• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

ler

Helper Trainee+
  • Content count

    293
  • Joined

  • Last visited

About ler

  • Rank
    SWI Junkie
  • Birthday

Profile Information

  • Gender
    Male
  1. Happy Birthday, jedi!
  2. Not a problem ==== Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::OTL FF - prefs.js..extensions.enabledAddons: {DD5F2DFF-0E54-11E2-8271-B8AC6F996F26}:2.0.14 [2012/10/04 13:54:07 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\DOCUMENTS AND SETTINGS\ALVARO RODRIGUEZ\LOCAL SETTINGS\APPLICATION DATA\{DD5F2DFF-0E54-11E2-8271-B8AC6F996F26} :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ==== Please visit http://support.microsoft.com/kb/971058 and click the button labelled Run Now. A file will be offered for download. Please execute it. Follow the dialog, accept the license agreement and let it fix all diagnosed problems.
  3. No problem Unfortunately the board messed up the OTL fix. Here is the fix correctly formatted: ==== Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::OTL IE - HKCU\..\SearchScopes\{20715055-D3F1-423F-BC63-BEE51C90F40C}: "URL" = [url=http://search.avg.co...e}&iy=&ychte=us]http://search.avg.co...e}&iy=&ychte=us[/url] IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = [url=http://mumbojumbo.st...q={searchTerms}]http://mumbojumbo.st...q={searchTerms}[/url] IE - HKCU\..\SearchScopes\{EF5EDCAD-1E68-4347-B96B-2D0D6F5FA42D}: "URL" = [url=http://websearch.ask...D8-6C4E331E6861]http://websearch.ask...D8-6C4E331E6861[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found [2011/03/08 20:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vosz\AppData\Roaming\Mozilla\Firefox\Profiles\a2e7wxeq.default\extensions\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}-TRASH O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found O4 - HKCU..\Run: [SearchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe File not found O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. :Files type C:\autoexec.bat /c :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
  4. Good work! . Please follow the instructions in this post. Start with the step after the OTL fix. You should now be able to merge the reg file to your Registry.
  5. To be honest, I'm not sure. Let me know if this OTL fix works:
  6. Let me know if the following works ==== Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::Reg [HKEY_CLASSES_ROOT\.REG] @="regfile" [HKEY_CLASSES_ROOT\.REG\PersistentHandler] @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_CLASSES_ROOT\regfile] "EditFlags"=dword:00100000 @="Registration Entries" "FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\ 00,6f,00,6f,00,74,00,25,00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,\ 2e,00,65,00,78,00,65,00,2c,00,2d,00,33,00,30,00,39,00,00,00 [HKEY_CLASSES_ROOT\regfile\DefaultIcon] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,00,78,00,65,00,\ 2c,00,31,00,00,00 [HKEY_CLASSES_ROOT\regfile\shell] [HKEY_CLASSES_ROOT\regfile\shell\edit] [HKEY_CLASSES_ROOT\regfile\shell\edit\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,6f,00,\ 74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,00,20,00,22,00,25,00,31,\ 00,22,00,00,00 [HKEY_CLASSES_ROOT\regfile\shell\open] @="Mer≥" "MUIVerb"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,\ 6f,00,74,00,25,00,5c,00,72,00,65,00,67,00,65,00,64,00,69,00,74,00,2e,00,65,\ 00,78,00,65,00,2c,00,2d,00,33,00,31,00,30,00,00,00 [HKEY_CLASSES_ROOT\regfile\shell\open\command] @="regedit.exe \"%1\"" [HKEY_CLASSES_ROOT\regfile\shell\print] [HKEY_CLASSES_ROOT\regfile\shell\print\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,6f,00,\ 74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,70,00,20,\ 00,22,00,25,00,31,00,22,00,00,00 [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.reg\UserChoice] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. If OTL did not ask you to reboot, please do it now. ==== Please open Notepad. Copy the text in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc] "DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200" "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\ 00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\ 72,00,69,00,63,00,74,00,65,00,64,00,00,00 "Start"=dword:00000002 "Type"=dword:00000020 "Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201" "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\ 4d,00,67,00,6d,00,74,00,00,00,00,00 "ObjectName"="NT AUTHORITY\\LocalService" "ServiceSidType"=dword:00000001 "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\ 00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\ 67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\ 00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\ 00,00,00,00 "DelayedAutoStart"=dword:00000001 "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\ 00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters] "ServiceDllUnloadOnStop"=dword:00000001 "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\ 00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security] "Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\ 00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\ 00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\ 00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\ 7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\ 00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_wscsvc] "NextInstance"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_wscsvc\0000] "Service"="wscsvc" "Legacy"=dword:00000001 "ConfigFlags"=dword:00000000 "Class"="LegacyDriver" "ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}" "DeviceDesc"="@%SystemRoot%\\System32\\wscsvc.dll,-200" Return to Notepad, right click and choose Paste.Click File->Save As and save it to regfile.reg to your Desktop. ==== Download SWReg and save it to your Windows folder (C:\Windows). Launch Notepad (Start > Run > notepad), and copy/paste the contents of the box below into a new text file. Select "all files" in the "save as type" field. Save it as Legacy1.bat and save it on your Desktop. swreg acl "HKLM\SYSTEM\CurrentControlSet\Enum\Root" /g Everyone:F >log.txt 2>&1 notepad log.txt Double-click Legacy1.bat to run it. Now double-click the following that you previously saved to your Desktop: regfile.reg Please confirm that you want to merge with the Registry. Launch Notepad (Start > Run > notepad), and copy/paste the contents of the box below into a new text file. Select "all files" in the "save as type" field. Save it as Legacy2.bat and save it on your Desktop. swreg acl "HKLM\SYSTEM\CurrentControlSet\Enum\Root" /p /g System:F >log.txt 2>&1 notepad log.txt Double-click Legacy2.bat to run it. There will be a log file on the Desktop, log.txt, please post that in your next reply. Restart your system. ==== Please run Farbar Service Scanner. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.
  7. Please open Notepad. Copy the text in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc] "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\ 74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\ 00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\ 6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 "DisplayName"="Security Center" "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\ 6d,00,67,00,6d,00,74,00,00,00,00,00 "ObjectName"="LocalSystem" "Description"="Monitors system security settings and configurations." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters] "ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\ 00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\ 77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security] "Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\ 00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\ 00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\ 05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\ 20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\ 00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\ 00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Enum] "0"="Root\\LEGACY_WSCSVC\\0000" "Count"=dword:00000001 "NextInstance"=dword:00000001 Return to Notepad, right click and choose Paste. Click File->Save As and save it to script.reg to your Desktop. Right click script.reg on your Desktop and choose Merge. ==== Please reboot and create a fresh Farbar Service Scanner report using the instructions below: Please download Farbar Service Scanner and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.
  8. Hi MalwareReallyBytes, Please only attach very long logs. Attached logs are harder to analyze. ==== Please download SystemLook and save it to your Desktop. Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt ==== Please re-run RogueKiller and click Scan. Please put a check to following entries, then click Delete. ==== Download GMER from here: http://www2.gmer.net/download.php Please close any open programs/windows! Open the program and click on the Rootkit/Malware tab. Make sure all the boxes on the right of the screen are checked, apart from 'Show All'. Click on Scan. When the scan has run click Copy and paste the results (if any) into this thread.
  9. Hehe. I forwarded it to the admins. Feel free to attach posts when you would need more than two posts. That's fine. ==== Please download Malwarebytes Anti-Rootkit here. Unzip the contents to a folder on the Desktop. Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7). Follow the instructions in the wizard to update and allow the program to scan your computer for threats. Click on the Cleanup button to remove any threats and reboot if prompted to do so. Wait while the system shuts down and the cleanup process is performed. Please post the two logs produced. ==== Please download to the Desktop RogueKiller (by tigzy). Please quit all programs. Start RogueKiller.exe. Wait until Prescan has finished. Click on Scan. Click on Report and copy/paste the contents of the report in your next reply ==== Please download Farbar Service Scanner and run it on the computer with the issue. Make sure the following options are checked:Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender Press "Scan". It will create a log (FSS.txt) in the same directory the tool is run. Please copy and paste the log to your reply.
  10. Yes, please try it again. Let me know if OTL stalls again. ==== Please open Notepad. Copy the text in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):type "%PROGRAMDATA%\AVAST Software\Avast\log\EventLog.log" > "%USERPROFILE%\Desktop\log.txt" "%WINDIR%\notepad.exe" "%USERPROFILE%\Desktop\log.txt" Return to Notepad, right click and choose Paste. Click File->Save As and save it to script.bat to your Desktop. Double click script.bat on your Desktop to execute it. A Notepad window will appear. Copy the contents of the log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  11. The logs show that Windows Update failed on 2012-12-22 the last time. Have you tried to install new Windows updates since then? Please try to install new updates using Microsoft Update. Microsoft provides a nice Howto. You might want to have a look at the section Update your files by using Windows Update or by using Microsoft Update. If the updates were not successful please visit http://support.microsoft.com/kb/956708. Please click on the Fix it button in the RESOLUTION section. A file named MicrosoftFixit50687.msi should be offered for download. Please execute this file, accept the License Agreement and click Next. After using the Fix it try updating Windows one more time. ==== Should these steps not resolve the Windows Update issue, please do the following. Please open Notepad. Copy the text in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):grep FATAL "%windir%\Windowsupdate.log" > "%USERPROFILE%\Desktop\log.txt" "%WINDIR%\notepad.exe" "%USERPROFILE%\Desktop\log.txt" Return to Notepad, right click and choose Paste. Click File->Save As and save it to script.bat to your Desktop. Double click script.bat on your Desktop to execute it. A Notepad window will appear. Copy the contents of the log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  12. Please download to the Desktop RogueKiller (by tigzy). Please quit all programs. Start RogueKiller.exe. Wait until Prescan has finished. Click on Scan. Click on Report and copy/paste the contents of the report in your next reply ==== Please download Farbar Service Scanner and run it on the computer with the issue. Make sure the following options are checked: Internet Services Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply. ==== Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :Files grep FATAL %windir%\Windowsupdate.log > %USERPROFILE%\Desktop\fatal.txt/c Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ==== In your next post, please include The RogueKiller log The Farbar Service Scanner log The OTL fix log
  13. Looking good Do you still have trouble installing Windows Updates?
  14. Hi Mahvra, The OTL log does not show signs of an infection. The following instructions will remove some leftovers. How often does avast show these disable notifications? Do you recognize any pattern? Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTL SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\vsdatant.win7.sys -- (vsdatant7) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pcdrndisuio.sys -- (PcdrNdisuio) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\vosz\AppData\Local\Temp\cpuz130\cpuz_x32.sys -- (cpuz130) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\vosz\AppData\Local\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) IE - HKCU\..\SearchScopes\{20715055-D3F1-423F-BC63-BEE51C90F40C}: "URL" = http://search.avg.co...e}&iy=&ychte=us IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://mumbojumbo.st...q={searchTerms} IE - HKCU\..\SearchScopes\{EF5EDCAD-1E68-4347-B96B-2D0D6F5FA42D}: "URL" = http://websearch.ask...D8-6C4E331E6861 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 8118 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found [2011/03/08 20:29:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\vosz\AppData\Roaming\Mozilla\Firefox\Profiles\a2e7wxeq.default\extensions\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}-TRASH O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKLM..\Run: [CCUTRAYICON] FactoryMode File not found O4 - HKCU..\Run: [searchEngineProtection] C:\Program Files\Gamesbar\SearchEngineProtection.exe File not found O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. :Files type C:\autoexec.bat /c :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ==== Please scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your Desktop. Double click on the to download the ESET Smart Installer. icon on your Desktop. [*]Check "YES, I accept the Terms of Use." [*]Click the Start button. [*]Accept any security warnings from your browser. [*]Under scan settings, check "Scan Archives" and "Remove found threats" [*]Click Advanced settings and select the following: Scan potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth technology [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, click List Threats [*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the Back button. [*]Click the Finish button. ==== In your next post, please include The OTL fix log The ESET log file
  15. Hi again, Your logs are looking good. The tools removed some adware and leftovers from a previously present infection. Are there any computer issues that you're experiencing at the moment? ==== Please run OTL.exe. Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): :OTL DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) :Files C:\Documents and Settings\All Users\Application Data\BasicSeek :Commands [EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste. Click the red Run Fix button. A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTL.exe If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. ==== Please download SystemLook and save it to your Desktop. Double-click SystemLook.exe to run it. Copy the content of the following codebox into the main textfield: :filefind Wdam7C13N *basicseek* GameMon.des :folderfind *basicseek* Click the Look button to start the scan. When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. Note: The log can also be found on your Desktop entitled SystemLook.txt ==== In your next post, please Include the OTL fix log Include the Systemlook log