Can Ping websites but IE and Chrome not working

peeeewe

Hey all,
Have Internet Security 2010. Removed it but not my browsers will not work.

I tried the solution here but still no joy
http://boards.ie/vbulletin/showthread.php?t=2055811290

ASJ112

hi

Please download DDS and save it to your desktop.

• Disable any script blocking protection
• Double click dds.pif to run the tool.
• When done, two DDS.txts will open.
• Save both reports to your desktop.

---

Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.

peeeewe

Thanks for your help.

Attach


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 19/05/2008 22:05:26
System Uptime: 02/03/2010 11:03:10 (-639 hours ago)

Motherboard: Acer, Inc. | | Chapala
Processor: Intel(R) Core(TM)2 Duo CPU T5750 @ 2.00GHz | U2E1 | 1667/166mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 111 GiB total, 86.834 GiB free.
is FIXED (NTFS) - 108 GiB total, 107.601 GiB free.
E: is Removable
F: is CDROM ()
G: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0007
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0007
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0011
Manufacturer: Microsoft
Name: isatap.{22606485-CC6E-450F-9613-0C61CE050BF6}
PNP Device ID: ROOT\*ISATAP\0011
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Broadcom NetLink (TM) Gigabit Ethernet
Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&1D1097F2&0&00E5
Manufacturer: Broadcom
Name: Broadcom NetLink (TM) Gigabit Ethernet
PNP Device ID: PCI\VEN_14E4&DEV_1693&SUBSYS_01211025&REV_02\4&1D1097F2&0&00E5
Service: b57nd60x

==== System Restore Points ===================

RP157: 03/02/2010 11:25:19 - Removed Vodafone Mobile Connect Lite Huawei.

==== Installed Programs ======================

2007 Microsoft Office Suite Service Pack 1 (SP1)
Acer Arcade Deluxe
Acer Crystal Eye webcam
Acer eAudio Management
Acer eDataSecurity Management
Acer eLock Management
Acer Empowering Technology
Acer eNet Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GameZone Console 2.0.1.1
Acer GridVista
Acer Mobility Center Plug-In
Acer ScreenSaver
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player ActiveX
Adobe Reader 8.1.0
Agatha Christie Death on the Nile
Alice Greenfingers
Azada
Backspin Billiards
Big Kahuna Reef
Bookworm Deluxe
Bricks of Egypt
Broadcom Gigabit Integrated Controller
Cake Mania
Chicken Invaders 3
Chuzzle
Diner Dash Flo on the Go
Flip Words 2
GearDrvs
Google Chrome
Google Talk Plugin
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Jewel Quest Solitaire
Kick N Rush
Launch Manager
LightScribe 1.4.142.1
LiveUpdate (Symantec Corporation)
Mahjong Escape Ancient China
Mahjongg Artifacts
Malwarebytes' Anti-Malware
MediaBar 2.0
Microsoft .NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
Nowe Gadu-Gadu
NTI Backup NOW! 4.7
NTI CD & DVD-Maker
Orion
PowerProducer
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Synaptics Pointing Device Driver
Trend Micro RUBotted
Turbo Pizza
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
Vodafone Mobile Connect Lite Huawei
Winbond CIR Drivers
Yahoo! Toolbar
Zuma Deluxe

==== Event Viewer Messages From Past Week ========

31/01/2010 20:19:05, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
31/01/2010 17:50:02, Error: Service Control Manager [7034] - The Symantec Lic NetConnect service service terminated unexpectedly. It has done this 1 time(s).
31/01/2010 17:50:02, Error: Service Control Manager [7034] - The LiveUpdate Notice service terminated unexpectedly. It has done this 1 time(s).
31/01/2010 17:50:02, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
31/01/2010 17:50:02, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
31/01/2010 17:49:46, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ccEvtMgr service.
30/01/2010 20:30:21, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Symantec Core LC service.
27/01/2010 18:33:43, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
27/01/2010 18:33:21, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
27/01/2010 07:50:22, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{22606485-CC6E-450F-9613-0C61CE050BF6} because another computer on the network has the same name. The server could not start.
03/02/2010 09:41:04, Error: Service Control Manager [7034] - The ALaunch Service service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================


DSS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Presutto at 20:00:48.50 on 03/02/2010
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.353.1033.18.2038.1007 [GMT 0:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Acer\ALaunch\ALaunchSvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
C:\Users\Presutto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Acer\Empowering Technology\eNet\eNet Service.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Presutto\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
E:\dds.com
C:\Windows\system32\conime.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ie/
mStart Page = hxxp://en.ie.acer.yahoo.com
mDefault_Page_URL = hxxp://en.ie.acer.yahoo.com
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - c:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\presutto\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [eAudio] "c:\acer\empowering technology\eaudio\eAudio.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [eRecoveryService]
mRun: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
StartupFolder: c:\users\presutto\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\play movie\000.fcl [2008-5-19 41456]
R2 ALaunchService;ALaunch Service;c:\acer\alaunch\ALaunchSvc.exe [2008-3-13 51200]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-2-2 582992]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-3-13 24576]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
R3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\TMPassthru.sys [2010-2-2 206608]
R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\drivers\winbondcir.sys [2008-3-13 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-3-13 179712]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\windows\system32\drivers\TMPassthru.sys [2010-2-2 206608]

=============== Created Last 30 ================

2010-02-03 09:41:04 0 d

---

w- C:\_OTL
2010-02-02 19:08:45 0 d

---

w- c:\programdata\2D116
2010-02-02 18:54:10 206608 ----a-w- c:\windows\system32\drivers\TMPassthru.sys
2010-02-02 18:54:09 0 d

---

w- c:\program files\Trend Micro
2010-02-02 18:51:13 0 d

---

w- c:\programdata\D3C6
2010-02-02 18:42:39 0 d

---

w- c:\users\presutto\appdata\roaming\Malwarebytes
2010-02-02 18:42:38 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 18:42:36 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 18:42:35 0 d

---

w- c:\programdata\Malwarebytes
2010-02-02 18:42:35 0 d

---

w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 16:34:10 0 d

---

w- c:\programdata\A110
2010-02-02 15:02:24 0 d

---

w- c:\programdata\182DB
2010-02-02 13:24:52 0 d

---

w- c:\programdata\341D8
2010-02-01 22:50:57 0 d

---

w- c:\programdata\3910F
2010-01-28 18:29:32 0 d

---

w- c:\programdata\20E4
2010-01-27 18:33:47 0 d

---

w- c:\programdata\2F17B
2010-01-25 14:28:06 0 d

---

w- c:\programdata\6364
2010-01-25 11:35:01 0 d

---

w- c:\programdata\129F
2010-01-24 13:36:35 0 d

---

w- c:\programdata\23237
2010-01-23 16:47:24 0 d

---

w- c:\programdata\18CC
2010-01-22 23:02:54 0 d

---

w- c:\programdata\36265
2010-01-22 20:55:26 0 d

---

w- c:\programdata\193E2
2010-01-22 17:59:27 0 d

---

w- c:\programdata\1B184
2010-01-22 11:20:07 0 d

---

w- c:\programdata\7164
2010-01-20 17:57:19 0 d

---

w- c:\programdata\13218
2010-01-20 15:17:24 0 d

---

w- c:\programdata\1814C
2010-01-19 22:48:23 0 d

---

w- c:\programdata\1719D
2010-01-19 13:35:59 0 d

---

w- c:\programdata\3BBD
2010-01-19 10:46:12 0 d

---

w- c:\programdata\C180
2010-01-18 18:50:52 0 d

---

w- c:\programdata\342B2
2010-01-18 15:59:42 0 d

---

w- c:\programdata\2A2D0
2010-01-18 14:56:42 0 d

---

w- c:\programdata\2A2C5
2010-01-18 11:24:39 0 d

---

w- c:\programdata\271F4
2010-01-17 18:00:16 0 d

---

w- c:\programdata\101AD
2010-01-17 09:41:08 0 d

---

w- c:\programdata\678
2010-01-15 14:43:30 0 d

---

w- c:\programdata\1E4C
2010-01-15 09:43:03 0 d

---

w- c:\programdata\3337
2010-01-14 20:18:27 0 d

---

w- c:\programdata\1B57
2010-01-14 15:08:34 0 d

---

w- c:\programdata\229D
2010-01-13 22:28:29 0 d

---

w- c:\programdata\1D55
2010-01-13 18:10:40 0 d

---

w- c:\programdata\28259
2010-01-13 14:30:32 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-13 14:30:32 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 14:20:45 0 d

---

w- c:\programdata\2D14F
2010-01-13 10:24:03 0 d

---

w- c:\programdata\3364
2010-01-12 22:11:43 0 d

---

w- c:\programdata\2B3A8
2010-01-12 14:20:09 0 d

---

w- c:\programdata\92F4
2010-01-11 22:03:34 0 d

---

w- c:\programdata\22BC
2010-01-11 18:22:05 0 d

---

w- c:\programdata\53B7
2010-01-11 13:35:20 0 d

---

w- c:\programdata\1455
2010-01-10 19:40:58 0 d

---

w- c:\programdata\3AFA
2010-01-10 10:59:35 0 d

---

w- c:\programdata\232A1
2010-01-09 14:50:43 0 d

---

w- c:\programdata\2B19B
2010-01-09 10:02:37 0 d

---

w- c:\programdata\231CE
2010-01-07 18:27:17 0 d

---

w- c:\programdata\1145
2010-01-07 11:48:28 0 d

---

w- c:\programdata\1B3DB
2010-01-06 19:23:01 0 d

---

w- c:\programdata\03DD
2010-01-06 14:31:12 0 d

---

w- c:\programdata\C213
2010-01-05 19:35:54 0 d

---

w- c:\programdata\36173
2010-01-05 15:10:19 0 d

---

w- c:\programdata\131F9

==================== Find3M ====================

2010-02-03 11:21:26 86016 ----a-w- c:\windows\inf\infstor.dat
2010-02-03 11:21:26 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-03 11:21:26 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-01 22:55:09 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-02-01 22:55:09 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-02-01 22:55:09 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-12-18 13:05:50 833024 ----a-w- c:\windows\system32\wininet.dll
2009-12-18 13:01:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-18 10:14:30 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 13:22:34 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 13:20:16 31232 ----a-w- c:\windows\system32\httpapi.dll
2008-12-14 10:58:35 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 20:01:15.43 ===============

ASJ112

hi

Please download OTM

• Save it to your desktop.
• Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
• Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Processes
  
  :Services
  
  :Reg
  
  :Files
  c:\programdata\2D116
  c:\programdata\D3C6
  c:\programdata\A110
  c:\programdata\182DB
  c:\programdata\341D8
  c:\programdata\3910F
  c:\programdata\20E4
  c:\programdata\2F17B
  c:\programdata\6364
  c:\programdata\129F
  c:\programdata\23237
  c:\programdata\18CC
  c:\programdata\36265
  c:\programdata\193E2
  c:\programdata\1B184
  c:\programdata\7164
  c:\programdata\13218
  c:\programdata\1814C
  c:\programdata\1719D
  c:\programdata\3BBD
  c:\programdata\C180
  c:\programdata\342B2
  c:\programdata\2A2D0
  c:\programdata\2A2C5
  c:\programdata\271F4
  c:\programdata\101AD
  c:\programdata\678
  c:\programdata\1E4C
  c:\programdata\3337
  c:\programdata\1B57
  c:\programdata\229D
  c:\programdata\1D55
  c:\programdata\28259
  c:\programdata\2D14F
  c:\programdata\3364
  c:\programdata\2B3A8
  c:\programdata\92F4
  c:\programdata\22BC
  c:\programdata\53B7
  c:\programdata\1455
  c:\programdata\3AFA
  c:\programdata\232A1
  c:\programdata\2B19B
  c:\programdata\231CE
  c:\programdata\1145
  c:\programdata\1B3DB
  c:\programdata\03DD
  c:\programdata\C213
  c:\programdata\36173
  c:\programdata\131F9
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [Reboot]
  

• Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
• Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

• Click NO
• In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is Unchecked.
• Now click the Scan button.
  Once the scan is complete, you may receive another notice about rootkit activity.
• Click OK.
• GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
• Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.