Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Desktop replaced by IE failed page

  • 19-09-2012 8:33pm
    #1
    qwertplaywert
    Registered Users, Registered Users 2 Posts: 3,404 ✭✭✭


    Hi! Just wondering if anyone knew how to solve this- when I turn on my computer, explorer/the desktop doesnt show up. All that comes up is internet explorer page that has failed to load, scaled to the size of the screen. anyone know any way to get rid of this and let me get back to using my computer?


Comments

  • #2
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    Probably malware


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • #3
    qwertplaywert
    Registered Users, Registered Users 2 Posts: 3,404 ✭✭✭qwertplaywert


    OTL logfile created on: 9/19/2012 8:45:12 PM - Run 1
    OTL by OldTimer - Version 3.2.64.0 Folder = G:\
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.93 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 75.98% Memory free
    5.86 Gb Paging File | 5.20 Gb Available in Paging File | 88.58% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
    Drive C: | 225.33 Gb Total Space | 15.46 Gb Free Space | 6.86% Space Free | Partition Type: NTFS
    Drive D: | 225.33 Gb Total Space | 2.95 Gb Free Space | 1.31% Space Free | Partition Type: NTFS
    Drive G: | 7.21 Gb Total Space | 2.51 Gb Free Space | 34.81% Space Free | Partition Type: FAT32

    Computer Name: DAVID | User Name: davidmcardle | Logged in as Administrator.
    Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/19 20:43:36 | 000,600,064 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
    PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
    PRC - [2011/06/24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2010/11/20 13:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
    PRC - [2009/07/14 02:14:21 | 000,497,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV - [2012/09/07 17:19:52 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/29 11:23:14 | 000,188,760 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
    SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV - [2012/03/22 14:44:12 | 000,086,528 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
    SRV - [2011/11/09 12:36:18 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/03/04 12:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6CA74C80-FDCB-4813-A5E8-3CACBB033029}\MpKsl1ed88323.sys -- (MpKsl1ed88323)
    DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV - [2012/01/04 15:28:36 | 000,016,128 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtkdrv.sys -- (TrojanKillerDriver)
    DRV - [2011/11/15 20:04:15 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2011/08/17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/08/17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2011/08/05 12:02:46 | 002,203,648 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2010/07/01 01:47:34 | 000,015,656 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtport.sys -- (rtport)
    DRV - [2009/09/28 10:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
    DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/10 14:44:52 | 000,122,880 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
    DRV - [2009/04/09 06:23:02 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
    DRV - [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.eircom.net/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ie.msn.com/?rd=1&ucc=IE&dcc=IE&opt=0
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 84 2A 88 2B 25 CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
    IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6OyLrUMWn3&i=26
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb174?a=6OyLrUMWn3&i=26"
    FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb174/?loc=IB_DS&a=6OyLrUMWn3&&i=26&search="


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\davidmcardle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/12/07 00:35:26 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012/03/23 17:48:10 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012/08/19 00:39:53 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 17:19:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2011/11/16 01:59:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Extensions
    [2012/08/19 20:14:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\edasn8de.default\extensions
    [2012/07/25 21:17:15 | 000,000,000 | ---D | M] (fluschipranie) -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\edasn8de.default\extensions\jid0-Dg47y8CbssHh7EDdmKEYB6phtn0@jetpack
    [2012/08/19 00:38:25 | 000,002,203 | ---- | M] () -- C:\Users\davidmcardle\AppData\Roaming\Mozilla\Firefox\Profiles\edasn8de.default\searchplugins\MyStart Search.xml
    [2012/09/07 17:18:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/07 17:19:54 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/06/20 15:32:16 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/08/29 01:07:28 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/20 15:32:16 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/06/20 15:32:16 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/08/29 01:07:28 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/06/20 15:32:16 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\davidmcardle\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Web Assistant = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.474_0\
    CHR - Extension: Freemake Video Converter = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\
    CHR - Extension: Gmail = C:\Users\davidmcardle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll ()
    O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [draqhnqomdfazkb] C:\ProgramData\draqhnqo.exe ()
    O4 - HKCU..\Run: [Facebook Update] C:\Users\davidmcardle\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [SDP] C:\Program Files\FilesFrog Update Checker\update_checker.exe (Somoto)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O31 - SafeBoot: UseAlternatShell - 1
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{4f374c21-0fb3-11e1-8d68-002454aa53da}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f374c21-0fb3-11e1-8d68-002454aa53da}\Shell\AutoRun\command - "" = F:\autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/19 19:32:11 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{F665D6FF-8382-4A7A-BD98-649F3D021A4D}
    [2012/09/18 19:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ieasticcmektkck
    [2012/09/17 23:11:33 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{EEEE435C-18CB-410C-8DF0-6C9D255932C5}
    [2012/09/17 18:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer
    [2012/09/17 18:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
    [2012/09/16 16:50:27 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{4EE6E839-F0B7-481C-BF54-895179DF7DAA}
    [2012/09/14 12:49:16 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{07B725FD-537D-4905-A427-F137CDE83B1C}
    [2012/09/14 00:59:01 | 000,000,000 | -HSD | C] -- C:\found.001
    [2012/09/13 14:36:49 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Roaming\Malwarebytes
    [2012/09/13 14:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/13 14:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/13 14:36:40 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2012/09/13 14:36:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/13 14:19:25 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{5FA01C92-B401-45F2-97DB-0E06D8F2E2DF}
    [2012/09/12 11:17:58 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{14B6E08A-0DCB-4142-8636-CB0C6BBEE6D2}
    [2012/09/11 21:51:23 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{288AFF81-86FE-43DA-A4AD-14E39D4577A4}
    [2012/09/10 16:30:43 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{E9F68768-3972-4C89-B8D2-E6EF2808F63B}
    [2012/09/08 16:06:32 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{F0D04C73-8636-406C-A4E7-3F4B18831E61}
    [2012/09/07 17:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2012/09/07 15:11:20 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{2EF3F2E0-7B6B-4D1F-AC4A-EE6C510E5F0B}
    [2012/09/07 02:35:04 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{A09F2EC5-0308-492A-942E-6DE42F764CD2}
    [2012/09/06 00:55:40 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{09ADFD4F-3B14-43F7-ADF1-8EF9958E313E}
    [2012/09/05 12:58:35 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{F8647378-DE99-4B1E-8D24-B751618BA319}
    [2012/09/04 16:57:19 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{7DCB04A6-41C9-4F95-A0A3-D7519E91C72A}
    [2012/09/03 19:21:07 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\Documents\888poker
    [2012/09/03 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012/09/03 19:21:06 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
    [2012/09/03 19:21:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
    [2012/09/03 19:20:13 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Roaming\PacificPoker
    [2012/09/03 19:19:40 | 000,000,000 | ---D | C] -- C:\Program Files\PacificPoker
    [2012/09/03 18:50:51 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{8239F5E6-6ADF-4F20-96F4-6713DEE36253}
    [2012/09/02 09:19:42 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{149C7F3E-7AA0-4EDB-BF0D-63916B8AEB03}
    [2012/09/01 10:34:46 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{E01EB4C8-BEF7-4807-A948-B845A5302A78}
    [2012/08/30 10:59:43 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{7DD68F09-6940-4D02-AB83-53E6766E222B}
    [2012/08/27 19:05:14 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Roaming\dvdcss
    [2012/08/24 21:39:44 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{7835AFA2-0901-4EC1-8A0F-E67363A9E8D4}
    [2012/08/24 20:13:09 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{B7800880-FB33-4A38-8500-4B2781E086DA}
    [2012/08/23 23:02:28 | 000,000,000 | ---D | C] -- C:\Users\davidmcardle\AppData\Local\{7D97B701-2B40-438F-9D0D-CCED0F989FEC}
    [2012/08/23 13:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
    [2012/08/23 13:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\my company name
    [1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
    [1 C:\Users\davidmcardle\Desktop\*.tmp files -> C:\Users\davidmcardle\Desktop\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/09/19 20:47:54 | 000,634,406 | ---- | M] () -- C:\windows\System32\perfh009.dat
    [2012/09/19 20:47:54 | 000,115,298 | ---- | M] () -- C:\windows\System32\perfc009.dat
    [2012/09/19 20:42:03 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/09/19 20:42:00 | 2362,920,960 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/19 20:20:10 | 000,000,886 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/19 20:20:00 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/19 19:39:27 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/19 19:39:27 | 000,014,736 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/18 21:44:48 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
    [2012/09/18 19:53:33 | 000,073,400 | ---- | M] () -- C:\ProgramData\jukzwbarytnknxu
    [2012/09/18 19:53:14 | 000,080,384 | ---- | M] () -- C:\ProgramData\draqhnqo.exe
    [2012/09/18 19:53:14 | 000,080,384 | ---- | M] () -- C:\Users\davidmcardle\0.622516929710058.exe
    [2012/09/18 18:56:01 | 000,000,956 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1000UA.job
    [2012/09/18 18:01:32 | 000,065,874 | ---- | M] () -- C:\Users\davidmcardle\Desktop\favourite-soap-collyoaks.jpg
    [2012/09/18 17:57:32 | 000,000,043 | ---- | M] () -- C:\Users\davidmcardle\Desktop\qm.gif
    [2012/09/18 17:55:54 | 000,057,130 | ---- | M] () -- C:\Users\davidmcardle\Desktop\407332_10150542468358124_961010011_n.jpg
    [2012/09/17 21:56:00 | 000,000,934 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1871111397-3539990770-1974983793-1000Core.job
    [2012/09/17 20:36:10 | 687,250,402 | ---- | M] () -- C:\Users\davidmcardle\Desktop\Part2.avi
    [2012/09/17 16:30:00 | 000,000,044 | ---- | M] () -- C:\Users\davidmcardle\AppData\Roaming\msconfig.ini
    [2012/09/15 10:28:14 | 000,000,368 | ---- | M] () -- C:\windows\tasks\McDefragTask.job
    [2012/09/13 14:38:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
    [2012/09/03 19:21:06 | 000,002,009 | ---- | M] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
    [2012/09/03 19:21:06 | 000,001,991 | ---- | M] () -- C:\Users\davidmcardle\Desktop\888poker.lnk
    [2012/09/01 23:32:45 | 000,051,979 | ---- | M] () -- C:\Users\davidmcardle\Desktop\x284114_10150324440825450_3589757_n.jpg
    [2012/09/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\windows\tasks\McQcTask.job
    [2012/08/31 01:10:52 | 000,000,412 | ---- | M] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
    [2012/08/23 13:28:37 | 000,001,622 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 1.6.lnk
    [2012/08/22 12:02:46 | 000,068,722 | ---- | M] () -- C:\Users\davidmcardle\Desktop\joes walk 3.jpg
    [2012/08/22 12:01:09 | 000,033,670 | ---- | M] () -- C:\Users\davidmcardle\Desktop\Joes Walk.jpg
    [2012/08/22 12:00:38 | 000,054,019 | ---- | M] () -- C:\Users\davidmcardle\Desktop\Joes Walk 2.jpg
    [1 C:\Users\davidmcardle\Desktop\*.tmp files -> C:\Users\davidmcardle\Desktop\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/09/18 19:53:29 | 000,080,384 | ---- | C] () -- C:\ProgramData\draqhnqo.exe
    [2012/09/18 19:53:15 | 000,073,400 | ---- | C] () -- C:\ProgramData\jukzwbarytnknxu
    [2012/09/18 19:53:05 | 000,080,384 | ---- | C] () -- C:\Users\davidmcardle\0.622516929710058.exe
    [2012/09/18 18:01:31 | 000,065,874 | ---- | C] () -- C:\Users\davidmcardle\Desktop\favourite-soap-collyoaks.jpg
    [2012/09/18 17:57:30 | 000,000,043 | ---- | C] () -- C:\Users\davidmcardle\Desktop\qm.gif
    [2012/09/18 17:55:52 | 000,057,130 | ---- | C] () -- C:\Users\davidmcardle\Desktop\407332_10150542468358124_961010011_n.jpg
    [2012/09/17 20:56:56 | 687,250,402 | ---- | C] () -- C:\Users\davidmcardle\Desktop\Part2.avi
    [2012/09/17 18:41:57 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk
    [2012/09/17 15:51:08 | 000,000,044 | ---- | C] () -- C:\Users\davidmcardle\AppData\Roaming\msconfig.ini
    [2012/09/13 14:36:42 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/03 19:21:06 | 000,002,009 | ---- | C] () -- C:\Users\davidmcardle\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
    [2012/09/03 19:21:06 | 000,001,991 | ---- | C] () -- C:\Users\davidmcardle\Desktop\888poker.lnk
    [2012/09/01 23:32:43 | 000,051,979 | ---- | C] () -- C:\Users\davidmcardle\Desktop\x284114_10150324440825450_3589757_n.jpg
    [2012/08/23 13:28:37 | 000,001,622 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike 1.6.lnk
    [2012/08/22 12:03:10 | 000,068,722 | ---- | C] () -- C:\Users\davidmcardle\Desktop\joes walk 3.jpg
    [2012/08/22 12:01:58 | 000,054,019 | ---- | C] () -- C:\Users\davidmcardle\Desktop\Joes Walk 2.jpg
    [2012/08/22 12:01:38 | 000,033,670 | ---- | C] () -- C:\Users\davidmcardle\Desktop\Joes Walk.jpg
    [2012/08/04 10:58:20 | 000,000,376 | ---- | C] () -- C:\windows\ODBC.INI
    [2012/07/03 16:14:15 | 000,000,412 | ---- | C] () -- C:\Users\davidmcardle\AppData\Roaming\wklnhst.dat
    [2012/01/30 21:40:41 | 000,149,376 | -H-- | C] () -- C:\windows\System32\mlfcache.dat
    [2012/01/11 09:35:20 | 000,126,976 | ---- | C] () -- C:\Users\davidmcardle\AppData\Roaming\msconfig.dat
    [2011/02/11 20:10:52 | 000,439,308 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
    [2011/02/11 20:10:50 | 000,982,240 | ---- | C] () -- C:\windows\System32\igkrng500.bin
    [2011/02/11 20:10:50 | 000,092,356 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
    [2011/02/11 19:40:40 | 000,004,096 | ---- | C] ( ) -- C:\windows\System32\IGFXDEVLib.dll
    [2011/02/11 19:38:44 | 000,000,151 | ---- | C] () -- C:\windows\System32\GfxUI.exe.config
    [2010/09/24 17:59:28 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
    [2010/09/24 11:13:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini

    ========== ZeroAccess Check ==========

    [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    ========== LOP Check ==========

    [2011/12/20 19:07:17 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\Astroburn Pro
    [2012/01/27 19:49:14 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\DAEMON Tools Lite
    [2011/12/07 08:39:52 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\HandBrake
    [2011/12/07 00:39:04 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\Nokia
    [2012/02/18 19:08:24 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\OpenOffice.org
    [2012/09/03 19:22:50 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\PacificPoker
    [2011/12/07 00:38:35 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\PC Suite
    [2012/02/20 11:54:19 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\redsn0w
    [2012/02/20 01:22:31 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\SystemRequirementsLab
    [2012/07/03 16:14:17 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\Template
    [2012/09/19 20:36:31 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\uTorrent
    [2012/07/30 23:57:12 | 000,000,000 | ---D | M] -- C:\Users\davidmcardle\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========



    < End of report >


  • #4
    ASJ112
    Site Banned Posts: 1,167 ✭✭✭ASJ112


    yeah malware present


    open OTL copy and paste this in the custom scan/fixes box



    :OTL
    O4 - HKCU..\Run: [draqhnqomdfazkb] C:\ProgramData\draqhnqo.exe ()
    O33 - MountPoints2\{4f374c21-0fb3-11e1-8d68-002454aa53da}\Shell - "" = AutoRun
    O33 - MountPoints2\{4f374c21-0fb3-11e1-8d68-002454aa53da}\Shell\AutoRun\command - "" = F:\autorun.exe
    [2012/09/18 19:53:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ieasticcmektkck
    [2012/09/18 19:53:33 | 000,073,400 | ---- | M] () -- C:\ProgramData\jukzwbarytnknxu
    [2012/09/18 19:53:14 | 000,080,384 | ---- | M] () -- C:\ProgramData\draqhnqo.exe
    [2012/09/18 19:53:14 | 000,080,384 | ---- | M] () -- C:\Users\davidmcardle\0.622516929710058.exe
    [2012/09/18 19:53:29 | 000,080,384 | ---- | C] () -- C:\ProgramData\draqhnqo.exe
    [2012/09/18 19:53:15 | 000,073,400 | ---- | C] () -- C:\ProgramData\jukzwbarytnknxu
    [2012/09/18 19:53:05 | 000,080,384 | ---- | C] () -- C:\Users\davidmcardle\0.622516929710058.exe


    :Commands
    [PURITY]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [RESETHOSTS]
    [EMPTYJAVA]
    [CREATERESTOREPOINT]
    [Reboot]
    :Files
    ipconfig /flushdns /c


    click run fix post the log it gives you.



    then update mbam run a quick scan post that log


  • #5
    qwertplaywert
    Registered Users, Registered Users 2 Posts: 3,404 ✭✭✭qwertplaywert


    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\draqhnqomdfazkb deleted successfully.
    C:\ProgramData\draqhnqo.exe moved successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f374c21-0fb3-11e1-8d68-002454aa53da}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f374c21-0fb3-11e1-8d68-002454aa53da}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f374c21-0fb3-11e1-8d68-002454aa53da}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f374c21-0fb3-11e1-8d68-002454aa53da}\ not found.
    File F:\autorun.exe not found.
    C:\ProgramData\ieasticcmektkck folder moved successfully.
    C:\ProgramData\jukzwbarytnknxu moved successfully.
    File C:\ProgramData\draqhnqo.exe not found.
    C:\Users\davidmcardle\0.622516929710058.exe moved successfully.
    File C:\ProgramData\draqhnqo.exe not found.
    File C:\ProgramData\jukzwbarytnknxu not found.
    File C:\Users\davidmcardle\0.622516929710058.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: davidmcardle
    ->Temp folder emptied: 2403815630 bytes
    ->Temporary Internet Files folder emptied: 19268890 bytes
    ->Java cache emptied: 325846 bytes
    ->FireFox cache emptied: 124486170 bytes
    ->Google Chrome cache emptied: 34034032 bytes
    ->Flash cache emptied: 17899 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 86407880 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 526998 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes
    RecycleBin emptied: 345026439 bytes

    Total Files Cleaned = 2,874.00 mb


    [EMPTYFLASH]

    User: All Users

    User: davidmcardle
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0.00 mb

    C:\windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: davidmcardle
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0.00 mb

    Unable to start System Restore Service. Error code 1084
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Could not flush the DNS Resolver Cache: Function failed during execution.
    G:\cmd.bat deleted successfully.
    G:\cmd.txt deleted successfully.

    OTL by OldTimer - Version 3.2.64.0 log created on 09192012_220223

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...


Advertisement