Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Firefox Hijacked

(In Progress)
(!)

sonicdog13's Avatar
sonicdog13 sonicdog13 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
13-Oct-2011, 10:09 PM #1
Unhappy Firefox Hijacked
Help. 3 days ago my computer was taken over. Unfortunately i know just enough about computers to be dangerous so i tried multiple times to down load AVG and a few other antivirus programs but could not get any to load properly or would open then not run properly. Also the Firefox and Internet explorer google search are hijacked and now after running Uniblue Registry Booster i cant even get online with IE only with Firefox. I was not able to get hyjack this to load complete it would open and start to scan but shut down and i cant reopen, it tells me i may not have appropriate permissions to access just like the antivirus programs (tried multiple times) same with the GMER but was able to get some file (see below). So its a mess and need help it seems many other have the same type of problems so i hope you can help me and my comp. All info i was able to get is below and attached. Thank You

Tech Support Guy System Info Utility version 1.0.0.1
OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz, x86 Family 6 Model 14 Stepping 8
Processor Count: 1
RAM: 1013 Mb
Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
Hard Drives: C: Total - 95142 MB, Free - 61761 MB;
Motherboard: Intel Corporation, MPAD-MSAE Customer Reference Boards, Not Applicable, Not Applicable
Antivirus: PC Cleaners, Updated: Yes, On-Demand Scanner: Disabled
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,209 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
14-Oct-2011, 06:13 PM #2
Do the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2
  • Ensure that Combofix is saved directly to the Desktop <--- Very important

    Before saving Combofix to the Desktop re-name to Gotcha.exe as below:



  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
  • Instructions for running Combofix available Here if required.
  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin
sonicdog13's Avatar
sonicdog13 sonicdog13 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
17-Oct-2011, 01:34 PM #3
Ty Kevin
Ok fallowed your instructions as best as was allowed by my computer. For some reason it would not let me chose where to put it or rename it until after it was in my downloads. I did run it and seemed to fix most problems but it could not load the RECOVERY CONSOLE. I still cant run Internet Explorer and dos not seem to allow automatic downloads from windows. The files are attached i ran it 2 times (hope that's ok) Also can you suggest a good antivirus to help me protect my computer from problems in the future

Thank You
Dale
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,209 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-Oct-2011, 03:58 PM #4
I need to see the log from the first run of Combofix, also let me see the contents of CF`s quarantine folder. they are contained in the following folders:

C:\Qoobox\ComboFix-quarantined-files.txt
C:\Qoobox\ComboFix3.txt

Please copy and paste the logs to your reply, do not attach them. Next,

Please perform the following scan:
  • Download DDS by sUBs from one of the following links.* Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool.* *
  • When done, DDS will open two (2) logs
    * * * * *1. DDS.txt
    * * * * *2. Attach.txt
  • Save both reports to your desktop.
  • The instructions here ask you to attach the Attach.txt.

    *
  • Instead of attaching, please copy/past both logs into your next reply.
  • Close the program window, and delete the program from your desktop.
Please note:* You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.*
Information on A/V control HERE

Kevin
sonicdog13's Avatar
sonicdog13 sonicdog13 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
17-Oct-2011, 05:51 PM #5
ok here you go
Once again thank you for your help

2011-10-15 20:12:27 . 2011-10-15 20:12:27 332 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-WgaLogon.reg.dat
2011-10-15 19:30:46 . 2011-10-15 19:30:46 218 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\_383419318_.zip
2011-10-15 19:28:48 . 2011-10-15 19:28:48 412 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_a74cab41.reg.dat
2011-10-15 19:28:35 . 2011-10-17 16:56:06 11,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-10-15 17:52:18 . 2011-10-15 17:52:18 1,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\_loader_.tlb .zip
2011-10-15 17:45:42 . 2011-10-17 16:48:17 1,190 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-10-15 08:43:40 . 2011-10-15 09:32:03 23,552 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@800000cb. vir
2011-10-11 17:22:28 . 2011-10-13 23:39:19 2,144 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\click.tlb.vi r
2011-10-11 17:04:49 . 2011-10-13 23:36:19 28,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir
2011-10-10 16:58:09 . 2011-10-11 14:33:36 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\loader(2)(2) .tlb.vir
2011-10-10 16:58:09 . 2011-10-10 16:58:09 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\loader(3).tl b.vir
2011-10-10 16:58:09 . 2011-10-13 23:39:51 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\loader.tlb.v ir
2011-10-09 21:55:11 . 2011-10-09 21:55:11 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\loader(2).tl b.vir
2011-10-09 21:51:47 . 2011-10-09 21:51:47 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}.vir
2011-10-09 21:48:17 . 2011-10-09 21:48:17 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\@.vir
2011-10-09 21:48:17 . 2011-10-09 21:48:17 162,816 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\L\pavtnywh.v ir
2011-09-30 00:34:34 . 2011-10-09 21:51:38 3,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@000000cb. vir
2011-09-23 09:38:32 . 2011-10-09 21:51:41 3,584 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@000000c0. vir
2011-09-16 08:29:44 . 2011-10-09 21:52:01 35,840 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@800000c0. vir
2011-09-11 06:33:47 . 2011-10-09 21:51:47 26,112 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@80000000. vir
2011-09-10 13:54:43 . 2011-10-09 21:51:44 45,968 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@00000001. vir
2011-09-10 13:28:10 . 2011-10-09 21:51:41 27,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@800000cf. vir
2011-09-09 19:03:00 . 2011-10-09 21:51:38 1,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@000000cf. vir
2011-04-27 22:39:26 . 2011-04-27 22:39:26 11,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe.vir
2011-03-12 06:25:04 . 2011-03-12 06:25:04 153,376 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir
2009-03-07 17:51:50 . 2009-03-07 17:51:50 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe.vir
2009-02-27 05:49:57 . 2009-08-14 13:45:34 319,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Motive\McciCMService.exe.vir
2008-07-30 02:24:50 . 2008-07-30 02:24:50 881,664 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe.vir
2008-07-29 16:07:30 . 2008-07-29 16:07:30 19,968 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Carrie\My Documents\~WRD0000.tmp.vir
2007-12-23 19:06:15 . 2000-11-17 09:02:00 114,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe.vir
2007-03-07 23:54:38 . 2007-03-07 23:54:38 585,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe.vir
2007-01-10 03:41:14 . 2007-01-11 05:33:04 115,200 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Carrie\My Documents\~WRL0002.tmp.vir
2006-12-25 18:39:00 . 2006-03-21 03:23:12 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir
2006-10-27 15:45:00 . 2006-10-27 15:45:00 344 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml.vir
2006-10-27 15:45:00 . 2006-10-27 15:45:00 6,200 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\related.xml.vir
2006-10-27 15:45:00 . 2006-10-27 15:45:00 9,856 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\travel.xml.vir
2006-10-26 21:40:34 . 2006-10-26 21:40:34 339,968 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe.vir
2006-10-23 17:47:06 . 2006-10-23 17:47:06 1,500 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp.vir
2006-10-23 17:47:06 . 2006-10-23 17:47:06 1,354 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png.vir
2006-10-23 17:47:06 . 2006-10-23 17:47:06 1,456 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp.vir
2006-10-23 17:47:06 . 2006-10-23 17:47:06 1,357 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png.vir
2006-02-25 07:02:55 . 2006-02-25 10:59:04 664 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\d3d9caps.dat.vir
2006-02-18 15:55:47 . 2006-02-18 14:17:27 5,120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir
2006-02-16 09:19:06 . 2005-07-13 01:14:42 45,056 ----a-w- C:\Qoobox\Quarantine\C\TOSHIBA\IVP\swupdate\swupdtmr.exe.vir
2006-02-15 16:36:06 . 2005-01-18 00:38:38 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe.vir
2006-02-15 16:31:42 . 2004-08-28 08:33:00 114,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\DVDRAMSV.exe.vir
2006-02-15 15:36:41 . 2009-08-07 03:24:06 53,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ .vir
2006-02-15 15:36:41 . 2009-08-07 03:24:06 53,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir
2006-02-15 14:03:22 . 2008-04-13 19:21:00 162,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir
2006-02-15 14:03:22 . 2008-04-13 19:21:00 162,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir_
2006-02-15 14:02:06 . 2004-08-10 12:00:00 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\c_13220.nls.vir
2005-11-28 19:31:32 . 2005-11-28 19:31:32 544,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\S24EvMon.exe.vir
2005-11-28 19:29:00 . 2005-11-28 19:29:00 114,753 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\EvtEng.exe.vir
2005-11-28 19:28:14 . 2005-11-28 19:28:14 221,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\RegSrvc.exe.vir
2005-10-14 21:06:24 . 2005-10-14 21:06:24 1,016 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,420 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,420 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 837 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,492 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,286 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,272 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 553 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,267 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 372 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\logo.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 372 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\logoxp.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,392 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,392 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,239 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 924 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 862 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png.vir
2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,568 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png.vir
2004-10-15 20:54:14 . 2004-10-15 20:54:14 100,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe.vir
2003-12-08 16:18:44 . 2005-12-21 20:54:48 235,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccSetMgr.exe.vir
2003-12-08 16:18:40 . 2005-03-01 00:56:32 218,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccProxy.exe.vir
2003-12-08 16:18:36 . 2005-12-21 20:54:22 255,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe.vir
2003-12-04 17:10:06 . 2003-12-04 17:10:06 197,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SNDSrvc.exe.vir
2003-11-24 15:46:28 . 2004-04-23 19:04:16 158,848 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe.vir
2003-11-07 17:46:58 . 2005-01-26 05:48:50 194,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe.vir

ComboFix 11-10-11.02 - Carrie 10/15/2011 12:19:55.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.356 [GMT -7:00]
Running from: c:\documents and settings\Carrie\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\Starware337
c:\documents and settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\epiRSS.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\epiSearch.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\FindIt.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\findithotxp.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\finditxp.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\Highlight.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\highlightxp.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\logo.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\logoxp.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\Reference.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\referencehotxp.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\referencexp.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\Weather.bmp
c:\documents and settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png
c:\documents and settings\All Users\Application Data\Starware337\buttons\weatherxp.png
c:\documents and settings\All Users\Application Data\Starware337\contexts\error.xml
c:\documents and settings\All Users\Application Data\Starware337\contexts\related.xml
c:\documents and settings\All Users\Application Data\Starware337\contexts\travel.xml
c:\documents and settings\Carrie\My Documents\~WRD0000.tmp
c:\documents and settings\Carrie\My Documents\~WRL0002.tmp
c:\documents and settings\Carrie\WINDOWS
c:\documents and settings\d.CARRIEDOMAGAS.000\WINDOWS
c:\documents and settings\d.CARRIEDOMAGAS.001\WINDOWS
c:\documents and settings\d.CARRIEDOMAGAS.002\WINDOWS
c:\documents and settings\d.CARRIEDOMAGAS\WINDOWS
c:\documents and settings\d\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\LogMeInRemoteUser\WINDOWS
c:\documents and settings\QBDataServiceUser17\WINDOWS
c:\windows\$NtUninstallKB62450$
c:\windows\$NtUninstallKB62450$\2806819649\@
c:\windows\$NtUninstallKB62450$\2806819649\click.tlb
c:\windows\$NtUninstallKB62450$\2806819649\L\pavtnywh
c:\windows\$NtUninstallKB62450$\2806819649\loader(2)(2).tlb
c:\windows\$NtUninstallKB62450$\2806819649\loader(2).tlb
c:\windows\$NtUninstallKB62450$\2806819649\loader(3).tlb
c:\windows\$NtUninstallKB62450$\2806819649\loader.tlb
c:\windows\$NtUninstallKB62450$\2806819649\U\@00000001
c:\windows\$NtUninstallKB62450$\2806819649\U\@000000c0
c:\windows\$NtUninstallKB62450$\2806819649\U\@000000cb
c:\windows\$NtUninstallKB62450$\2806819649\U\@000000cf
c:\windows\$NtUninstallKB62450$\2806819649\U\@80000000
c:\windows\$NtUninstallKB62450$\2806819649\U\@800000c0
c:\windows\$NtUninstallKB62450$\2806819649\U\@800000cb
c:\windows\$NtUninstallKB62450$\2806819649\U\@800000cf
c:\windows\$NtUninstallKB62450$\383419318
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\kb913800.exe
c:\windows\system32\
c:\windows\system32\c_13220.nls
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\d3d9caps.dat
c:\windows\system32\Thumbs.db
c:\windows\XSxS
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
.
Infected copy of c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159139.exe
.
Infected copy of c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0159198.EXE
.
Infected copy of c:\program files\Common Files\Symantec Shared\ccProxy.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0160198.EXE
.
Infected copy of c:\program files\Common Files\Symantec Shared\ccSetMgr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159137.EXE
.
Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159141.exe
.
Infected copy of c:\windows\system32\DVDRAMSV.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159143.exe
.
Infected copy of c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159144.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159135.exe
.
Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP893\A0161926.exe
.
Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159145.exe
.
Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159146.exe
.
Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159147.exe
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe . . . is infected!!
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe . . . was deleted!! You should re-install the program it pertains to
.
Infected copy of c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159148.EXE
.
Infected copy of c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159149.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\RegSrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0160199.exe
.
Infected copy of c:\program files\Intel\Wireless\Bin\S24EvMon.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0159197.exe
.
Infected copy of c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0159202.EXE
.
Infected copy of c:\program files\Common Files\Symantec Shared\SNDSrvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0161198.exe
.
Infected copy of c:\toshiba\IVP\swupdate\swupdtmr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159153.exe
.
Infected copy of c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159154.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_a74cab41
.
.
((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))
.
.
2011-10-15 17:53 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-15 09:36 . 2011-10-15 09:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\windows\system32\winevt
2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\windows\ServiceProfiles
2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\windows\rescache
2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\windows\AppCompat
2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\documents and settings\Carrie\AppData
2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- C:\Share
2011-10-13 23:21 . 2011-10-13 23:21 -------- d-sh--w- c:\documents and settings\Carrie\IECompatCache
2011-10-13 23:20 . 2011-10-13 23:20 -------- d-sh--w- c:\documents and settings\Carrie\PrivacIE
2011-10-13 20:48 . 2011-10-13 20:49 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-13 20:12 . 2011-10-13 20:39 -------- dc-h--w- c:\windows\ie8
2011-10-13 18:55 . 2011-10-13 18:55 -------- d-----w- c:\program files\CCleaner
2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2011-10-13 16:49 . 2011-10-13 16:49 -------- d--h--w- c:\windows\msdownld.tmp
2011-10-12 23:57 . 2011-10-12 23:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-10-12 23:56 . 2011-10-12 23:56 -------- d-sh--w- c:\documents and settings\Carrie\IETldCache
2011-10-12 20:15 . 2011-10-12 20:42 -------- d-----w- c:\program files\Uniblue
2011-10-12 17:41 . 2011-10-12 17:41 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-12 17:22 . 2011-10-12 18:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-12 16:56 . 2011-10-12 16:56 -------- d-----w- c:\documents and settings\Carrie\Application Data\Malwarebytes
2011-10-12 16:55 . 2011-10-12 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-10-11 23:57 . 2011-10-12 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2011-10-11 23:26 . 2011-10-11 23:26 -------- d-----w- c:\documents and settings\Carrie\Application Data\PC Cleaners
2011-10-11 23:25 . 2011-10-11 23:25 5359888 ----a-w- c:\windows\uninst.exe
2011-10-11 23:25 . 2011-10-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2011-10-11 18:08 . 2011-10-12 01:14 -------- d-----w- c:\program files\Active PC Optimizer
2011-10-11 17:57 . 2011-10-12 20:42 -------- d-----w- c:\documents and settings\Carrie\Application Data\Uniblue
2011-10-11 17:56 . 2011-10-11 17:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-11 17:56 . 2011-10-11 17:56 -------- d-----w- c:\documents and settings\Carrie\Local Settings\Application Data\PackageAware
2011-10-11 16:58 . 2011-10-11 16:58 -------- d-----w- c:\program files\Common Files\AolCoach
2011-10-11 16:08 . 2011-10-11 17:01 -------- d-----w- c:\program files\Google
2011-10-10 16:52 . 2011-10-10 16:52 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-09 21:48 . 2011-10-09 21:48 -------- d-sh--w- c:\documents and settings\Carrie\Local Settings\Application Data\a74cab41
2011-09-26 18:41 . 2011-09-26 18:41 220160 -c----w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 18:41 . 2011-09-26 18:41 20480 -c----w- c:\windows\system32\dllcache\oleaccrc.dll
2011-09-22 22:01 . 2011-09-22 22:01 -------- d-----w- c:\documents and settings\Carrie\Tracing
2011-09-22 18:26 . 2011-05-13 00:32 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2011-09-22 18:26 . 2011-05-13 00:32 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
2011-09-22 18:25 . 2011-09-22 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2006-02-15 14:03 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2006-02-15 14:03 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2006-02-15 14:02 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2006-02-15 14:04 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 13:49 . 2006-02-15 14:02 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2011-09-30 22:12 . 2011-05-11 02:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-24 98304]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-14 54472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-11-06 06:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSv c]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Product Assistant\\bin\\hprbUpdate.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\ATTToolbar\\FDServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
"c:\\Program Files\\McAfee Security Scan\\2.0.181\\mcuicnt.exe"=
"c:\\Documents and Settings\\Carrie\\My Documents\\Downloads\\ccsetup311.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Uniblue\\RegistryBooster\\registrybooster.exe"=
"c:\\Program Files\\Uniblue\\RegistryBooster\\rbmonitor.exe"=
"c:\\Program Files\\AT&T\\Internet Security Wizard\\ISW.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Uniblue\\SystemTweaker\\st_track_install.exe"=
"c:\\Program Files\\Uniblue\\SystemTweaker\\systemtweaker.exe"=
"c:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe"=
"c:\\Documents and Settings\\Carrie\\My Documents\\Downloads\\MicrosoftFixit.WinSecurity.Run.exe"=
"c:\\Program Files\\Microsoft Security Client\\msseces.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
.
R2 gupdate;Google Update Service (gupdate); [x]
R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [2007-01-15 73728]
R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2008-07-10 131072]
R3 gupdatem;Google Update Service (gupdatem); [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [2007-06-27 101248]
R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [2007-06-27 73856]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
2011-10-15 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Carrie.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-11-24 15:46]
.
2006-12-12 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
2006-12-12 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
.
2011-10-15 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-12 09:48]
.
2011-10-15 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-03-07 02:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\documents and settings\Carrie\Application Data\Mozilla\Firefox\Profiles\e2vmtbo3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80307&language=en&qkw=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-15 12:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(892)
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(2160)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
c:\program files\Nikon\PictureProject\NkbMonitor.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
c:\windows\system32\RAMASST.exe
c:\program files\WinZip\WZQKPICK.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\taskmgr.exe
c:\program files\Common Files\Symantec Shared\NMain.exe
c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
.
**************************************************************************
.
Completion time: 2011-10-15 13:13:28 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-15 20:13
.
Pre-Run: 64,147,894,272 bytes free
Post-Run: 69,250,662,400 bytes free
.
- - End Of File - - 65C0F1D9B4971DCEE40586B04DEBD1BD
sonicdog13's Avatar
sonicdog13 sonicdog13 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
17-Oct-2011, 05:57 PM #6
and the other 2 files
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Carrie at 14:53:32 on 2011-10-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.462 [GMT -7:00]
.
AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://yahoo.com/
uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
StartupFolder: c:\docume~1\carrie\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuit.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{E1D707BD-4455-40CE-9D35-AA057A335506} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carrie\application data\mozilla\firefox\profiles\e2vmtbo3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80307&language=en&qkw=
FF - plugin: c:\documents and settings\carrie\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\savrtpel.sys [2008-2-7 37000]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-12-8 255648]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2003-12-8 218736]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-12-8 235168]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-5 47640]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-7 585728]
S2 gupdate;Google Update Service (gupdate); [x]
S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2007-1-15 73728]
S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]
S3 gupdatem;Google Update Service (gupdatem); [x]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2003-11-24 158848]
S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080305.040\NAVENG.Sy s [2008-3-6 82256]
S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080305.040\NavEx15 .Sys [2008-3-6 895408]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-15 14336]
S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2008-2-7 305288]
S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2003-11-7 194272]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2007-6-27 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2007-6-27 73856]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2011-10-17 17:34:39 -------- d-----w- c:\windows\XSxS
2011-10-17 16:48:23 98816 ----a-w- c:\windows\sed.exe
2011-10-17 16:48:23 518144 ----a-w- c:\windows\SWREG.exe
2011-10-17 16:48:23 256000 ----a-w- c:\windows\PEV.exe
2011-10-17 16:48:23 208896 ----a-w- c:\windows\MBR.exe
2011-10-15 20:43:45 -------- dc-h--w- c:\windows\ie8
2011-10-15 17:53:09 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-10-14 16:39:39 -------- d-----w- c:\windows\system32\winevt
2011-10-14 16:39:39 -------- d-----w- c:\windows\ServiceProfiles
2011-10-14 16:39:39 -------- d-----w- c:\windows\rescache
2011-10-14 16:39:39 -------- d-----w- c:\windows\AppCompat
2011-10-14 16:39:39 -------- d-----w- c:\documents and settings\carrie\AppData
2011-10-14 16:39:38 -------- d-----w- C:\Share
2011-10-13 23:21:32 -------- d-sh--w- c:\documents and settings\carrie\IECompatCache
2011-10-13 23:20:45 -------- d-sh--w- c:\documents and settings\carrie\PrivacIE
2011-10-13 20:48:44 -------- d-----w- c:\program files\Microsoft Security Client
2011-10-13 18:55:49 -------- d-----w- c:\program files\CCleaner
2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2011-10-13 18:43:45 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2011-10-13 18:43:45 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
2011-10-13 16:49:33 -------- d--h--w- c:\windows\msdownld.tmp
2011-10-12 23:56:12 -------- d-sh--w- c:\documents and settings\carrie\IETldCache
2011-10-12 20:15:08 -------- d-----w- c:\program files\Uniblue
2011-10-12 17:41:03 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-12 17:22:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-12 16:56:07 -------- d-----w- c:\documents and settings\carrie\application data\Malwarebytes
2011-10-12 16:55:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-11 23:57:46 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2011-10-11 23:26:02 -------- d-----w- c:\documents and settings\carrie\application data\PC Cleaners
2011-10-11 23:25:57 5359888 ----a-w- c:\windows\uninst.exe
2011-10-11 23:25:54 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
2011-10-11 18:08:13 -------- d-----w- c:\program files\Active PC Optimizer
2011-10-11 17:57:17 -------- d-----w- c:\documents and settings\carrie\application data\Uniblue
2011-10-11 17:56:45 -------- dc-h--w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-10-11 17:56:30 -------- d-----w- c:\documents and settings\carrie\local settings\application data\PackageAware
2011-10-11 16:58:52 -------- d-----w- c:\program files\common files\AolCoach
2011-10-10 16:52:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-10-10 16:52:59 -------- d-----w- c:\windows\system32\wbem\Repository
2011-10-09 21:48:13 -------- d-sh--w- c:\documents and settings\carrie\local settings\application data\a74cab41
2011-09-26 18:41:20 220160 -c----w- c:\windows\system32\dllcache\oleacc.dll
2011-09-26 18:41:14 20480 -c----w- c:\windows\system32\dllcache\oleaccrc.dll
2011-09-22 22:01:45 -------- d-----w- c:\documents and settings\carrie\Tracing
2011-09-22 18:26:21 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2011-09-22 18:26:21 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
2011-09-22 18:25:31 -------- d-----w- c:\documents and settings\all users\application data\Applications
.
==================== Find3M ====================
.
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
.
============= FINISH: 14:54:25.40 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/11/2006 5:13:33 PM
System Uptime: 10/16/2011 2:10:40 AM (36 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | U1 | 1862/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 64.123 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP833: 8/4/2011 9:30:52 PM - System Checkpoint
RP834: 8/5/2011 9:55:59 PM - System Checkpoint
RP835: 8/6/2011 11:04:26 PM - System Checkpoint
RP836: 8/8/2011 6:55:18 PM - System Checkpoint
RP837: 8/9/2011 7:21:35 PM - System Checkpoint
RP838: 8/10/2011 6:23:09 PM - Software Distribution Service 3.0
RP839: 8/15/2011 5:17:46 PM - System Checkpoint
RP840: 8/17/2011 8:29:09 PM - System Checkpoint
RP841: 8/18/2011 9:09:08 PM - System Checkpoint
RP842: 8/20/2011 9:11:09 AM - System Checkpoint
RP843: 8/21/2011 10:01:10 AM - System Checkpoint
RP844: 8/22/2011 7:23:19 PM - System Checkpoint
RP845: 8/24/2011 4:38:12 PM - Software Distribution Service 3.0
RP846: 8/26/2011 10:25:33 PM - System Checkpoint
RP847: 8/28/2011 10:31:32 AM - System Checkpoint
RP848: 8/29/2011 2:47:45 PM - System Checkpoint
RP849: 8/30/2011 4:41:29 PM - System Checkpoint
RP850: 8/31/2011 7:20:55 PM - System Checkpoint
RP851: 9/1/2011 7:33:12 PM - System Checkpoint
RP852: 9/3/2011 11:55:47 AM - System Checkpoint
RP853: 9/4/2011 1:00:11 PM - System Checkpoint
RP854: 9/5/2011 3:15:32 PM - System Checkpoint
RP855: 9/6/2011 9:21:46 AM - Installed Angry Birds
RP856: 9/7/2011 8:07:07 AM - Software Distribution Service 3.0
RP857: 9/7/2011 9:49:53 AM - Installed WinZip 15.5
RP858: 9/7/2011 10:15:17 AM - Removed Angry Birds
RP859: 9/7/2011 10:17:08 AM - Installed Angry Birds
RP860: 9/8/2011 12:54:18 PM - System Checkpoint
RP861: 9/9/2011 8:15:16 PM - System Checkpoint
RP862: 9/10/2011 8:21:03 PM - System Checkpoint
RP863: 9/12/2011 9:39:14 AM - System Checkpoint
RP864: 9/13/2011 3:13:24 PM - System Checkpoint
RP865: 9/14/2011 5:42:19 PM - System Checkpoint
RP866: 9/15/2011 8:03:13 AM - Software Distribution Service 3.0
RP867: 9/16/2011 4:30:16 PM - System Checkpoint
RP868: 9/17/2011 6:02:14 PM - System Checkpoint
RP869: 9/18/2011 9:59:31 PM - System Checkpoint
RP870: 9/20/2011 6:24:22 PM - System Checkpoint
RP871: 9/21/2011 7:08:11 PM - System Checkpoint
RP872: 9/22/2011 11:25:56 AM - Installed Microsoft Office Live Meeting 2007
RP873: 9/23/2011 2:46:44 PM - System Checkpoint
RP874: 9/24/2011 5:48:08 PM - System Checkpoint
RP875: 9/26/2011 3:34:18 PM - System Checkpoint
RP876: 9/27/2011 5:34:03 PM - System Checkpoint
RP877: 9/28/2011 5:54:47 PM - System Checkpoint
RP878: 9/28/2011 7:58:31 PM - Software Distribution Service 3.0
RP879: 9/29/2011 10:24:43 PM - System Checkpoint
RP880: 9/30/2011 11:10:06 PM - System Checkpoint
RP881: 10/2/2011 4:12:02 PM - System Checkpoint
RP882: 10/3/2011 9:34:59 PM - System Checkpoint
RP883: 10/5/2011 10:46:29 AM - System Checkpoint
RP884: 10/6/2011 11:02:25 AM - System Checkpoint
RP885: 10/6/2011 5:33:20 PM - Removed Angry Birds
RP886: 10/6/2011 5:33:47 PM - Installed Angry Birds
RP887: 10/7/2011 6:22:35 PM - System Checkpoint
RP888: 10/8/2011 9:35:33 AM - Installed Angry Birds Rio
RP889: 10/9/2011 10:52:34 AM - System Checkpoint
RP890: 10/10/2011 9:49:23 AM - Restore Operation
RP891: 10/11/2011 10:13:54 AM - Restore Operation
RP892: 10/11/2011 10:20:20 AM - Restore Operation
RP893: 10/12/2011 9:12:07 AM - Software Distribution Service 3.0
RP894: 10/12/2011 2:00:28 PM - Software Distribution Service 3.0
RP895: 10/12/2011 2:15:30 PM - Software Distribution Service 3.0
RP896: 10/12/2011 2:30:08 PM - Software Distribution Service 3.0
RP897: 10/12/2011 2:34:50 PM - Software Distribution Service 3.0
RP898: 10/12/2011 2:55:15 PM - Software Distribution Service 3.0
RP899: 10/12/2011 3:02:31 PM - Software Distribution Service 3.0
RP900: 10/12/2011 3:14:53 PM - Installed Windows Internet Explorer 8.
RP901: 10/12/2011 5:00:34 PM - Software Distribution Service 3.0
RP902: 10/12/2011 5:10:37 PM - Software Distribution Service 3.0
RP903: 10/12/2011 5:44:40 PM - Software Distribution Service 3.0
RP904: 10/12/2011 5:47:02 PM - Software Distribution Service 3.0
RP905: 10/12/2011 6:11:38 PM - Software Distribution Service 3.0
RP906: 10/12/2011 6:34:14 PM - Software Distribution Service 3.0
RP907: 10/13/2011 3:00:27 AM - Software Distribution Service 3.0
RP908: 10/13/2011 9:52:50 AM - Installed Windows Internet Explorer 8.
RP909: 10/13/2011 12:32:45 PM - Software Distribution Service 3.0
RP910: 10/13/2011 1:14:38 PM - Installed Windows Internet Explorer 8.
RP911: 10/13/2011 1:39:36 PM - Installed Windows Internet Explorer 8.
RP912: 10/13/2011 4:14:07 PM - Installed Microsoft Fix it 50228
RP913: 10/13/2011 4:34:44 PM - Software Distribution Service 3.0
RP914: 10/13/2011 4:40:11 PM - Software Distribution Service 3.0
RP915: 10/14/2011 3:00:22 AM - Software Distribution Service 3.0
RP916: 10/14/2011 7:54:58 AM - Software Distribution Service 3.0
RP917: 10/15/2011 3:00:26 AM - Software Distribution Service 3.0
RP918: 10/15/2011 1:45:27 PM - Installed Windows Internet Explorer 8.
RP919: 10/15/2011 1:55:42 PM - Software Distribution Service 3.0
RP920: 10/15/2011 2:51:21 PM - Software Distribution Service 3.0
RP921: 10/16/2011 3:00:20 AM - Software Distribution Service 3.0
RP922: 10/16/2011 9:32:59 AM - Software Distribution Service 3.0
RP923: 10/17/2011 7:49:23 AM - Software Distribution Service 3.0
RP924: 10/17/2011 11:27:23 AM - Installed Angry Birds Seasons
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
5700_Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 7.0.9
America Online (Choose which version to remove)
Angry Birds
Angry Birds Seasons
AOL Spyware Protection
AT&T Internet Security Wizard 1.5.11
AT&T Toolbar
ATT-HSI
Bejeweled 2 Deluxe
Bespelled
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
CC_ccProxyMSI
CC_ccStart
ccCommon
CCleaner
CD/DVD Drive Acoustic Silencer
Critical Update for Windows Media Player 11 (KB959772)
Cuisinart Recipe Widget
Destinations
DeviceManagementQFolder
DocProc
DocProcQFolder
Driver Installer
DVD-RAM Driver
EPSON Printer Software
ESPNMotion
eSupportQFolder
Facebook Plug-In
Fax
GemMaster Mystic
getPlus(R) for Adobe
Google Update Helper
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Solution Center 8.0
HP Update
HPProductAssistant
Ink Monitor
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iPIX ActiveX Viewer
J2SE Runtime Environment 5.0 Update 4
J5700
Java Auto Updater
Java(TM) 6 Update 24
LiveReg (Symantec Corporation)
LiveUpdate 1.90 (Symantec Corporation)
LogMeIn
Macromedia Flash Player 8
McAfee Security Scan Plus
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Meeting 2005
Microsoft Office Live Meeting 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mIWA
mLogView
mMHouse
Mozilla Firefox 7.0.1 (x86 en-US)
mPfMgr
mPfWiz
mProSafe
MSRedist
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
mWlsSafe
mXML
mZConfig
Nikon Message Center
Nokia Connectivity Adapter Cable DKU-5
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Office 2003 Trial Assistant
Open Book HVAC Certifications 4.2.00
PictureProject
PictureProject In Touch Downloader 1.0
ProductContext
QuickBooks
QuickBooks Pro 2009
QuickBooks Product Listing Service
QuickTime
RealPlayer Basic
Realtek High Definition Audio Driver
Scan
SCRABBLE
Scrabble Deluxe
SD Secure Module
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SMS (remove only)
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Status
Super Granny 5 (remove only)
SupportSoft Assisted Service
Symantec Script Blocking Installer
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
TrayApp
Uniblue RegistryBooster
Uniblue SystemTweaker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Outlook 2007 Junk Email Filter (KB2596560)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebEx
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB888316
Windows XP Media Center Edition 2005 KB894553
Windows XP Media Center Edition 2005 KB895678
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinZip 15.5
Word Slinger
Yahoo! Browser Services
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Engine
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
10/13/2011 5:45:07 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
10/13/2011 2:26:38 PM, error: Microsoft Antimalware [2001] -
10/12/2011 9:35:02 AM, error: Service Control Manager [7000] - The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: Access is denied.
10/12/2011 9:29:36 AM, error: Service Control Manager [7034] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s).
10/12/2011 9:14:23 AM, error: Service Control Manager [7034] - The Microsoft .NET Framework v1.1.4322 Update service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 9:52:22 PM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-841S' (IDE\CdRomMATSHITA_DVD-RAM_UJ-841S________________1.60____\5&226f6cf2&0&0.0.0) disappeared from the system without first being prepared for removal.
10/11/2011 9:52:21 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
10/11/2011 9:35:17 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 9:17:59 AM, error: Service Control Manager [7000] - The McAfee Security Scan Component Host Service service failed to start due to the following error: Access is denied.
10/11/2011 9:17:59 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
10/11/2011 7:46:00 PM, error: Service Control Manager [7024] - The Symantec Network Drivers Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
10/11/2011 7:15:28 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
10/11/2011 6:33:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
10/11/2011 6:33:57 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
10/11/2011 6:28:16 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302C9478E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
10/11/2011 6:13:56 PM, error: Service Control Manager [7034] - The ActivePCOptimizer Service service terminated unexpectedly. It has done this 1 time(s).
10/11/2011 2:16:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LogMeIn with arguments "" in order to run the server: {C3ADA61A-4E0E-48D4-A2B1-AE5F76D01044}
10/11/2011 10:43:23 AM, error: Service Control Manager [7034] - The McAfee Security Scan Component Host Service service terminated unexpectedly. It has done this 1 time(s).
10/10/2011 9:48:12 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
.
==== End Of File ===========================
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,209 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-Oct-2011, 06:22 PM #7
What is this program? AV: PC Cleaners

Also you still have Norton IS installed, is this still used, is license current
sonicdog13's Avatar
sonicdog13 sonicdog13 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
17-Oct-2011, 06:39 PM #8
Maybe AVG i had tried to download it a few times when this all started and as far as Norton i don't think the lic is current
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,209 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-Oct-2011, 07:08 PM #9
Not AVG, it is not installed. OK do the following:

Download and install the Norton removal tool from Here

Alternative link

Install and run the tool, follow any prompts that are given.

Next,

Install and run Microsoft Security Essentials:
Go Here and hit the "Download it free today" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen. Let me know if it finds anything...

Kevin
sonicdog13's Avatar
sonicdog13 sonicdog13 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
17-Oct-2011, 07:23 PM #10
also
I also have an old McAfee, new CCleaner and Uniblue RegistryBooster should i take them out also? I have tried before to install Microsoft Security Essentials but it asks me to update and it cant connect for some reason maybe cuz i cant use Internet Explorer?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,209 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-Oct-2011, 07:38 PM #11
You have McAfee security scan plus is that only stand alone scanner? if so you can leave it. Yes remove Registry Booster, they do more harm than good.

Run the following lets see if the infection has set any junctions..
  • Please download Junction.zip and save it to your desktop.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows). so you have C:\Windows\Junction.exe
  • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

  • A command window will open and the system will be scanned.
  • Wait until a log file opens.
  • Copy and paste log in your next reply
sonicdog13's Avatar
sonicdog13 sonicdog13 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
17-Oct-2011, 08:01 PM #12
ok here you go
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


...
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe: Access is denied.




...

...


Failed to open \\?\c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.


...


Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\1d4te66h.exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(1).exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(2).exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(3).exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis.exe: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill(1).com: Access is denied.



Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill.com: Access is denied.


...

...

...

...

...

...

...

...
Failed to open \\?\c:\\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe: Access is denied.




...

...

...

...

...

...

...

...


Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini: Access is denied.


..

...

...

...

...

...

...

...

...

.
Failed to open \\?\c:\\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe: Access is denied.



Failed to open \\?\c:\\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe: Access is denied.


..

...

...

...
Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.




...

...

...

..No reparse points found.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,209 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-Oct-2011, 08:29 PM #13
Do the following:

Please run the following:
  • please download GrantPerms.zip and save it to your desktop.
  • Unzip the file and run GrantPerms.exe
  • Copy and paste the following in the edit box:

    Code:
    c:\\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
    c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
    c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow
    c:\\Documents and Settings\Carrie\My Documents\Downloads\1d4te66h.exe
    c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(1).exe
    c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(2).exe
    c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(3).exe
    c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis.exe
    c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill(1).com
    c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill.com
    c:\\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
    c:\\Qoobox\BackEnv
    c:\\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini
    c:\\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
    c:\\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    c:\\WINDOWS\system32\MRT.exe
  • Now Click Unlock.
  • When it is done click "OK".
  • Now click List Permissions and post the result (Perms.txt) that pops up.
  • A copy of Perms.txt will be saved in the same directory the tool is run.

Next,
Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
  • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    -------------------------------------------------------------------

    :Files
    c:\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini
    :Commands
    [EmptyTemp]
    [Reboot]

    ---------------------------------------------------------------------
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.
..
Next see if MSE will install, if so update and do a quick scan.

Let me see logs from GrantPerms, OTM and if MSE installs/finds anything....
sonicdog13's Avatar
sonicdog13 sonicdog13 is offline
Computer Specs
Junior Member with 8 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Intermediate
17-Oct-2011, 09:27 PM #14
ok
Ok i hope i did this one correctly I was able to get MSE and ran a scan but i didn't see a log or anything in the history maybe i am missing something

GrantPerms by Farbar
Ran by Carrie at 2011-10-17 17:51:53

===============================================
\\?\c:\\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\1d4te66h.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(1).exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(2).exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(3).exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill(1).com

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill.com

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\Qoobox\BackEnv

Owner: BUILTIN\Administrators

DACL(NP)(AI):
BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
BUILTIN\Users ADD FILE ALLOW (CI)(I)


\\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\c:\\WINDOWS\system32\MRT.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


All processes killed
========== FILES ==========
c:\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Carrie
->Temp folder emptied: 72404638 bytes
->Temporary Internet Files folder emptied: 8497802 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 92939667 bytes
->Flash cache emptied: 1957 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7092306 bytes
->Flash cache emptied: 456 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 7436 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: QBDataServiceUser17
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 49501 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1131562 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 301736680 bytes

Total Files Cleaned = 462.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 10172011_175504

Files moved on Reboot...
C:\WINDOWS\temp\MpCmdRun.log moved successfully.
File C:\WINDOWS\temp\TMP000000352214ABA50DBA803D not found!
File C:\WINDOWS\temp\TMP0000003E22054F3E993927E5 not found!

Registry entries deleted on Reboot...
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,209 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
17-Oct-2011, 09:43 PM #15
Mse does not produce a log as such, it would show if anything had been found during its scan, that would have been seen by selecting the History tab in the main interface.

Use you system freely for 24 hours, post back and let me know if you have any issues... We`ll clean up if all is OK, just leave all tools in place for now...

It`s 2:45 am local time for me, sleepy time me thinks. Been a longgggggggggggggg day..

Cheers,

Kevin
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑