ExTS Admin Starbuck Posted May 11, 2010 ExTS Admin Posted May 11, 2010 Hi wireddj but the second time i ran the OTL Scan was i supposed to paste in that command. It's ok, i had those results in the 1st report. I see that you ran ComboFix this morning :mad: Let me have the combofix.txt that was produced. You'll find a copy at: C:\ComboFix.txt Double click on OTL.exe to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :Otl O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (no name) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - No CLSID value found. O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O4 - HKCU..\Run: [startServiceEFFDME] C:\Users\Demented Blaster\AppData\Local\EFFDME\StartService.exe File not found O4 - HKLM..\RunOnce: [] File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O15 - HKCU\..Trusted Domains: auioz.info ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found O20 - Winlogon\Notify\klogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found @Alternate Data Stream - 1210 bytes -> C:\Users\Demented Blaster\AppData\Local\f6k50JBrcNI:kst0Lb9K4A2lxGI1Wc6pE @Alternate Data Stream - 1200 bytes -> C:\Users\Demented Blaster\AppData\Local\qRbi6T2jAIurL:8oJ7sQ0MUdpqZKg1NpE3Ige2vK1 @Alternate Data Stream - 1175 bytes -> C:\Users\Demented Blaster\AppData\Local\kZr1vxHtCGqPRaJ:p3zeBxP6gllwy2p27IXj3vXWw @Alternate Data Stream - 1152 bytes -> C:\ProgramData\Microsoft:kup8QuWpb8r19NndbbDRSg35AFl @Alternate Data Stream - 1050 bytes -> C:\ProgramData\Microsoft:YnfShpa3CkvakXlJcB3jvN2e2TH :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles In your next reply, please submit: Combofix.txt Otl fix report Thanks. Quote Member of:UNITE
wireddj Posted May 11, 2010 Author Posted May 11, 2010 Hey starbuck i actually ran the combofix scan again this afternoon as someone else was also trying to help me, hope that wont affect any help you are giving me. Here are the scans... ComboFix 10-05-10.03 - Demented Blaster 05/11/2010 13:30:22.1.3 - x86 NETWORK Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2814.2225 [GMT 1:00] Running from: C:\Users\Demented Blaster\Downloads\ComboFix.exe SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Demented Blaster\AppData\Roaming\dach100.dll . ---- Previous Run ------- . C:\Program Files\INSTALL.LOG C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat C:\Users\Demented Blaster\AppData\Roaming\BITS\BITS.ini C:\Users\Demented Blaster\AppData\Roaming\chrtmp C:\Users\Demented Blaster\AppData\Roaming\dach100.dll C:\Users\Demented Blaster\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll C:\Users\Demented Blaster\AppData\Roaming\FlashGetBHO\FlashGetHook.dll C:\Users\Demented Blaster\AppData\Roaming\FlashGetBHO\GetAllUrl.htm C:\Users\Demented Blaster\AppData\Roaming\FlashGetBHO\GetUrl.htm C:\Users\Demented Blaster\AppData\Roaming\inst.exe C:\Windows\a3kebook.ini C:\Windows\AiiTxI.exe C:\Windows\akebook.ini C:\Windows\ANS2000.INI C:\Windows\APKUo.exe C:\Windows\axcKqprO.exe C:\Windows\BRXGn.dll C:\Windows\bvvnq.exe C:\Windows\CFpcr.dll C:\Windows\CGmBYscJe.exe C:\Windows\DyuCuJkR.exe C:\Windows\EKCXaiHVc.exe C:\Windows\fhbIWDrG.dll C:\Windows\gCDXjB.exe C:\Windows\GqykEQ.dll C:\Windows\hdIhhkTe.dll C:\Windows\HeeiS.dll C:\Windows\HEuXQI.dll C:\Windows\hKFGvq.dll C:\Windows\IBwfo.exe C:\Windows\JCNFVlv.dll C:\Windows\JPILEmr.exe C:\Windows\KenVIjT.dll C:\Windows\kSkmuDixg.exe C:\Windows\LmQuviXh.dll C:\Windows\lNAypDJo.exe C:\Windows\MdgOLar.exe C:\Windows\mFMFgn.dll C:\Windows\MPFffSOyg.dll C:\Windows\MtIAFRUJf.dll C:\Windows\NqLTHmL.dll C:\Windows\NutUx.exe C:\Windows\NWmfqXd.exe C:\Windows\OcWUOUl.exe C:\Windows\OlXfhh.dll C:\Windows\OOXikU.exe C:\Windows\ouoWgDKW.exe C:\Windows\PegcVojnx.dll C:\Windows\pWTLVEUA.dll C:\Windows\QEICTxYAl.exe C:\Windows\qJcKdCwwF.exe C:\Windows\QubloP.exe C:\Windows\qYhbb.exe C:\Windows\rxIpjlV.exe C:\Windows\RyxACCOK.dll C:\Windows\SdafEYNu.dll C:\Windows\system32\AcCNS.dll C:\Windows\system32\aCuucIGl.dll C:\Windows\system32\BVFoo.dll C:\Windows\system32\cnAreSr.exe C:\Windows\system32\CsauqN.dll C:\Windows\system32\drivers\aHfuNNbqU.dll C:\Windows\system32\drivers\CnllSr.exe C:\Windows\system32\drivers\CNSRiwcLL.exe C:\Windows\system32\drivers\cwDeAvn.exe C:\Windows\system32\drivers\EWOLsqfla.dll C:\Windows\system32\drivers\fENJFAv.dll C:\Windows\system32\drivers\FIyNCL.exe C:\Windows\system32\drivers\fPXFWt.exe C:\Windows\system32\drivers\FsBqvL.dll C:\Windows\system32\drivers\GWVeK.dll C:\Windows\system32\drivers\HIfatBNx.exe C:\Windows\system32\drivers\HNNIsK.exe C:\Windows\system32\drivers\IXWAB.dll C:\Windows\system32\drivers\JNukgdeTO.exe C:\Windows\system32\drivers\jqVWbNCBj.exe C:\Windows\system32\drivers\kKfvLM.dll C:\Windows\system32\drivers\kqMoxjlUo.dll C:\Windows\system32\drivers\KSUhRSUfa.exe C:\Windows\system32\drivers\LaVEeMe.dll C:\Windows\system32\drivers\mNiBmCG.exe C:\Windows\system32\drivers\nIRTxh.dll C:\Windows\system32\drivers\oKQkvi.dll C:\Windows\system32\drivers\oQgiPwODj.exe C:\Windows\system32\drivers\paTEWyc.exe C:\Windows\system32\drivers\QCBJJM.dll C:\Windows\system32\drivers\qoflpU.dll C:\Windows\system32\drivers\rNKNO.dll C:\Windows\system32\drivers\ThKRuPVp.exe C:\Windows\system32\drivers\uLSyE.dll C:\Windows\system32\drivers\upIVGbK.exe C:\Windows\system32\drivers\uSDxgVVUL.exe C:\Windows\system32\drivers\UWMuPF.dll C:\Windows\system32\drivers\vQLpKy.exe C:\Windows\system32\drivers\wxhDu.dll C:\Windows\system32\drivers\xSrbVHK.dll C:\Windows\system32\drivers\ylgeilQR.dll C:\Windows\system32\epPnYRhHK.dll C:\Windows\system32\exdUBqT.exe C:\Windows\system32\ExMscw.exe C:\Windows\system32\fdWEy.dll C:\Windows\system32\FRbcwRndu.exe C:\Windows\system32\GGUARb.dll C:\Windows\system32\hBXPlGgXx.exe C:\Windows\system32\HhfCWu.exe C:\Windows\system32\HixUDL.dll C:\Windows\system32\IhyXHqq.dll C:\Windows\system32\iyEyOX.dll C:\Windows\system32\jkrNLxYH.dll C:\Windows\system32\lGmWjMj.exe C:\Windows\system32\LPdPN.dll C:\Windows\system32\lPQRy.dll C:\Windows\system32\LVJRRjfYl.dll C:\Windows\system32\msvcsv60.dll C:\Windows\system32\muTVnQecd.dll C:\Windows\system32\oYOEHY.dll C:\Windows\system32\PdeOhvGli.exe C:\Windows\system32\pFsrCCUsL.exe C:\Windows\system32\QcEFOy.exe C:\Windows\system32\qQIUsap.exe C:\Windows\system32\QTRMUCJgj.dll C:\Windows\system32\scaQiuApm.exe C:\Windows\system32\sqlite3.dll C:\Windows\system32\svNSDy.dll C:\Windows\system32\teOSdn.exe C:\Windows\system32\tUfGSiyu.dll C:\Windows\system32\tupqlqbqj.dll C:\Windows\system32\UMfBnJuT.dll C:\Windows\system32\VaHAuWCn.exe C:\Windows\system32\Vb40032.dll C:\Windows\system32\vSoXOawPa.dll C:\Windows\system32\wfmCEwJVu.dll C:\Windows\system32\wJXBcyrq.dll C:\Windows\system32\WOvnKXRF.dll C:\Windows\system32\XDtLrhbf.dll C:\Windows\tbhupPq.exe C:\Windows\TBTiPBjg.dll C:\Windows\TxpGJNT.dll C:\Windows\wddogk.dll C:\Windows\WfiglB.exe C:\Windows\XLTkqHb.dll C:\Windows\xMLKgq.exe C:\Windows\XXGiJdvNo.dll C:\Windows\YiVVTtBXX.dll C:\Windows\YrGKjKfd.exe E:\install.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31FF080D-12A3-439A-A2EF-4BA95A3148E8}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\StartServiceEFFDME not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\auioz.info\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\kuaiche.com\software\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\sacore\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5}\ not found. File {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found. ADS C:\Users\Demented Blaster\AppData\Local\f6k50JBrcNI:kst0Lb9K4A2lxGI1Wc6pE deleted successfully. ADS C:\Users\Demented Blaster\AppData\Local\qRbi6T2jAIurL:8oJ7sQ0MUdpqZKg1NpE3Ige2vK1 deleted successfully. ADS C:\Users\Demented Blaster\AppData\Local\kZr1vxHtCGqPRaJ:p3zeBxP6gllwy2p27IXj3vXWw deleted successfully. ADS C:\ProgramData\Microsoft:kup8QuWpb8r19NndbbDRSg35AFl deleted successfully. ADS C:\ProgramData\Microsoft:YnfShpa3CkvakXlJcB3jvN2e2TH deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Demented Blaster ->Temp folder emptied: 113246 bytes ->Temporary Internet Files folder emptied: 92805 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 41663973 bytes ->Google Chrome cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 42490 bytes User: ****er ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Guest User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1355776 bytes Total Files Cleaned = 41.00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Demented Blaster ->Flash cache emptied: 0 bytes User: ****er ->Flash cache emptied: 0 bytes User: Guest User: Public Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.4.1 log created on 05112010_183642 Quote
ExTS Admin Starbuck Posted May 11, 2010 ExTS Admin Posted May 11, 2010 Hi wireddj i actually ran the combofix scan again this afternoon as someone else was also trying to help me Sorry but the help system doesn't work like that. Everytime you run extra scans they one of us doesn't ask for.... you change everything and confusion sets in. Plus reading the reports isn't a 10 minute job, it does take time. If 2 helpers are using their time to go through your reports, it's wasting both helpers time. Please decide who is helping you and let me and the other helper know. Quote Member of:UNITE
wireddj Posted May 12, 2010 Author Posted May 12, 2010 Sorry about that was just trying to get my system sorted out a.s.a.p didnt realise that i was doing more harm than good. I will be relying on my friend to help me out but thank you for your assistance up until now. But i hope it would be ok to come back here if i have no joy? Quote
ExTS Admin Starbuck Posted May 12, 2010 ExTS Admin Posted May 12, 2010 No problem at all. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.