There is a possible Maxss infection there
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18810
O3 - HKU\S-1-5-21-2773036655-1795469504-3343648015-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2773036655-1795469504-3343648015-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-2773036655-1795469504-3343648015-1000..\Run: [fBdepykqaJJTx.exe] C:\ProgramData\fBdepykqaJJTx.exe File not found
[2011/10/19 14:57:05 | 000,000,240 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011/10/19 14:57:05 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011/10/19 14:56:58 | 000,000,448 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011/05/31 21:29:11 | 000,008,686 | -HS- | C] () -- C:\Users\Christopher\AppData\Local\060a0lgv5xri3o0
[2011/05/31 21:29:11 | 000,008,686 | -HS- | C] () -- C:\ProgramData\060a0lgv5xri3o0
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Users\Christopher\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Users\Christopher\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2010/11/12 15:15:50 | 000,254,976 | ---- | M] () MD5=976A1B76A7D2A6CB184D63CB0500E8DC -- C:\Users\Christopher\AppData\Local\Temp\RarSFX5\procs\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Christopher\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Christopher\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2005/08/16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Christopher\AppData\Local\Temp\RarSFX5\h\explorer.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Christopher\AppData\Local\Temp\RarSFX0\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Christopher\AppData\Local\Temp\RarSFX4\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Christopher\AppData\Local\Temp\RarSFX5\userinit.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Christopher\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Christopher\AppData\Local\Temp\RarSFX4\winlogon.exe
[2009/05/26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Christopher\AppData\Local\Temp\RarSFX5\winlogon.exe
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptyjava]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the
Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the
Quick Scan button. Post the log it produces in your next reply.
THEN
Do the following:
[*]Click on the Start button and then choose Control Panel.
[*]Click on the System and Security link.
Note: If you’re viewing the Large icons or Small icons view of Control Panel, you won’t see this link so just click on the Administrative Tools icon and skip to Step 4.
[*]In the System and Security window, click on the Administrative Tools heading located near the bottom of the window.
[*]In the Administrative Tools window, double-click on the Computer Management icon.
[*]When Computer Management opens, click on Disk Management on the left side of the window, located under Storage.
After a brief loading period, Disk Management should now appear on the right side of the Computer Management window.
Note: If you don’t see Disk Management listed, you may need to click on the |> icon to the left of the Storage icon.
Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.