WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Removed XP Security 2011 but can't open or run anything

2 posters

descriptionRemoved XP Security 2011 but can't open or run anything EmptyRemoved XP Security 2011 but can't open or run anything13th April 2011, 5:09 am

more_horiz
I managed to remove XP security 2011 but have run into a new problem. I can't open/run anything. Whenevever I try to open or run anything it takes me to the "Choose the program you want to open this file with:" screen. I can open firefox by using firefox to open (although it shows some java error) it but no other programs. I can't open any videos or music files. Whenever I try to open a video it takes it to windows media player and says windows doesn't recognized this type of file

When I try to use VLC player it gives me the error "C:\Documentlcs and Sttings\Jerome\Desktop\vlc-1.1.7\vlc.exe

Application not found"

I can open folders, pdf, mp3, and text files though. Oddly enough when I try to run MS word it says "Error: application not found"

I also can't access the icons on the bottom left of my desktop (The volume control and the safely remove hardware). I can't click on them but they won't open.

thanks

descriptionRemoved XP Security 2011 but can't open or run anything EmptyRe: Removed XP Security 2011 but can't open or run anything13th April 2011, 5:10 am

more_horiz
I wasn't able to run OTL nor malwarebytes in normal mode or safe mode. But I was able to by logging in as the administrator user in safe mode.

Here is the OTL Log:

OTL logfile created on: 4/12/2011 10:00:22 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 836.00 Mb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 931.50 Gb Total Space | 186.31 Gb Free Space | 20.00% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BENDER | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2008/04/13 21:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2008/04/13 21:42:52 | 001,054,208 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (SCardSvr)
SRV - [2011/03/30 13:07:14 | 003,229,784 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\netsession_win_a35e6b9.dll -- (Akamai)
SRV - [2010/04/28 14:30:35 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/22 17:19:32 | 000,151,552 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe -- (bepldr)
SRV - [2004/05/17 15:33:10 | 000,106,557 | ---- | M] () [Auto | Stopped] -- C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2004/05/17 15:32:38 | 000,053,313 | ---- | M] () [Auto | Stopped] -- C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004/02/28 03:30:34 | 000,020,548 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - [2008/04/14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 17:10:28 | 000,057,600 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\redbook.sys -- (redbook)
DRV - [2004/06/02 19:40:46 | 000,079,360 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/05/16 23:00:54 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/05/16 23:00:52 | 000,033,280 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/04/02 00:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/07/24 13:52:26 | 000,998,004 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2002/07/19 10:48:32 | 000,156,604 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2002/07/19 10:48:22 | 000,213,860 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2002/07/19 10:48:08 | 000,011,068 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2002/07/19 10:48:04 | 000,195,432 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2002/07/19 10:47:52 | 000,837,548 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2002/07/19 10:46:28 | 000,127,948 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2001/08/17 05:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/05 17:43:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/23 04:05:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/23 04:05:38 | 000,000,000 | ---D | M]

[2011/04/11 20:27:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/20 22:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

Hosts file not found
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O4 - HKLM..\Run: [Jet Detection] C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WINDVDPatch] C:\WINDOWS\System32\CTHELPER.EXE (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/04/28 14:17:28 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2010/01/05 15:41:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/11 20:23:53 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/11 20:23:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Revo Uninstaller
[2011/04/11 20:15:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/11 20:14:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/11 19:57:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/11 19:56:49 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/11 19:56:44 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/11 15:39:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/04/11 15:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\anti spyware stuff
[2011/04/11 15:38:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Rkill stuff
[2011/04/11 15:38:26 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2011/04/11 15:38:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2011/04/11 15:38:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2011/04/11 15:38:12 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2011/04/11 15:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup
[2011/04/11 15:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu
[2011/04/11 15:38:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Templates
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\PrintHood
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\NetHood
[2011/04/11 15:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2011/04/11 15:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents
[2011/04/11 15:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2011/04/11 15:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Favorites
[2011/04/11 15:38:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop
[2011/03/18 11:32:34 | 000,000,000 | ---D | C] -- C:\commy5779c
[2010/08/21 22:50:15 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/04/12 21:59:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 21:58:29 | 000,029,676 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000009-00001102-00000002-80651102}.rfx
[2011/04/12 21:58:29 | 000,029,676 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000009-00001102-00000002-80651102}.rfx
[2011/04/12 21:58:29 | 000,017,108 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.rfx
[2011/04/12 21:58:29 | 000,017,108 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000009-00001102-00000002-80651102}.rfx
[2011/04/12 21:58:29 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/12 21:58:29 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/12 21:58:29 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
[2011/04/12 21:58:29 | 000,000,024 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
[2011/04/12 21:42:08 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/12 20:59:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/12 16:07:37 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/12 16:07:37 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/04/11 20:23:53 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/04/11 19:54:41 | 000,015,218 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\yth666jq165614i6ki
[2011/04/11 19:48:46 | 004,318,978 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
[2011/04/11 19:45:16 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/11 16:03:45 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/11 15:01:08 | 003,374,149 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80651102}.CDF
[2011/04/11 15:01:08 | 003,374,149 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80651102}.BAK
[2011/04/10 23:08:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 14:14:19 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/04/09 14:41:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/03 00:01:42 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/03/22 17:45:19 | 000,016,080 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\s744qe51d1d0r27pd42h21mhg08qn22
[2011/03/21 15:57:19 | 000,013,470 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\um5i483t2c842pqq0864k5vxp4wv25e6n7r0tjyvcirn6
[2011/03/20 15:13:03 | 000,004,682 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\24n5l270a1daj5c70b7ii
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\qrn.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\jjf.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\iow.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\iba.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\ahh.exe
[2011/03/20 02:50:43 | 000,002,630 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
[2011/03/18 11:32:11 | 000,015,138 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\471u03t17unuhi5e0awl4f

========== Files Created - No Company Name ==========

[2011/04/11 20:23:53 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Revo Uninstaller.lnk
[2011/04/11 19:56:51 | 004,318,978 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\Combo-Fix.exe
[2011/04/11 15:38:42 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/04/11 15:38:12 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
[2011/04/11 15:38:12 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
[2011/04/11 15:04:57 | 000,015,218 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\yth666jq165614i6ki
[2011/03/22 17:43:15 | 000,016,080 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\s744qe51d1d0r27pd42h21mhg08qn22
[2011/03/21 14:43:15 | 000,013,470 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\um5i483t2c842pqq0864k5vxp4wv25e6n7r0tjyvcirn6
[2011/03/20 15:10:15 | 000,004,682 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\24n5l270a1daj5c70b7ii
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\qrn.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\jjf.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iow.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\iba.exe
[2011/03/20 15:10:15 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\ahh.exe
[2011/03/20 02:48:53 | 000,002,630 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\8q1gjv45b1b2ny58w4voq16g4u2
[2011/03/18 10:54:03 | 000,015,138 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\471u03t17unuhi5e0awl4f
[2011/03/11 17:22:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/11 17:22:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/11 17:22:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/11 17:22:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/11 17:22:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/11 01:53:29 | 000,015,558 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\449590952
[2010/11/06 02:17:53 | 000,118,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/10/29 10:29:08 | 000,038,480 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/21 22:50:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
[2010/08/21 22:50:28 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000009-00001102-00000002-80651102}.dat
[2010/08/21 22:50:16 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2010/08/21 22:50:16 | 000,179,669 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2010/08/21 22:50:16 | 000,164,044 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2010/08/21 22:50:16 | 000,113,373 | ---- | C] () -- C:\WINDOWS\System32\ctbasicw.dat
[2010/08/21 22:50:16 | 000,113,273 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2010/08/21 22:50:16 | 000,044,055 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2010/08/21 22:50:16 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2010/08/21 22:50:15 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2010/08/21 22:50:15 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2010/08/09 07:53:54 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xqafasaxogapogax.dat
[2010/08/09 07:53:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Txufinaqafot.bin
[2010/07/25 04:56:50 | 000,033,193 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2010/06/04 11:07:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/01 21:53:51 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/01/11 02:13:49 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/07 02:02:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/01/07 01:35:41 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2010/01/05 16:35:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2010/01/05 16:35:41 | 000,000,128 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2010/01/05 16:35:40 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2010/01/05 16:35:22 | 000,037,727 | ---- | C] () -- C:\WINDOWS\System32\Emu10kx.ini
[2010/01/05 16:35:22 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010/01/05 16:16:43 | 000,099,873 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010/01/05 16:06:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/01/05 15:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/05 15:43:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/01/05 15:39:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/01/05 07:35:25 | 000,057,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\redbook.sys
[2010/01/05 07:34:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/01/05 07:33:34 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/13 21:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2006/12/30 23:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,432,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,067,312 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >

descriptionRemoved XP Security 2011 but can't open or run anything EmptyRe: Removed XP Security 2011 but can't open or run anything13th April 2011, 5:52 am

more_horiz
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.

descriptionRemoved XP Security 2011 but can't open or run anything EmptyRe: Removed XP Security 2011 but can't open or run anything13th April 2011, 5:49 pm

more_horiz
DragonMaster Jay wrote:
Please visit this webpage for a tutorial on downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

See the area: Using ComboFix, and when done, post the log back here.


When I try to run it it takes me to the "Choose a program you want to use to open this file." So I am unable to run it.

descriptionRemoved XP Security 2011 but can't open or run anything EmptyRe: Removed XP Security 2011 but can't open or run anything13th April 2011, 6:01 pm

more_horiz
We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.
  • Place a blank CD-R disc in to your CD burning drive.
  • Download OTLPEStd.exe and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings
    • Change Drivers to Non-Microsoft
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\_OTL\MovedFiles
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.

descriptionRemoved XP Security 2011 but can't open or run anything EmptyRe: Removed XP Security 2011 but can't open or run anything13th April 2011, 11:45 pm

more_horiz
Hi jay, I tried to run combofix in safe mode under my normal user status and I ran into the same problem. However I was able to run it when I logged into the administrator. I didn't proceed though and I canceled when the disclaimer screen came up. The administrator desktop is empty compared to my normal desktop. Should I run combofix there or should I go with the creating boot cd option?

Thanks.

descriptionRemoved XP Security 2011 but can't open or run anything EmptyRe: Removed XP Security 2011 but can't open or run anything14th April 2011, 9:35 am

more_horiz
Let's go with the boot cd.

descriptionRemoved XP Security 2011 but can't open or run anything EmptyRe: Removed XP Security 2011 but can't open or run anything

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum