | 000,004,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\04.tmp -- (fabhbuua)
DRV - [2010/09/07 20:20:56 | 006,141,544 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/11/18 08:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 08:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009/11/12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006/06/16 23:09:48 | 001,611,776 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [You must be registered and logged in to see this link.] [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}: C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox [2011/02/24 19:35:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O2 - BHO: (IEPlugin Class) - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\tbBitT.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKCU..\Run: [ares] File not found
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [aE31002OeLpD31002] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Philips GoGear VIBE Device Manager.lnk = C:\Program Files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll (Google Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} [You must be registered and logged in to see this link.] (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} [You must be registered and logged in to see this link.] (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/25 00:48:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell - "" = AutoRun
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 13:53:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\teresa\Desktop\OTL.exe
[2011/04/30 22:32:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/30 21:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aE31002OeLpD31002
[2011/04/24 08:46:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/04/24 00:35:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\teresa\Application Data\Google
[2011/04/23 23:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/04/23 23:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\teresa\Local Settings\Application Data\Google
[2011/04/23 23:11:26 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/04/23 23:11:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2011/04/23 23:09:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/18 19:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2011/04/18 19:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\teresa\Application Data\Canneverbe Limited
[2011/04/18 19:20:31 | 000,000,000 | ---D | C] -- C:\Program Files\CDBurnerXP
[2011/04/10 02:30:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\teresa\My Documents\My Received Files
[2011/02/03 16:54:03 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\teresa\Application Data\pcouffin.sys
[1998/04/26 23:00:00 | 000,570,128 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\DAO350.DLL
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 07:21:49 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/05 07:21:13 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/05 07:14:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 20:49:58 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/05/01 13:53:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\teresa\Desktop\OTL.exe
[2011/04/28 22:17:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/26 23:08:53 | 000,161,792 | ---- | M] () -- C:\Documents and Settings\teresa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/18 19:20:36 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2011/04/18 19:17:22 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\teresa\Application Data\vso_ts_preview.xml
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 22:31:39 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/04/23 23:11:53 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/23 23:11:51 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/18 19:20:36 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CDBurnerXP.lnk
[2011/04/18 19:20:36 | 000,001,556 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\CDBurnerXP.lnk
[2011/04/18 19:20:33 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/03/30 15:20:51 | 000,071,680 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/25 19:11:32 | 000,000,105 | ---- | C] () -- C:\WINDOWS\gvcasinos.ini
[2011/02/07 13:11:54 | 000,161,792 | ---- | C] () -- C:\Documents and Settings\teresa\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/03 16:54:19 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\teresa\Application Data\vso_ts_preview.xml
[2011/02/03 16:54:03 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\teresa\Application Data\inst.exe
[2011/02/03 16:54:03 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\teresa\Application Data\pcouffin.cat
[2011/02/03 16:54:03 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\teresa\Application Data\pcouffin.inf
[2011/01/25 17:12:05 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/25 00:52:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/25 00:42:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/24 16:29:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/24 16:27:18 | 000,093,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/04/28 17:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/08/04 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,161,750 | RHS- | C] () -- C:\WINDOWS\System32\jjjzqn.dll
[2004/08/04 05:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by Belahzur on Fri 06 May 2011, 5:34 am

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O4 - HKCU..\RunOnce: [aE31002OeLpD31002] File not found
    O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell - "" = AutoRun
    O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
    [2011/04/30 21:37:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\aE31002OeLpD31002

    :commands
    [emptytemp]
    [reboot]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Fri 06 May 2011, 6:45 am

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\aE31002OeLpD31002 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ee4fd9c-5437-11e0-acfb-001676343fb2}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afa00f98-404a-11e0-aca1-001676343fb2}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f089f9cb-32f7-11e0-ac82-001676343fb2}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn not found.
Folder C:\Documents and Settings\All Users\Application Data\aE31002OeLpD31002\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2718502 bytes

User: NetworkService
->Temp folder emptied: 680950 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: teresa
->Temp folder emptied: 1356614505 bytes
->Temporary Internet Files folder emptied: 1537850818 bytes
->Java cache emptied: 68691608 bytes
->Flash cache emptied: 196708 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 10769 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17529025 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65359874 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,911.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05052011_153018

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\teresa\Local Settings\Temp\~DFC392.tmp not found!
File\Folder C:\Documents and Settings\teresa\Local Settings\Temp\~DFCB64.tmp not found!
C:\Documents and Settings\teresa\Local Settings\Temporary Internet Files\Content.IE5\LXFYKD1C\swagbucks_com[4].htm moved successfully.
C:\Documents and Settings\teresa\Local Settings\Temporary Internet Files\Content.IE5\LXFYKD1C\t26931-ms-removal-tool-problem[1].htm moved successfully.

Registry entries deleted on Reboot...

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by Belahzur on Fri 06 May 2011, 6:49 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Fri 06 May 2011, 7:20 am

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6515

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

5/5/2011 4:16:35 PM
mbam-log-2011-05-05 (16-16-35).txt

Scan type: Quick scan
Objects scanned: 130961
Time elapsed: 4 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (PUM.Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\jjjzqn.dll (Net.Worm) -> Delete on reboot.

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by Belahzur on Fri 06 May 2011, 7:27 am

Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Sat 07 May 2011, 7:18 am

ComboFix 11-05-06.02 - teresa 05/06/2011 15:48:59.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.234 [GMT -7:00]
Running from: c:\documents and settings\teresa\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\teresa\Application Data\inst.exe
c:\documents and settings\teresa\Application Data\PriceGong
c:\documents and settings\teresa\Application Data\PriceGong\Data\1.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\a.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\b.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\c.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\d.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\e.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\f.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\g.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\h.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\i.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\J.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\k.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\l.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\m.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\n.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\o.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\p.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\q.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\r.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\s.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\t.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\u.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\v.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\w.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\x.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\y.xml
c:\documents and settings\teresa\Application Data\PriceGong\Data\z.xml
c:\windows\gvcasinos.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-04-06 to 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-05 23:04 . 2011-05-05 23:04 -------- d-----w- c:\documents and settings\teresa\Application Data\Malwarebytes
2011-05-05 23:03 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 23:03 . 2011-05-05 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-05 23:03 . 2011-05-05 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 23:03 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 22:30 . 2011-05-05 22:30 -------- d-----w- C:\_OTL
2011-05-01 04:37 . 2011-05-05 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\aE31002OeLpD31002
2011-04-24 15:46 . 2011-04-26 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-24 06:12 . 2011-04-26 20:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-24 06:11 . 2011-04-26 14:33 -------- d-----w- c:\documents and settings\teresa\Local Settings\Application Data\Google
2011-04-24 06:11 . 2011-04-24 06:12 -------- d-----w- c:\program files\Google
2011-04-24 06:09 . 2011-04-24 06:17 -------- d-----w- c:\windows\system32\Adobe
2011-04-19 02:21 . 2011-04-19 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2011-04-19 02:20 . 2011-04-19 02:20 -------- d-----w- c:\documents and settings\teresa\Application Data\Canneverbe Limited
2011-04-19 02:20 . 2009-11-12 20:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2011-04-19 02:20 . 2011-04-19 02:20 -------- d-----w- c:\program files\CDBurnerXP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1998-04-27 06:00 . 1998-04-27 06:00 570128 ----a-w- c:\program files\Common Files\DAO350.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2010-12-09 20:51 3911776 ----a-w- c:\program files\BitTorrentBar\tbBitT.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\tbBitT.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2011-03-25 400760]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-24 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-08 19573352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Philips GoGear VIBE Device Manager.lnk - c:\program files\Philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2011-2-24 1701224]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9355:TCP"= 9355:TCP:bnvenzs
.
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2011 11:11 PM 136176]
S2 pgnmeqn;Shell Support;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 5:00 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/26/2011 4:34 PM 1691480]
S3 fabhbuua;fabhbuua;\??\c:\windows\system32\04.tmp --> c:\windows\system32\04.tmp [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/23/2011 11:11 PM 136176]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
pgnmeqn
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 06:11]
.
2011-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-24 06:11]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ares - c:\program files\Ares\Ares.exe
AddRemove-Be Rich 1.00 - c:\documents and settings\teresa\Desktop\games\Be Rich\Be Rich\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-06 16:00
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fabhbuua]
"ImagePath"="\??\c:\windows\system32\04.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(532)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-05-06 16:03:29
ComboFix-quarantined-files.txt 2011-05-06 23:03
.
Pre-Run: 46,766,415,872 bytes free
Post-Run: 46,989,594,624 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 10A0EB84AD706A5B7771AD7A73F64CAE

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by Belahzur on Sat 07 May 2011, 7:24 am

Hello.

I see that you are running BitTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    BitTorrent
    BitTorrentBar Toolbar
    Java(TM) 6 Update 23
    Swag Bucks Toolbar

Next,

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    KILLALL::

    File::
    c:\program files\Common Files\DAO350.DLL

    Folder::
    c:\documents and settings\All Users\Application Data\aE31002OeLpD31002

    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9355:TCP"=-
    [-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fabhbuua]

    Driver::
    pgnmeqn
    fabhbuua

    NetSvc::
    pgnmeqn
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Sat 07 May 2011, 9:28 am

ComboFix 11-05-06.03 - teresa 05/06/2011 18:05:25.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.446.244 [GMT -7:00]
Running from: c:\documents and settings\teresa\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\teresa\Desktop\CFScript.txt
.
FILE ::
"c:\program files\Common Files\DAO350.DLL"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\aE31002OeLpD31002
c:\documents and settings\All Users\Application Data\aE31002OeLpD31002\aE31002OeLpD31002
c:\program files\Common Files\DAO350.DLL
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_PGNMEQN
-------\Service_fabhbuua
-------\Service_pgnmeqn
.
.
((((((((((((((((((((((((( Files Created from 2011-04-07 to 2011-05-07 )))))))))))))))))))))))))))))))
.
.
2011-05-05 23:04 . 2011-05-05 23:04 -------- d-----w- c:\documents and settings\teresa\Application Data\Malwarebytes
2011-05-05 23:03 . 2010-12-21 01:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-05 23:03 . 2011-05-05 23:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-05 23:03 . 2011-05-05 23:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-05 23:03 . 2010-12-21 01:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-05 22:30 . 2011-05-05 22:30 -------- d-----w- C:\_OTL
2011-04-24 15:46 . 2011-04-26 20:49 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-24 06:12 . 2011-04-26 20:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-24 06:11 . 2011-04-26 14:33 -------- d-----w- c:\documents and settings\teresa\Local Settings\Application Data\Google
2011-04-24 06:11 . 2011-04-24 06:12 -------- d-----w- c:\program files\Google
2011-04-24 06:09 . 2011-04-24 06:17 -------- d-----w- c:\windows\system32\Adobe
2011-04-19 02:21 . 2011-04-19 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Canneverbe Limited
2011-04-19 02:20 . 2011-04-19 02:20 -------- d-----w- c:\documents and settings\teresa\Application Data\Canneverbe Limited
2011-04-19 02:20 . 2009-11-12 20:48 7168 ----a-w- c:\windows\system32\drivers\StarOpen.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-01-17 14:54 175912 ----a-w- c:\program files\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by Belahzur on Sun 08 May 2011, 12:30 am

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Sat 13 Aug 2011, 9:01 am

man its been a while, ok heres the thing i believe that the ms removal thing has been removed but yesterday my computer started to act very slow and these popup things seem to show up that show hello4 on them and now when i try opening internet explorer it just closes before it can load. I am currently in safe mode with networking and this is how i am here now. Im not sure where i should post this and get help so i figured i would put this here and hope for the best thanks.

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by Belahzur on Sat 13 Aug 2011, 11:25 am

Hello.

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below



Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop


  • Copy and paste the contents of aswMBR.txt back here for review


@RealBelahzur - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur

Manager | Tech Officer
Manager | Tech Officer

Posts : 34917
Joined : 2008-08-04
Operating System : XP SP3 Media Centre

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Sat 13 Aug 2011, 12:18 pm

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-12 21:15:56
-----------------------------
21:15:56.875 OS Version: Windows 5.1.2600 Service Pack 2
21:15:56.875 Number of processors: 2 586 0x407
21:15:56.875 ComputerName: TERESA-6ADA04CE UserName: teresa
21:16:00.734 Initialize success
21:16:11.609 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
21:16:11.625 Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7BA Size: 238475MB BusType: 3
21:16:11.640 Device \Driver\atapi -> DriverStartIo 8433331b
21:16:13.671 Disk 0 MBR read successfully
21:16:13.687 Disk 0 MBR scan
21:16:13.703 Disk 0 TDL4@MBR code has been found
21:16:13.718 Disk 0 Windows XP default MBR code found via API
21:16:13.734 Disk 0 MBR hidden
21:16:13.765 Disk 0 MBR [TDL4] **ROOTKIT**
21:16:13.781 Disk 0 trace - called modules:
21:16:13.796 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x843334d0]<<
21:16:13.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8437b558]
21:16:13.843 3 CLASSPNP.SYS[f759005b] -> nt!IofCallDriver -> [0x842d0148]
21:16:13.859 \Driver\atapi[0x843cf7c0] -> IRP_MJ_CREATE -> 0x843334d0
21:16:15.906 Scan finished successfully
21:16:54.140 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\teresa\Desktop\MBR.dat"
21:16:54.203 The log file has been saved successfully to "C:\Documents and Settings\teresa\Desktop\aswMBR.txt"



squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Tue 16 Aug 2011, 7:05 am

According to the forum im supposed to bump this after 2 days with no reply

edit: its been 4 days now (any idea what i should do?)

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Fri 19 Aug 2011, 11:19 pm

ok a weeks gone by i hope that means that i can re-bumb it.
any news on what i should do next?

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by DragonMaster Jay on Sun 21 Aug 2011, 4:15 am

Not sure where he went...re-run aswMBR and post a log please, so I can verify the infection...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Sun 21 Aug 2011, 4:46 am

aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-20 13:36:48
-----------------------------
13:36:48.625 OS Version: Windows 5.1.2600 Service Pack 3
13:36:48.625 Number of processors: 2 586 0x407
13:36:48.625 ComputerName: TERESA-6ADA04CE UserName: teresa
13:38:08.781 Initialize success
13:38:41.578 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
13:38:41.578 Disk 0 Vendor: Hitachi_HDT725025VLA380 V5DOA7BA Size: 238475MB BusType: 3
13:38:41.578 Device \Driver\atapi -> DriverStartIo 84b2731b
13:38:43.796 Disk 0 MBR read successfully
13:38:43.796 Disk 0 MBR scan
13:38:43.796 Disk 0 Windows XP default MBR code
13:38:44.328 Disk 0 scanning sectors +488392065
13:38:45.218 Disk 0 scanning C:\WINDOWS\system32\drivers
13:40:51.625 Service scanning
13:40:54.750 Modules scanning
13:42:05.359 Disk 0 trace - called modules:
13:42:05.359 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84b274d0]<<
13:42:05.359 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84bd0030]
13:42:05.359 3 CLASSPNP.SYS[f74dcfd7] -> nt!IofCallDriver -> [0x84b39810]
13:42:05.531 \Driver\atapi[0x84bcc030] -> IRP_MJ_CREATE -> 0x84b274d0
13:42:05.531 Scan finished successfully
13:43:19.390 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\teresa\Desktop\MBR.dat"
13:43:19.390 The log file has been saved successfully to "C:\Documents and Settings\teresa\Desktop\aswMBR.txt"


edit: I should include that when im not in safe mode, i can hear the sounds of different ads while nothing is open.

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by DragonMaster Jay on Mon 22 Aug 2011, 4:55 am

Gotcha...let's check with a different tool...

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.
    Link 1
    Link 2
    Link 3

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool Problem

Post by squitman on Mon 22 Aug 2011, 7:08 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 86):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80700000 \WINDOWS\system32\hal.dll
0x84F5F000 \WINDOWS\system32\KDCOM.DLL
0xF79E3000 \WINDOWS\system32\BOOTVID.dll
0xF7580000 ACPI.sys
0xF7ACF000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF756F000 pci.sys
0xF75CF000 isapnp.sys
0xF7B97000 pciide.sys
0xF784F000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75DF000 MountMgr.sys
0xF7550000 ftdisk.sys
0xF7857000 PartMgr.sys
0xF75EF000 VolSnap.sys
0xF7538000 atapi.sys
0xF75FF000 disk.sys
0xF760F000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF7518000 fltmgr.sys
0xF7506000 sr.sys
0xF74EF000 KSecDD.sys
0xF74DC000 WudfPf.sys
0xF744F000 Ntfs.sys
0xF7422000 NDIS.sys
0xF7408000 Mup.sys
0xF7977000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xF739C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF79A7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF763F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF764F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF765F000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF7379000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7351000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF78EF000 \SystemRoot\system32\DRIVERS\RTL8139.SYS
0xF78FF000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF766F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF791F000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF792F000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF767F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A67000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF733A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF768F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF769F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF797F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7329000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76AF000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF79AF000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79BF000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76BF000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7B75000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF72CB000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A7F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF76CF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B79000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF76DF000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7917000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xF7B81000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BF8000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B85000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7947000 \SystemRoot\System32\drivers\vga.sys
0xF728F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xF7B89000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF7967000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7987000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7AB3000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xF725C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xF7203000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF71DB000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF71B5000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xF7193000 \SystemRoot\System32\drivers\afd.sys
0xF76FF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF7168000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF70F8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF771F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF7018000 \SystemRoot\System32\Drivers\dump_atapi.sys

squitman

Newbie Surfer
Newbie Surfer

Posts : 21
Joined : 2011-05-01
Operating System : xp

View user profile

Back to top Go down

Re: MS Removal Tool Problem

Post by DragonMaster Jay on Tue 23 Aug 2011, 7:37 am

That is not a full log. Please re-run it and post a new log...


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: MS Removal Tool Problem

Post by Sponsored content Today at 2:46 am


Sponsored content


Back to top Go down

Page 1 of 2 1, 2  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum