Solved Path not found to taskmgr.exe

The dmp file I analysed was dated 05/03/2012 09:52 Driver_irql_not_less caused by athrusb.sys

Herewith autorun output:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "ArcSoft Connection Service" "ArcSoft Connect Daemon" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acdaemon.exe"
+ "HotkeyApp" "HotkeyApp" "Wistron" "c:\program files\launch manager\hotkeyapp.exe"
+ "HP Software Update" "hpwuSchd Application" "Hewlett-Packard" "c:\program files\hp\hp software update\hpwuschd2.exe"
+ "LaunchAp" "LaunchAp MFC Application" "" "c:\program files\launch manager\launchap.exe"
+ "LMgrOSD" "OSD MFC Application" "Wistron Corp." "c:\program files\launch manager\osd.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "NvCplDaemon" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
+ "NvMediaCenter" "NVIDIA Media Center Library" "NVIDIA Corporation" "c:\windows\system32\nvmctray.dll"
+ "NvSvc" "NVIDIA Driver Helper Service, Version 97.59" "NVIDIA Corporation" "c:\windows\system32\nvsvc.dll"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "RegTool" "RegTool MFC Application" "" "c:\program files\gemalto\classic client\bin\regtool.exe"
+ "RtHDVCpl" "HD Audio Control Panel" "Realtek Semiconductor" "c:\windows\rthdvcpl.exe"
+ "SunJavaUpdateSched" "Java(TM) Update Scheduler" "Sun Microsystems, Inc." "c:\program files\common files\java\java update\jusched.exe"
+ "SynTPEnh" "Synaptics TouchPad Enhancements" "Synaptics, Inc." "c:\program files\synaptics\syntp\syntpenh.exe"
+ "Wbutton" "WButton MFC Application" "" "c:\program files\launch manager\wbutton.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce" "" "" ""
+ "AvgUninstallURL" "" "" "File not found: start"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Ralink Wireless Utility.lnk" "RaUI MFC Application" "Ralink Technology, Corp." "c:\program files\ralink\common\raui.exe"
+ "WinZip Quick Pick.lnk" "WinZip Executable" "WinZip Computing LP" "c:\program files\winzip\wzqkpick.exe"
+ "WP Link.lnk" "" "" "c:\program files\phrs\libman.exe"
"C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "OpenOffice.org 3.3.lnk" "" "" "c:\program files\openoffice.org 3\program\quickstart.exe"
+ "Run POPFile.lnk" "Enhanced front-end for POPFile starter program" "The POPFile Project" "c:\program files\popfile\runpopfile.exe"
+ "wkcalrem.LNK" "Microsoft® Works Calendar Reminder Service" "Microsoft® Corporation" "c:\program files\common files\microsoft shared\works shared\wkcalrem.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Sidebar" "Windows Sidebar" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "Skype" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "WMPNSCFG" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "skype-ie-addon-data" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "DefragglerShellExtension" "DefragglerShell" "Piriform Ltd" "c:\program files\defraggler\defragglershell.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "GpgEX" "" "" "c:\program files\gnu\gnupg\gpgex.dll"
+ "QuickShadow" "Windows Explorer Context Menu" "QuicklyTech Pty Ltd" "c:\program files\quicklytech\qscontextmenu32.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "GpgEX" "" "" "c:\program files\gnu\gnupg\gpgex.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "FileZilla3CopyHook" "fzshellext Dynamic Link Library" "" "c:\program files\filezilla ftp client\fzshellext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "NvCplDesktopContext" "NVIDIA Display Properties Extension" "NVIDIA Corporation" "c:\windows\system32\nvcpl.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
+ "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" "" "OpenOffice.org" "c:\program files\openoffice.org 3\basis\program\shlxthdl\shlxthdl.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "DefragglerShellExtension" "DefragglerShell" "Piriform Ltd" "c:\program files\defraggler\defragglershell.dll"
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinZip" "WinZip Shell Extension DLL" "WinZip Computing LP" "c:\program files\winzip\wzshlstb.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "Java(tm) Plug-In 2 SSV Helper" "Java(TM) Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Java(tm) Plug-In SSV Helper" "Java(TM) Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
+ "Skype Browser Helper" "Skype Click to Call for Internet Explorer" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"Task Scheduler" "" "" ""
+ "\Apple\AppleSoftwareUpdate" "Apple Software Update" "Apple Inc." "c:\program files\apple software update\softwareupdate.exe"
+ "\HpWebReg.exe" "WebRegistrationApp" "Hewlett-Packard Co." "c:\program files\hp\hp deskjet 1050 j410 series\bin\hpwebreg.exe"
+ "\Installation App Launcher" "" "" "File not found: C:\Program Files\Lexmark 3600-4600 Series\ezprint.exe"
+ "\Microsoft\Microsoft Antimalware\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\QS32" "QuickShadow Backup" "QuicklyTech Pty Ltd" "c:\program files\quicklytech\quickshadow.exe"
+ "\{5875027A-E1C7-4CDB-96A1-FABF4E22A7D7}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
+ "\{73554CCA-5AF3-4572-8B90-A8542050FB92}" "Skype " "Skype Technologies S.A." "c:\program files\skype\phone\skype.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ACDaemon" "ArcSoft Connect Service" "ArcSoft Inc." "c:\program files\common files\arcsoft\connection service\bin\acservice.exe"
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\armsvc.exe"
+ "atashost" "WebEx Support Center." "WebEx Communications, Inc." "c:\windows\system32\atashost.exe"
+ "DirMngr" "" "" "c:\program files\gnu\gnupg\dirmngr.exe"
+ "GslShmSrvc" "Classic Client SHM Service" "Gemalto" "c:\program files\gemalto\classic client\bin\gslshmsrvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files\google\update\googleupdate.exe"
+ "LightScribeService" "Used by the LightScribe software components to support 3rd party disc labeling applications using the LightScribe COM Application Programming Interface (LSCAPI). This service needs to run for LightScribe direct disc labeling to work." "Hewlett-Packard Company" "c:\program files\common files\lightscribe\lssrvc.exe"
+ "MsMpSvc" "Helps protect users from malware and other potentially unwanted software" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\msmpeng.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\antimalware\nissrv.exe"
+ "Pml Driver HPZ12" "PmlDrv Module" "Hewlett-Packard" "c:\windows\system32\hpzipm12.dll"
+ "RalinkRegistryWriter" "RalinkRegistryWriter" "Ralink Technology, Corp." "c:\program files\ralink\common\raregistry.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WisLMSvc" "" "Wistron Corp." "c:\program files\launch manager\wislmsvc.exe"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "Afc" "Arcsoft(R) ASPI Shell" "Arcsoft, Inc." "c:\windows\system32\drivers\afc.sys"
+ "athrusb" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athrusb.sys"
+ "athrusb6" "Atheros Extensible Wireless LAN device driver" "Atheros Communications, Inc." "c:\windows\system32\drivers\athru6.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "catchme" "" "" "File not found: C:\Users\User\AppData\Local\Temp\catchme.sys"
+ "E1G60" "Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "FETNDIS" "NDIS 5.0 miniport driver" "VIA Technologies, Inc. " "c:\windows\system32\drivers\fetnd5.sys"
+ "GemCCID" "USB Smart Card Reader Driver" "Gemalto" "c:\windows\system32\drivers\gemccid.sys"
+ "GemPCExp" "" "" "File not found: System32\Drivers\GemPCExp.sys"
+ "Hotkey" "" "" "c:\windows\system32\drivers\hotkey.sys"
+ "IntcAzAudAddService" "Realtek(r) High Definition Audio Function Driver" "Realtek Semiconductor Corp." "c:\windows\system32\drivers\rtkvhda.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "mailKmd" "" "" "File not found: C:\Windows\System32\Drivers\mailKmd.sys"
+ "moufiltr" "Mouse Filter Driver" "Chic" "c:\windows\system32\drivers\moufiltr.sys"
+ "netr28u" "Ralink 802.11n Wireless Adapter Driver" "Ralink Technology Corp." "c:\windows\system32\drivers\netr28u.sys"
+ "NtiEnc" "Ninja Driver" "NewTech Infosystems" "c:\windows\system32\drivers\ntienc.sys"
+ "NVENETFD" "NVIDIA MCP Networking Function Driver." "NVIDIA Corporation" "c:\windows\system32\drivers\nvmfdx32.sys"
+ "nvlddmkm" "NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.59 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvsmu" "NVIDIA® nForce(TM) SMU Microcontroller Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvsmu.sys"
+ "nvstor" "NVIDIA® nForce(TM) Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "nvstor32" "NVIDIA® nForce(TM) Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor32.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "R300" "ATI Radeon Kernel Mode Driver" "ATI Technologies Inc." "c:\windows\system32\drivers\atikmdag.sys"
+ "rimmptsk" "RICOH MMC Driver" "REDC" "c:\windows\system32\drivers\rimmptsk.sys"
+ "rimsptsk" "RICOH MS Driver" "REDC" "c:\windows\system32\drivers\rimsptsk.sys"
+ "rismxdp" "RICOH XD SM Driver" "REDC" "c:\windows\system32\drivers\rixdptsk.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SNP2UVC" "USB2.0 PC Camera driver" "" "c:\windows\system32\drivers\snp2uvc.sys"
+ "SynTP" "Synaptics Touchpad Driver" "Synaptics, Inc." "c:\windows\system32\drivers\syntp.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "VIDC.IV31" "" "Intel(R) Corporation" "c:\windows\system32\ir32_32.dll"
+ "VIDC.IV32" "" "Intel(R) Corporation" "c:\windows\system32\ir32_32.dll"
+ "VIDC.IV41" "Intel Indeo(R) Video Interactive 32-bit Driver" "Intel(R) Corporation" "c:\windows\system32\ir41_32.dll"
+ "VIDC.YVU9" "" "" "c:\windows\system32\iyvu9_32.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Audio Destination" "WAVDest Filter (Sample)" "Microsoft Corporation" "c:\program files\google\google earth\client\wavdest.ax"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "HP 8911 Status Monitor" "Print Status Language Monitor" "Hewlett-Packard Co." "c:\windows\system32\hpinksts8911lm.dll"
+ "PCL hpz3llhn" "LanguageMonitor" "Hewlett-Packard Company" "c:\windows\system32\hpz3llhn.dll"

regards
jsm
 
Re-run Autoruns.

Scroll down to:
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce"
Un-check:
+ "AvgUninstallURL"

Scroll down to:
"Task Scheduler"
Un-check:
+ "\Installation App Launcher"
+ "\HpWebReg.exe"

Scroll down to:
"HKLM\System\CurrentControlSet\Services"
Un-check:
+ "NwlnkFwd"
+ "NwlnkFlt"
+ "mailKmd"
+ "catchme"

Restart computer.
Same issue?
 
Re-run autoruns as administrator and unchecked as instructed.
Reboot and no O/S demands so far. Going to bed now (22:30) so will check first thing in morning and report.
Regards
stuart mckenzie
 
Good :)

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/

==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
):):
Unfortunately woke up this morning to find BLSOD. There appears to be disk activity but not in an obvious loop i.e. the disk light is flashing randomly rather than in a pattern or constantly on. The mouse icon is live and responds to movement but the screen is entirely black and pressing windows key, esc or trying ctrl alt del are all of no avail.
I appreciate you do not come on line until p.m. our time so will leave laptop in this condition in the hope you can advise how we can investigate and obtain useful info. This means I will not move on to the instructions contained in your last two posts until you so advise.

Pity - I thought all your hard work was bearing fruit!
Regards
stuart mckenzie
 
Ksod

As there was no blue screen involved i.e. the m/c was still working, there was no crash and no .dmp file to analyse ):
I checked and the minidmp list in blue screenview confirmed the last dmp was the athrusb.sys one.

Is there any other way to get further info on the black sceen or shall I just carry on with your cleanup instructions?
regards
jsm
 
BLSOD was my name for black screen of death (which others I think have dubbed KSOD). Sorry if I was confusing.
jsm
 
cleaning up

Using your list and commenting as we go. Several funnies and errors.




Broni said:
Good :)

Update Adobe Flash Player
Download the Latest Adobe Flash for Firefox and IE Without Any Extras: http://www.404techsupport.com/2010/...-flash-for-firefox-and-ie-without-any-extras/
DONE
==================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.


DONE

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

DONE]


If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

CHECKED OK

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

AFAIK NO TROJANS EVER LISTED IN ALL THE PROCEDURES AND THIS COMPUTER NOT USED IN LAST 3 MONTHS FOR ANYTHING EXCEPT EMAIL AND BROWSING


5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.



ERROR - TRIED 3 DOWNLOADS AND ALL FAILED WITH WOTx86.DLL NOT FOUND IN CAB

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

RAN NOW WITHOUT ERRORS

7. Run Temporary File Cleaner (TFC) weekly.

RAN NOW AND REBOOTED


8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

PROBLEMS WITH SOMEUPDATES ADOBE READER, QUICKTIME FAILED WITH NO PERMISSION FOR msi DIRECTORY WHETHER RUN AS USER OR ADMINISTRATOR. BUT FULL CONTROL IS SET FOR THAT DIRECTORY - I HAVE CHECKED DOZENS OF TIMES!




9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.



DOWNLOADED AND WILL TRY LATER


10. (Windows XP only) Run defrag at your convenience.



VISTA


11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

ALWAYS!


12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

READ. ALL GOOD ADVICE WHICH I HAVE ALWAYS FOLLOWED AND TRIED TO INSTILL IN MY WIFE AND OTHERS


13. Please, let me know, how your computer is doing.
Click to expand...

I will certainly keep you updated - do I start a new thread to do so or email direct?
I would like to take this opportunity of expressing my sincere thanks as an aging pensioner for all the help you have given me. Despite a long career in computing malware is not a strong point as I am a RSTS expert and latterly most work was carried out on UNIX variants such as TRU-UNIX or SCO-UNIX and even UBUNTU.
Thus the help of an expert in Microsoft opsys is MOST welcome.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
2K
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
3K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
3K
adidaman27
A

Latest posts

Back