1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Firefox Hijacked

Discussion in 'Virus & Other Malware Removal' started by sonicdog13, Oct 13, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. sonicdog13

    sonicdog13 Thread Starter

    Joined:
    Oct 13, 2011
    Messages:
    8
    Help. 3 days ago my computer was taken over. Unfortunately i know just enough about computers to be dangerous so i tried multiple times to down load AVG and a few other antivirus programs but could not get any to load properly or would open then not run properly. Also the Firefox and Internet explorer google search are hijacked and now after running Uniblue Registry Booster i cant even get online with IE only with Firefox. I was not able to get hyjack this to load complete it would open and start to scan but shut down and i cant reopen, it tells me i may not have appropriate permissions to access just like the antivirus programs (tried multiple times) same with the GMER but was able to get some file (see below). So its a mess and need help it seems many other have the same type of problems so i hope you can help me and my comp. All info i was able to get is below and attached. Thank You

    Tech Support Guy System Info Utility version 1.0.0.1
    OS Version: Microsoft Windows XP Professional, Service Pack 3, 32 bit
    Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz, x86 Family 6 Model 14 Stepping 8
    Processor Count: 1
    RAM: 1013 Mb
    Graphics Card: Mobile Intel(R) 945GM Express Chipset Family, 128 Mb
    Hard Drives: C: Total - 95142 MB, Free - 61761 MB;
    Motherboard: Intel Corporation, MPAD-MSAE Customer Reference Boards, Not Applicable, Not Applicable
    Antivirus: PC Cleaners, Updated: Yes, On-Demand Scanner: Disabled
     

    Attached Files:

  2. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Do the following:

    Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

    Link 1
    Link 2

    • Ensure that Combofix is saved directly to the Desktop <--- Very important

      Before saving Combofix to the Desktop re-name to Gotcha.exe as below:

      [​IMG]

    • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.
    • Close any open browsers and any other programs you might have running
    • Double click the [​IMG] icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
    • Instructions for running Combofix available Here if required.
    • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why disabling autoruns is recommended.

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...

    Kevin
     
  3. sonicdog13

    sonicdog13 Thread Starter

    Joined:
    Oct 13, 2011
    Messages:
    8
    Ok fallowed your instructions as best as was allowed by my computer. For some reason it would not let me chose where to put it or rename it until after it was in my downloads. I did run it and seemed to fix most problems but it could not load the RECOVERY CONSOLE. I still cant run Internet Explorer and dos not seem to allow automatic downloads from windows. The files are attached i ran it 2 times (hope that's ok) Also can you suggest a good antivirus to help me protect my computer from problems in the future

    Thank You
    Dale
     

    Attached Files:

  4. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    I need to see the log from the first run of Combofix, also let me see the contents of CF`s quarantine folder. they are contained in the following folders:

    C:\Qoobox\ComboFix-quarantined-files.txt
    C:\Qoobox\ComboFix3.txt

    Please copy and paste the logs to your reply, do not attach them. Next,

    Please perform the following scan:
    • Download DDS by sUBs from one of the following links.* Save it to your desktop.
    • Double click on the DDS icon, allow it to run.
    • A small box will open, with an explanation about the tool.* *
    • When done, DDS will open two (2) logs
      * * * * *1. DDS.txt
      * * * * *2. Attach.txt
    • Save both reports to your desktop.
    • The instructions here ask you to attach the Attach.txt.
      [​IMG]
      *
    • Instead of attaching, please copy/past both logs into your next reply.
    • Close the program window, and delete the program from your desktop.
    Please note:* You may have to disable any script protection running if the scan fails to run.
    After downloading the tool, disconnect from the internet and disable all antivirus protection.
    Run the scan, enable your A/V and reconnect to the internet.*
    Information on A/V control HERE

    Kevin
     
  5. sonicdog13

    sonicdog13 Thread Starter

    Joined:
    Oct 13, 2011
    Messages:
    8
    Once again thank you for your help

    2011-10-15 20:12:27 . 2011-10-15 20:12:27 332 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Notify-WgaLogon.reg.dat
    2011-10-15 19:30:46 . 2011-10-15 19:30:46 218 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\_383419318_.zip
    2011-10-15 19:28:48 . 2011-10-15 19:28:48 412 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_a74cab41.reg.dat
    2011-10-15 19:28:35 . 2011-10-17 16:56:06 11,478 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
    2011-10-15 17:52:18 . 2011-10-15 17:52:18 1,080 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\_loader_.tlb.zip
    2011-10-15 17:45:42 . 2011-10-17 16:48:17 1,190 ----a-w- C:\Qoobox\Quarantine\catchme.log
    2011-10-15 08:43:40 . 2011-10-15 09:32:03 23,552 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@800000cb.vir
    2011-10-11 17:22:28 . 2011-10-13 23:39:19 2,144 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\click.tlb.vir
    2011-10-11 17:04:49 . 2011-10-13 23:36:19 28,160 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\assembly\GAC_MSIL\desktop.ini.vir
    2011-10-10 16:58:09 . 2011-10-11 14:33:36 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\loader(2)(2).tlb.vir
    2011-10-10 16:58:09 . 2011-10-10 16:58:09 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\loader(3).tlb.vir
    2011-10-10 16:58:09 . 2011-10-13 23:39:51 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\loader.tlb.vir
    2011-10-09 21:55:11 . 2011-10-09 21:55:11 2,540 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\loader(2).tlb.vir
    2011-10-09 21:51:47 . 2011-10-09 21:51:47 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\{2521BB91-29B1-4d7e-9137-AC9875D77735}.vir
    2011-10-09 21:48:17 . 2011-10-09 21:48:17 2,048 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\@.vir
    2011-10-09 21:48:17 . 2011-10-09 21:48:17 162,816 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\L\pavtnywh.vir
    2011-09-30 00:34:34 . 2011-10-09 21:51:38 3,072 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@000000cb.vir
    2011-09-23 09:38:32 . 2011-10-09 21:51:41 3,584 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@000000c0.vir
    2011-09-16 08:29:44 . 2011-10-09 21:52:01 35,840 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@800000c0.vir
    2011-09-11 06:33:47 . 2011-10-09 21:51:47 26,112 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@80000000.vir
    2011-09-10 13:54:43 . 2011-10-09 21:51:44 45,968 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@00000001.vir
    2011-09-10 13:28:10 . 2011-10-09 21:51:41 27,648 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@800000cf.vir
    2011-09-09 19:03:00 . 2011-10-09 21:51:38 1,536 -c--a-w- C:\Qoobox\Quarantine\C\WINDOWS\$NtUninstallKB62450$\2806819649\U\@000000cf.vir
    2011-04-27 22:39:26 . 2011-04-27 22:39:26 11,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe.vir
    2011-03-12 06:25:04 . 2011-03-12 06:25:04 153,376 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Java\jre6\bin\jqs.exe.vir
    2009-03-07 17:51:50 . 2009-03-07 17:51:50 24,576 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe.vir
    2009-02-27 05:49:57 . 2009-08-14 13:45:34 319,488 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Motive\McciCMService.exe.vir
    2008-07-30 02:24:50 . 2008-07-30 02:24:50 881,664 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe.vir
    2008-07-29 16:07:30 . 2008-07-29 16:07:30 19,968 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Carrie\My Documents\~WRD0000.tmp.vir
    2007-12-23 19:06:15 . 2000-11-17 09:02:00 114,688 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe.vir
    2007-03-07 23:54:38 . 2007-03-07 23:54:38 585,728 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe.vir
    2007-01-10 03:41:14 . 2007-01-11 05:33:04 115,200 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\Carrie\My Documents\~WRL0002.tmp.vir
    2006-12-25 18:39:00 . 2006-03-21 03:23:12 23,040 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\kb913800.exe.vir
    2006-10-27 15:45:00 . 2006-10-27 15:45:00 344 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\error.xml.vir
    2006-10-27 15:45:00 . 2006-10-27 15:45:00 6,200 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\related.xml.vir
    2006-10-27 15:45:00 . 2006-10-27 15:45:00 9,856 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\contexts\travel.xml.vir
    2006-10-26 21:40:34 . 2006-10-26 21:40:34 339,968 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe.vir
    2006-10-23 17:47:06 . 2006-10-23 17:47:06 1,500 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp.vir
    2006-10-23 17:47:06 . 2006-10-23 17:47:06 1,354 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiRSS.png.vir
    2006-10-23 17:47:06 . 2006-10-23 17:47:06 1,456 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp.vir
    2006-10-23 17:47:06 . 2006-10-23 17:47:06 1,357 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\epiSearch.png.vir
    2006-02-25 07:02:55 . 2006-02-25 10:59:04 664 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\d3d9caps.dat.vir
    2006-02-18 15:55:47 . 2006-02-18 14:17:27 5,120 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Thumbs.db.vir
    2006-02-16 09:19:06 . 2005-07-13 01:14:42 45,056 ----a-w- C:\Qoobox\Quarantine\C\TOSHIBA\IVP\swupdate\swupdtmr.exe.vir
    2006-02-15 16:36:06 . 2005-01-18 00:38:38 40,960 ----a-w- C:\Qoobox\Quarantine\C\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe.vir
    2006-02-15 16:31:42 . 2004-08-28 08:33:00 114,688 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\DVDRAMSV.exe.vir
    2006-02-15 15:36:41 . 2009-08-07 03:24:06 53,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\ .vir
    2006-02-15 15:36:41 . 2009-08-07 03:24:06 53,472 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\wuauclt.exe.vir
    2006-02-15 14:03:22 . 2008-04-13 19:21:00 162,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir
    2006-02-15 14:03:22 . 2008-04-13 19:21:00 162,816 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir_
    2006-02-15 14:02:06 . 2004-08-10 12:00:00 0 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\c_13220.nls.vir
    2005-11-28 19:31:32 . 2005-11-28 19:31:32 544,768 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\S24EvMon.exe.vir
    2005-11-28 19:29:00 . 2005-11-28 19:29:00 114,753 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\EvtEng.exe.vir
    2005-11-28 19:28:14 . 2005-11-28 19:28:14 221,184 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Intel\Wireless\Bin\RegSrvc.exe.vir
    2005-10-14 21:06:24 . 2005-10-14 21:06:24 1,016 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Weather.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,420 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\FindIt.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,420 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 837 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\findithotxp.png.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,492 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\finditxp.png.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,286 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Highlight.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,272 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 553 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,267 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\highlightxp.png.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 372 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\logo.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 372 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\logoxp.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,392 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\Reference.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,392 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,239 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\referencehotxp.png.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 924 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\referencexp.png.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 862 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png.vir
    2005-10-07 13:00:24 . 2005-10-07 13:00:24 1,568 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Starware337\buttons\weatherxp.png.vir
    2004-10-15 20:54:14 . 2004-10-15 20:54:14 100,016 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe.vir
    2003-12-08 16:18:44 . 2005-12-21 20:54:48 235,168 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccSetMgr.exe.vir
    2003-12-08 16:18:40 . 2005-03-01 00:56:32 218,736 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccProxy.exe.vir
    2003-12-08 16:18:36 . 2005-12-21 20:54:22 255,648 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe.vir
    2003-12-04 17:10:06 . 2003-12-04 17:10:06 197,856 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Common Files\Symantec Shared\SNDSrvc.exe.vir
    2003-11-24 15:46:28 . 2004-04-23 19:04:16 158,848 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe.vir
    2003-11-07 17:46:58 . 2005-01-26 05:48:50 194,272 ----a-w- C:\Qoobox\Quarantine\C\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe.vir

    ComboFix 11-10-11.02 - Carrie 10/15/2011 12:19:55.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.356 [GMT -7:00]
    Running from: c:\documents and settings\Carrie\My Documents\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    .
    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Administrator\WINDOWS
    c:\documents and settings\All Users\Application Data\Starware337
    c:\documents and settings\All Users\Application Data\Starware337\buttons\epiRSS.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\epiRSS.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\epiSearch.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\epiSearch.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\FindIt.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\FindItHot.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\findithotxp.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\finditxp.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\Highlight.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\HighlightHot.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\highlighthotxp.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\highlightxp.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\logo.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\logoxp.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\Reference.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\ReferenceHot.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\referencehotxp.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\referencexp.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\Weather.bmp
    c:\documents and settings\All Users\Application Data\Starware337\buttons\weatherhotxp.png
    c:\documents and settings\All Users\Application Data\Starware337\buttons\weatherxp.png
    c:\documents and settings\All Users\Application Data\Starware337\contexts\error.xml
    c:\documents and settings\All Users\Application Data\Starware337\contexts\related.xml
    c:\documents and settings\All Users\Application Data\Starware337\contexts\travel.xml
    c:\documents and settings\Carrie\My Documents\~WRD0000.tmp
    c:\documents and settings\Carrie\My Documents\~WRL0002.tmp
    c:\documents and settings\Carrie\WINDOWS
    c:\documents and settings\d.CARRIEDOMAGAS.000\WINDOWS
    c:\documents and settings\d.CARRIEDOMAGAS.001\WINDOWS
    c:\documents and settings\d.CARRIEDOMAGAS.002\WINDOWS
    c:\documents and settings\d.CARRIEDOMAGAS\WINDOWS
    c:\documents and settings\d\WINDOWS
    c:\documents and settings\Default User\WINDOWS
    c:\documents and settings\LogMeInRemoteUser\WINDOWS
    c:\documents and settings\QBDataServiceUser17\WINDOWS
    c:\windows\$NtUninstallKB62450$
    c:\windows\$NtUninstallKB62450$\2806819649\@
    c:\windows\$NtUninstallKB62450$\2806819649\click.tlb
    c:\windows\$NtUninstallKB62450$\2806819649\L\pavtnywh
    c:\windows\$NtUninstallKB62450$\2806819649\loader(2)(2).tlb
    c:\windows\$NtUninstallKB62450$\2806819649\loader(2).tlb
    c:\windows\$NtUninstallKB62450$\2806819649\loader(3).tlb
    c:\windows\$NtUninstallKB62450$\2806819649\loader.tlb
    c:\windows\$NtUninstallKB62450$\2806819649\U\@00000001
    c:\windows\$NtUninstallKB62450$\2806819649\U\@000000c0
    c:\windows\$NtUninstallKB62450$\2806819649\U\@000000cb
    c:\windows\$NtUninstallKB62450$\2806819649\U\@000000cf
    c:\windows\$NtUninstallKB62450$\2806819649\U\@80000000
    c:\windows\$NtUninstallKB62450$\2806819649\U\@800000c0
    c:\windows\$NtUninstallKB62450$\2806819649\U\@800000cb
    c:\windows\$NtUninstallKB62450$\2806819649\U\@800000cf
    c:\windows\$NtUninstallKB62450$\383419318
    c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
    c:\windows\kb913800.exe
    c:\windows\system32\
    c:\windows\system32\c_13220.nls
    c:\windows\system32\config\systemprofile\WINDOWS
    c:\windows\system32\d3d9caps.dat
    c:\windows\system32\Thumbs.db
    c:\windows\XSxS
    .
    Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
    Restored copy from - The cat found it :)
    Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
    Restored copy from - c:\windows\system32\dllcache\wuauclt.exe
    .
    Infected copy of c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159139.exe
    .
    Infected copy of c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0159198.EXE
    .
    Infected copy of c:\program files\Common Files\Symantec Shared\ccProxy.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0160198.EXE
    .
    Infected copy of c:\program files\Common Files\Symantec Shared\ccSetMgr.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159137.EXE
    .
    Infected copy of c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159141.exe
    .
    Infected copy of c:\windows\system32\DVDRAMSV.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159143.exe
    .
    Infected copy of c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159144.exe
    .
    Infected copy of c:\program files\Intel\Wireless\Bin\EvtEng.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159135.exe
    .
    Infected copy of c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP893\A0161926.exe
    .
    Infected copy of c:\program files\Java\jre6\bin\jqs.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159145.exe
    .
    Infected copy of c:\program files\Common Files\Motive\McciCMService.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159146.exe
    .
    Infected copy of c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159147.exe
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe . . . is infected!!
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe . . . was deleted!! You should re-install the program it pertains to
    .
    Infected copy of c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159148.EXE
    .
    Infected copy of c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159149.exe
    .
    Infected copy of c:\program files\Intel\Wireless\Bin\RegSrvc.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0160199.exe
    .
    Infected copy of c:\program files\Intel\Wireless\Bin\S24EvMon.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0159197.exe
    .
    Infected copy of c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0159202.EXE
    .
    Infected copy of c:\program files\Common Files\Symantec Shared\SNDSrvc.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP892\A0161198.exe
    .
    Infected copy of c:\toshiba\IVP\swupdate\swupdtmr.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159153.exe
    .
    Infected copy of c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe was found and disinfected
    Restored copy from - c:\system volume information\_restore{4B1AEA69-B95E-4955-A6A6-502CD89CDA69}\RP891\A0159154.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_a74cab41
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-15 to 2011-10-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-15 17:53 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-10-15 09:36 . 2011-10-15 09:36 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\windows\system32\winevt
    2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\windows\ServiceProfiles
    2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\windows\rescache
    2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\windows\AppCompat
    2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- c:\documents and settings\Carrie\AppData
    2011-10-14 16:39 . 2011-10-14 16:39 -------- d-----w- C:\Share
    2011-10-13 23:21 . 2011-10-13 23:21 -------- d-sh--w- c:\documents and settings\Carrie\IECompatCache
    2011-10-13 23:20 . 2011-10-13 23:20 -------- d-sh--w- c:\documents and settings\Carrie\PrivacIE
    2011-10-13 20:48 . 2011-10-13 20:49 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-13 20:12 . 2011-10-13 20:39 -------- dc-h--w- c:\windows\ie8
    2011-10-13 18:55 . 2011-10-13 18:55 -------- d-----w- c:\program files\CCleaner
    2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
    2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
    2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
    2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
    2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
    2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
    2011-10-13 18:43 . 2011-10-13 18:43 106496 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
    2011-10-13 16:49 . 2011-10-13 16:49 -------- d--h--w- c:\windows\msdownld.tmp
    2011-10-12 23:57 . 2011-10-12 23:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2011-10-12 23:56 . 2011-10-12 23:56 -------- d-sh--w- c:\documents and settings\Carrie\IETldCache
    2011-10-12 20:15 . 2011-10-12 20:42 -------- d-----w- c:\program files\Uniblue
    2011-10-12 17:41 . 2011-10-12 17:41 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-10-12 17:22 . 2011-10-12 18:36 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-12 16:56 . 2011-10-12 16:56 -------- d-----w- c:\documents and settings\Carrie\Application Data\Malwarebytes
    2011-10-12 16:55 . 2011-10-12 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-10-11 23:57 . 2011-10-12 16:13 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
    2011-10-11 23:26 . 2011-10-11 23:26 -------- d-----w- c:\documents and settings\Carrie\Application Data\PC Cleaners
    2011-10-11 23:25 . 2011-10-11 23:25 5359888 ----a-w- c:\windows\uninst.exe
    2011-10-11 23:25 . 2011-10-11 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
    2011-10-11 18:08 . 2011-10-12 01:14 -------- d-----w- c:\program files\Active PC Optimizer
    2011-10-11 17:57 . 2011-10-12 20:42 -------- d-----w- c:\documents and settings\Carrie\Application Data\Uniblue
    2011-10-11 17:56 . 2011-10-11 17:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-11 17:56 . 2011-10-11 17:56 -------- d-----w- c:\documents and settings\Carrie\Local Settings\Application Data\PackageAware
    2011-10-11 16:58 . 2011-10-11 16:58 -------- d-----w- c:\program files\Common Files\AolCoach
    2011-10-11 16:08 . 2011-10-11 17:01 -------- d-----w- c:\program files\Google
    2011-10-10 16:52 . 2011-10-10 16:52 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-10-09 21:48 . 2011-10-09 21:48 -------- d-sh--w- c:\documents and settings\Carrie\Local Settings\Application Data\a74cab41
    2011-09-26 18:41 . 2011-09-26 18:41 220160 -c----w- c:\windows\system32\dllcache\oleacc.dll
    2011-09-26 18:41 . 2011-09-26 18:41 20480 -c----w- c:\windows\system32\dllcache\oleaccrc.dll
    2011-09-22 22:01 . 2011-09-22 22:01 -------- d-----w- c:\documents and settings\Carrie\Tracing
    2011-09-22 18:26 . 2011-05-13 00:32 82696 ----a-w- c:\windows\system32\lmdimon8.dll
    2011-09-22 18:26 . 2011-05-13 00:32 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
    2011-09-22 18:25 . 2011-09-22 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41 . 2006-02-15 14:03 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41 . 2006-02-15 14:03 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12 . 2006-02-15 14:02 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20 . 2006-02-15 14:04 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-17 13:49 . 2006-02-15 14:02 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-09-30 22:12 . 2011-05-11 02:48 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
    "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-07-24 98304]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-08-14 54472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
    2008-11-06 06:35 87352 ----a-w- c:\windows\system32\LMIinit.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
    "c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1140083713\\EE\\AOLServiceHost.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
    "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Product Assistant\\bin\\hprbUpdate.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\ATTToolbar\\FDServer.exe"=
    "c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
    "c:\\Program Files\\McAfee Security Scan\\2.0.181\\mcuicnt.exe"=
    "c:\\Documents and Settings\\Carrie\\My Documents\\Downloads\\ccsetup311.exe"=
    "c:\\Program Files\\Symantec\\LiveUpdate\\LuComServer.EXE"=
    "c:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AcroRd32.exe"=
    "c:\\WINDOWS\\system32\\dwwin.exe"=
    "c:\\Program Files\\Uniblue\\RegistryBooster\\registrybooster.exe"=
    "c:\\Program Files\\Uniblue\\RegistryBooster\\rbmonitor.exe"=
    "c:\\Program Files\\AT&T\\Internet Security Wizard\\ISW.exe"=
    "c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
    "c:\\Program Files\\Uniblue\\SystemTweaker\\st_track_install.exe"=
    "c:\\Program Files\\Uniblue\\SystemTweaker\\systemtweaker.exe"=
    "c:\\Program Files\\Common Files\\Symantec Shared\\NMain.exe"=
    "c:\\Documents and Settings\\Carrie\\My Documents\\Downloads\\MicrosoftFixit.WinSecurity.Run.exe"=
    "c:\\Program Files\\Microsoft Security Client\\msseces.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    .
    R2 gupdate;Google Update Service (gupdate); [x]
    R2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe [2007-01-15 73728]
    R2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe [2008-07-10 131072]
    R3 gupdatem;Google Update Service (gupdatem); [x]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-04-14 14336]
    R3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\DRIVERS\swnc8u56.sys [2007-06-27 101248]
    R3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\DRIVERS\swumx56.sys [2007-06-27 73856]
    S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-02-28 12856]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-10-15 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
    .
    2011-10-15 c:\windows\Tasks\Norton AntiVirus - Scan my computer - Carrie.job
    - c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2003-11-24 15:46]
    .
    2006-12-12 c:\windows\Tasks\Registration reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
    .
    2006-12-12 c:\windows\Tasks\Registration reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-02-15 00:12]
    .
    2011-10-15 c:\windows\Tasks\RegistryBooster.job
    - c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2011-10-12 09:48]
    .
    2011-10-15 c:\windows\Tasks\Symantec NetDetect.job
    - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-03-07 02:38]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    FF - ProfilePath - c:\documents and settings\Carrie\Application Data\Mozilla\Firefox\Profiles\e2vmtbo3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80307&language=en&qkw=
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Notify-WgaLogon - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-10-15 12:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(892)
    c:\windows\system32\LMIinit.dll
    .
    - - - - - - - > 'explorer.exe'(2160)
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\hnetcfg.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Common Files\aolshare\aolshcpy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    c:\program files\Common Files\Symantec Shared\ccProxy.exe
    c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
    c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
    c:\windows\system32\DVDRAMSV.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Motive\McciCMService.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    c:\program files\Intel\Wireless\Bin\RegSrvc.exe
    c:\program files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
    c:\toshiba\IVP\swupdate\swupdtmr.exe
    c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    c:\program files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    c:\windows\ehome\mcrdsvc.exe
    c:\windows\system32\dllhost.exe
    c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    c:\program files\HP\Digital Imaging\bin\hpqtra08.exe
    c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
    c:\program files\Nikon\PictureProject\NkbMonitor.exe
    c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    c:\windows\system32\RAMASST.exe
    c:\program files\WinZip\WZQKPICK.EXE
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\windows\system32\taskmgr.exe
    c:\program files\Common Files\Symantec Shared\NMain.exe
    c:\progra~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    .
    **************************************************************************
    .
    Completion time: 2011-10-15 13:13:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-15 20:13
    .
    Pre-Run: 64,147,894,272 bytes free
    Post-Run: 69,250,662,400 bytes free
    .
    - - End Of File - - 65C0F1D9B4971DCEE40586B04DEBD1BD
     
  6. sonicdog13

    sonicdog13 Thread Starter

    Joined:
    Oct 13, 2011
    Messages:
    8
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Carrie at 14:53:32 on 2011-10-17
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.462 [GMT -7:00]
    .
    AV: PC Cleaners *Disabled/Updated* {737A8864-C2D9-4337-B49A-B5E35815B9BB}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://yahoo.com/
    uInternet Connection Wizard,ShellNext = hxxp://www.toshibadirect.com/dpdstart
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
    BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
    TB: Web assistant: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll
    TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
    TB: AT&&T Toolbar: {4e7bd74f-2b8d-469e-94be-fd60bb9aae29} - c:\progra~1\atttoo~1\ATTTOO~1.DLL
    TB: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
    uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
    StartupFolder: c:\docume~1\carrie\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkbmon~1.lnk - c:\program files\nikon\pictureproject\NkbMonitor.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper200711281.dll
    DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
    DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intuit.webex.com/client/T26L/webex/ieatgpc.cab
    DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
    TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
    TCP: Interfaces\{E1D707BD-4455-40CE-9D35-AA057A335506} : DhcpNameServer = 209.18.47.61 209.18.47.62
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2007\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Notify: igfxcui - igfxdev.dll
    Notify: LMIinit - LMIinit.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\carrie\application data\mozilla\firefox\profiles\e2vmtbo3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
    FF - prefs.js: keyword.URL - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=sf&tbid=80307&language=en&qkw=
    FF - plugin: c:\documents and settings\carrie\application data\facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\savrtpel.sys [2008-2-7 37000]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2003-12-8 255648]
    R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2003-12-8 218736]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2003-12-8 235168]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-8-3 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-12-5 47640]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-3-7 585728]
    S2 gupdate;Google Update Service (gupdate); [x]
    S2 NetFxUpdate_v1.1.4322;Microsoft .NET Framework v1.1.4322 Update;c:\windows\microsoft.net\framework\v1.1.4322\netfxupdate.exe [2007-1-15 73728]
    S2 QuickBooksDB17;QuickBooksDB17;c:\progra~1\intuit\quickb~1\qbdbmgrn.exe -hvquickbooksdb17 --> c:\progra~1\intuit\quickb~1\QBDBMgrN.exe -hvQuickBooksDB17 [?]
    S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\SBServ.exe [2003-6-24 66784]
    S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\CCPWDSVC.EXE [2003-12-8 87712]
    S3 gupdatem;Google Update Service (gupdatem); [x]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 navapsvc;Norton AntiVirus Auto Protect Service;c:\program files\norton internet security\norton antivirus\navapsvc.exe [2003-11-24 158848]
    S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20080305.040\NAVENG.Sys [2008-3-6 82256]
    S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20080305.040\NavEx15.Sys [2008-3-6 895408]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-15 14336]
    S3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2008-2-7 305288]
    S3 SAVScan;SAVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2003-11-7 194272]
    S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [2007-6-27 101248]
    S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [2007-6-27 73856]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]
    .
    =============== Created Last 30 ================
    .
    2011-10-17 17:34:39 -------- d-----w- c:\windows\XSxS
    2011-10-17 16:48:23 98816 ----a-w- c:\windows\sed.exe
    2011-10-17 16:48:23 518144 ----a-w- c:\windows\SWREG.exe
    2011-10-17 16:48:23 256000 ----a-w- c:\windows\PEV.exe
    2011-10-17 16:48:23 208896 ----a-w- c:\windows\MBR.exe
    2011-10-15 20:43:45 -------- dc-h--w- c:\windows\ie8
    2011-10-15 17:53:09 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
    2011-10-14 16:39:39 -------- d-----w- c:\windows\system32\winevt
    2011-10-14 16:39:39 -------- d-----w- c:\windows\ServiceProfiles
    2011-10-14 16:39:39 -------- d-----w- c:\windows\rescache
    2011-10-14 16:39:39 -------- d-----w- c:\windows\AppCompat
    2011-10-14 16:39:39 -------- d-----w- c:\documents and settings\carrie\AppData
    2011-10-14 16:39:38 -------- d-----w- C:\Share
    2011-10-13 23:21:32 -------- d-sh--w- c:\documents and settings\carrie\IECompatCache
    2011-10-13 23:20:45 -------- d-sh--w- c:\documents and settings\carrie\PrivacIE
    2011-10-13 20:48:44 -------- d-----w- c:\program files\Microsoft Security Client
    2011-10-13 18:55:49 -------- d-----w- c:\program files\CCleaner
    2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin6.dll
    2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin5.dll
    2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin4.dll
    2011-10-13 18:43:46 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin3.dll
    2011-10-13 18:43:45 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin2.dll
    2011-10-13 18:43:45 106496 ----a-w- c:\program files\mozilla firefox\plugins\npqtplugin.dll
    2011-10-13 16:49:33 -------- d--h--w- c:\windows\msdownld.tmp
    2011-10-12 23:56:12 -------- d-sh--w- c:\documents and settings\carrie\IETldCache
    2011-10-12 20:15:08 -------- d-----w- c:\program files\Uniblue
    2011-10-12 17:41:03 -------- d--h--w- c:\windows\system32\GroupPolicy
    2011-10-12 17:22:53 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-12 16:56:07 -------- d-----w- c:\documents and settings\carrie\application data\Malwarebytes
    2011-10-12 16:55:44 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2011-10-11 23:57:46 -------- d-----w- c:\documents and settings\all users\application data\MFAData
    2011-10-11 23:26:02 -------- d-----w- c:\documents and settings\carrie\application data\PC Cleaners
    2011-10-11 23:25:57 5359888 ----a-w- c:\windows\uninst.exe
    2011-10-11 23:25:54 -------- d-----w- c:\documents and settings\all users\application data\PC1Data
    2011-10-11 18:08:13 -------- d-----w- c:\program files\Active PC Optimizer
    2011-10-11 17:57:17 -------- d-----w- c:\documents and settings\carrie\application data\Uniblue
    2011-10-11 17:56:45 -------- dc-h--w- c:\documents and settings\all users\application data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
    2011-10-11 17:56:30 -------- d-----w- c:\documents and settings\carrie\local settings\application data\PackageAware
    2011-10-11 16:58:52 -------- d-----w- c:\program files\common files\AolCoach
    2011-10-10 16:52:59 -------- d-----w- c:\windows\system32\wbem\repository\FS
    2011-10-10 16:52:59 -------- d-----w- c:\windows\system32\wbem\Repository
    2011-10-09 21:48:13 -------- d-sh--w- c:\documents and settings\carrie\local settings\application data\a74cab41
    2011-09-26 18:41:20 220160 -c----w- c:\windows\system32\dllcache\oleacc.dll
    2011-09-26 18:41:14 20480 -c----w- c:\windows\system32\dllcache\oleaccrc.dll
    2011-09-22 22:01:45 -------- d-----w- c:\documents and settings\carrie\Tracing
    2011-09-22 18:26:21 82696 ----a-w- c:\windows\system32\lmdimon8.dll
    2011-09-22 18:26:21 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
    2011-09-22 18:25:31 -------- d-----w- c:\documents and settings\all users\application data\Applications
    .
    ==================== Find3M ====================
    .
    2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
    2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
    2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
    2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll
    2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys
    .
    ============= FINISH: 14:54:25.40 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/11/2006 5:13:33 PM
    System Uptime: 10/16/2011 2:10:40 AM (36 hours ago)
    .
    Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
    Processor: Genuine Intel(R) CPU T1350 @ 1.86GHz | U1 | 1862/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 93 GiB total, 64.123 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP833: 8/4/2011 9:30:52 PM - System Checkpoint
    RP834: 8/5/2011 9:55:59 PM - System Checkpoint
    RP835: 8/6/2011 11:04:26 PM - System Checkpoint
    RP836: 8/8/2011 6:55:18 PM - System Checkpoint
    RP837: 8/9/2011 7:21:35 PM - System Checkpoint
    RP838: 8/10/2011 6:23:09 PM - Software Distribution Service 3.0
    RP839: 8/15/2011 5:17:46 PM - System Checkpoint
    RP840: 8/17/2011 8:29:09 PM - System Checkpoint
    RP841: 8/18/2011 9:09:08 PM - System Checkpoint
    RP842: 8/20/2011 9:11:09 AM - System Checkpoint
    RP843: 8/21/2011 10:01:10 AM - System Checkpoint
    RP844: 8/22/2011 7:23:19 PM - System Checkpoint
    RP845: 8/24/2011 4:38:12 PM - Software Distribution Service 3.0
    RP846: 8/26/2011 10:25:33 PM - System Checkpoint
    RP847: 8/28/2011 10:31:32 AM - System Checkpoint
    RP848: 8/29/2011 2:47:45 PM - System Checkpoint
    RP849: 8/30/2011 4:41:29 PM - System Checkpoint
    RP850: 8/31/2011 7:20:55 PM - System Checkpoint
    RP851: 9/1/2011 7:33:12 PM - System Checkpoint
    RP852: 9/3/2011 11:55:47 AM - System Checkpoint
    RP853: 9/4/2011 1:00:11 PM - System Checkpoint
    RP854: 9/5/2011 3:15:32 PM - System Checkpoint
    RP855: 9/6/2011 9:21:46 AM - Installed Angry Birds
    RP856: 9/7/2011 8:07:07 AM - Software Distribution Service 3.0
    RP857: 9/7/2011 9:49:53 AM - Installed WinZip 15.5
    RP858: 9/7/2011 10:15:17 AM - Removed Angry Birds
    RP859: 9/7/2011 10:17:08 AM - Installed Angry Birds
    RP860: 9/8/2011 12:54:18 PM - System Checkpoint
    RP861: 9/9/2011 8:15:16 PM - System Checkpoint
    RP862: 9/10/2011 8:21:03 PM - System Checkpoint
    RP863: 9/12/2011 9:39:14 AM - System Checkpoint
    RP864: 9/13/2011 3:13:24 PM - System Checkpoint
    RP865: 9/14/2011 5:42:19 PM - System Checkpoint
    RP866: 9/15/2011 8:03:13 AM - Software Distribution Service 3.0
    RP867: 9/16/2011 4:30:16 PM - System Checkpoint
    RP868: 9/17/2011 6:02:14 PM - System Checkpoint
    RP869: 9/18/2011 9:59:31 PM - System Checkpoint
    RP870: 9/20/2011 6:24:22 PM - System Checkpoint
    RP871: 9/21/2011 7:08:11 PM - System Checkpoint
    RP872: 9/22/2011 11:25:56 AM - Installed Microsoft Office Live Meeting 2007
    RP873: 9/23/2011 2:46:44 PM - System Checkpoint
    RP874: 9/24/2011 5:48:08 PM - System Checkpoint
    RP875: 9/26/2011 3:34:18 PM - System Checkpoint
    RP876: 9/27/2011 5:34:03 PM - System Checkpoint
    RP877: 9/28/2011 5:54:47 PM - System Checkpoint
    RP878: 9/28/2011 7:58:31 PM - Software Distribution Service 3.0
    RP879: 9/29/2011 10:24:43 PM - System Checkpoint
    RP880: 9/30/2011 11:10:06 PM - System Checkpoint
    RP881: 10/2/2011 4:12:02 PM - System Checkpoint
    RP882: 10/3/2011 9:34:59 PM - System Checkpoint
    RP883: 10/5/2011 10:46:29 AM - System Checkpoint
    RP884: 10/6/2011 11:02:25 AM - System Checkpoint
    RP885: 10/6/2011 5:33:20 PM - Removed Angry Birds
    RP886: 10/6/2011 5:33:47 PM - Installed Angry Birds
    RP887: 10/7/2011 6:22:35 PM - System Checkpoint
    RP888: 10/8/2011 9:35:33 AM - Installed Angry Birds Rio
    RP889: 10/9/2011 10:52:34 AM - System Checkpoint
    RP890: 10/10/2011 9:49:23 AM - Restore Operation
    RP891: 10/11/2011 10:13:54 AM - Restore Operation
    RP892: 10/11/2011 10:20:20 AM - Restore Operation
    RP893: 10/12/2011 9:12:07 AM - Software Distribution Service 3.0
    RP894: 10/12/2011 2:00:28 PM - Software Distribution Service 3.0
    RP895: 10/12/2011 2:15:30 PM - Software Distribution Service 3.0
    RP896: 10/12/2011 2:30:08 PM - Software Distribution Service 3.0
    RP897: 10/12/2011 2:34:50 PM - Software Distribution Service 3.0
    RP898: 10/12/2011 2:55:15 PM - Software Distribution Service 3.0
    RP899: 10/12/2011 3:02:31 PM - Software Distribution Service 3.0
    RP900: 10/12/2011 3:14:53 PM - Installed Windows Internet Explorer 8.
    RP901: 10/12/2011 5:00:34 PM - Software Distribution Service 3.0
    RP902: 10/12/2011 5:10:37 PM - Software Distribution Service 3.0
    RP903: 10/12/2011 5:44:40 PM - Software Distribution Service 3.0
    RP904: 10/12/2011 5:47:02 PM - Software Distribution Service 3.0
    RP905: 10/12/2011 6:11:38 PM - Software Distribution Service 3.0
    RP906: 10/12/2011 6:34:14 PM - Software Distribution Service 3.0
    RP907: 10/13/2011 3:00:27 AM - Software Distribution Service 3.0
    RP908: 10/13/2011 9:52:50 AM - Installed Windows Internet Explorer 8.
    RP909: 10/13/2011 12:32:45 PM - Software Distribution Service 3.0
    RP910: 10/13/2011 1:14:38 PM - Installed Windows Internet Explorer 8.
    RP911: 10/13/2011 1:39:36 PM - Installed Windows Internet Explorer 8.
    RP912: 10/13/2011 4:14:07 PM - Installed Microsoft Fix it 50228
    RP913: 10/13/2011 4:34:44 PM - Software Distribution Service 3.0
    RP914: 10/13/2011 4:40:11 PM - Software Distribution Service 3.0
    RP915: 10/14/2011 3:00:22 AM - Software Distribution Service 3.0
    RP916: 10/14/2011 7:54:58 AM - Software Distribution Service 3.0
    RP917: 10/15/2011 3:00:26 AM - Software Distribution Service 3.0
    RP918: 10/15/2011 1:45:27 PM - Installed Windows Internet Explorer 8.
    RP919: 10/15/2011 1:55:42 PM - Software Distribution Service 3.0
    RP920: 10/15/2011 2:51:21 PM - Software Distribution Service 3.0
    RP921: 10/16/2011 3:00:20 AM - Software Distribution Service 3.0
    RP922: 10/16/2011 9:32:59 AM - Software Distribution Service 3.0
    RP923: 10/17/2011 7:49:23 AM - Software Distribution Service 3.0
    RP924: 10/17/2011 11:27:23 AM - Installed Angry Birds Seasons
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    5700_Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 7.0.9
    America Online (Choose which version to remove)
    Angry Birds
    Angry Birds Seasons
    AOL Spyware Protection
    AT&T Internet Security Wizard 1.5.11
    AT&T Toolbar
    ATT-HSI
    Bejeweled 2 Deluxe
    Bespelled
    Blasterball 2 Revolution
    Bluetooth Stack for Windows by Toshiba
    BPD_Scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    CC_ccProxyMSI
    CC_ccStart
    ccCommon
    CCleaner
    CD/DVD Drive Acoustic Silencer
    Critical Update for Windows Media Player 11 (KB959772)
    Cuisinart Recipe Widget
    Destinations
    DeviceManagementQFolder
    DocProc
    DocProcQFolder
    Driver Installer
    DVD-RAM Driver
    EPSON Printer Software
    ESPNMotion
    eSupportQFolder
    Facebook Plug-In
    Fax
    GemMaster Mystic
    getPlus(R) for Adobe
    Google Update Helper
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Imaging Device Functions 8.0
    HP OCR Software 8.0
    HP Officejet All-In-One Series
    HP Solution Center 8.0
    HP Update
    HPProductAssistant
    Ink Monitor
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    Intel(R) PROSet/Wireless Software
    InterVideo WinDVD Creator 2
    InterVideo WinDVD for TOSHIBA
    iPIX ActiveX Viewer
    J2SE Runtime Environment 5.0 Update 4
    J5700
    Java Auto Updater
    Java(TM) 6 Update 24
    LiveReg (Symantec Corporation)
    LiveUpdate 1.90 (Symantec Corporation)
    LogMeIn
    Macromedia Flash Player 8
    McAfee Security Scan Plus
    mCore
    mDrWiFi
    Metamail (Toshiba Registration Utility)
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB2572066)
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2000 Premium
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Meeting 2005
    Microsoft Office Live Meeting 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    Mozilla Firefox 7.0.1 (x86 en-US)
    mPfMgr
    mPfWiz
    mProSafe
    MSRedist
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 Parser and SDK
    mWlsSafe
    mXML
    mZConfig
    Nikon Message Center
    Nokia Connectivity Adapter Cable DKU-5
    Norton AntiSpam
    Norton AntiVirus
    Norton Internet Security
    Norton Internet Security (Symantec Corporation)
    Office 2003 Trial Assistant
    Open Book HVAC Certifications 4.2.00
    PictureProject
    PictureProject In Touch Downloader 1.0
    ProductContext
    QuickBooks
    QuickBooks Pro 2009
    QuickBooks Product Listing Service
    QuickTime
    RealPlayer Basic
    Realtek High Definition Audio Driver
    Scan
    SCRABBLE
    Scrabble Deluxe
    SD Secure Module
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB2559049)
    Security Update for Windows Internet Explorer 7 (KB2586448)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2491683)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2510581)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SMS (remove only)
    SolutionCenter
    Sonic DLA
    Sonic Encoders
    Sonic RecordNow!
    Status
    Super Granny 5 (remove only)
    SupportSoft Assisted Service
    Symantec Script Blocking Installer
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Toolbox
    TOSHIBA Assist
    TOSHIBA ConfigFree
    TOSHIBA Controls
    TOSHIBA Game Console
    TOSHIBA Hotkey Utility
    TOSHIBA PC Diagnostic Tool
    TOSHIBA Power Saver
    TOSHIBA SD Memory Card Format
    TOSHIBA Software Modem
    TOSHIBA Software Upgrades
    TOSHIBA Speech System Applications
    TOSHIBA Speech System SR Engine(U.S.) Version1.0
    TOSHIBA Speech System TTS Engine(U.S.) Version1.0
    TOSHIBA TouchPad ON/Off Utility
    TOSHIBA TV Tuner 4.0.12.73
    TOSHIBA Utilities
    TOSHIBA Virtual Sound
    TOSHIBA Zooming Utility
    TrayApp
    Uniblue RegistryBooster
    Uniblue SystemTweaker
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    Viewpoint Media Player
    WebEx
    WebFldrs XP
    WebReg
    WildTangent Web Driver
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB2502898
    Windows XP Media Center Edition 2005 KB888316
    Windows XP Media Center Edition 2005 KB894553
    Windows XP Media Center Edition 2005 KB895678
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    WinZip 15.5
    Word Slinger
    Yahoo! Browser Services
    Yahoo! Internet Mail
    Yahoo! Messenger
    Yahoo! Music Engine
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/13/2011 5:45:07 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    10/13/2011 2:26:38 PM, error: Microsoft Antimalware [2001] -
    10/12/2011 9:35:02 AM, error: Service Control Manager [7000] - The Microsoft .NET Framework v1.1.4322 Update service failed to start due to the following error: Access is denied.
    10/12/2011 9:29:36 AM, error: Service Control Manager [7034] - The .NET Runtime Optimization Service v2.0.50727_X86 service terminated unexpectedly. It has done this 1 time(s).
    10/12/2011 9:14:23 AM, error: Service Control Manager [7034] - The Microsoft .NET Framework v1.1.4322 Update service terminated unexpectedly. It has done this 1 time(s).
    10/11/2011 9:52:22 PM, error: PlugPlayManager [12] - The device 'MATSHITA DVD-RAM UJ-841S' (IDE\CdRomMATSHITA_DVD-RAM_UJ-841S________________1.60____\5&226f6cf2&0&0.0.0) disappeared from the system without first being prepared for removal.
    10/11/2011 9:52:21 PM, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
    10/11/2011 9:35:17 AM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    10/11/2011 9:17:59 AM, error: Service Control Manager [7000] - The McAfee Security Scan Component Host Service service failed to start due to the following error: Access is denied.
    10/11/2011 9:17:59 AM, error: DCOM [10005] - DCOM got error "%5" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
    10/11/2011 7:46:00 PM, error: Service Control Manager [7024] - The Symantec Network Drivers Service service terminated with service-specific error 4294967295 (0xFFFFFFFF).
    10/11/2011 7:15:28 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
    10/11/2011 6:33:57 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the QBCFMonitorService service to connect.
    10/11/2011 6:33:57 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified.
    10/11/2011 6:28:16 PM, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 001302C9478E. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    10/11/2011 6:13:56 PM, error: Service Control Manager [7034] - The ActivePCOptimizer Service service terminated unexpectedly. It has done this 1 time(s).
    10/11/2011 2:16:34 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LogMeIn with arguments "" in order to run the server: {C3ADA61A-4E0E-48D4-A2B1-AE5F76D01044}
    10/11/2011 10:43:23 AM, error: Service Control Manager [7034] - The McAfee Security Scan Component Host Service service terminated unexpectedly. It has done this 1 time(s).
    10/10/2011 9:48:12 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
    .
    ==== End Of File ===========================
     
  7. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    What is this program? AV: PC Cleaners

    Also you still have Norton IS installed, is this still used, is license current
     
  8. sonicdog13

    sonicdog13 Thread Starter

    Joined:
    Oct 13, 2011
    Messages:
    8
    Maybe AVG i had tried to download it a few times when this all started and as far as Norton i don't think the lic is current
     
  9. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Not AVG, it is not installed. OK do the following:

    Download and install the Norton removal tool from Here

    Alternative link

    Install and run the tool, follow any prompts that are given.

    Next,

    Install and run Microsoft Security Essentials:
    Go Here and hit the "Download it free today" tab, follow the prompts. Once installed it will want to update and carry out a quick scan, allow that to happen. Let me know if it finds anything...

    Kevin
     
  10. sonicdog13

    sonicdog13 Thread Starter

    Joined:
    Oct 13, 2011
    Messages:
    8
    I also have an old McAfee, new CCleaner and Uniblue RegistryBooster should i take them out also? I have tried before to install Microsoft Security Essentials but it asks me to update and it cant connect for some reason maybe cuz i cant use Internet Explorer?
     
  11. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    You have McAfee security scan plus is that only stand alone scanner? if so you can leave it. Yes remove Registry Booster, they do more harm than good.

    Run the following lets see if the infection has set any junctions..

    • Please download Junction.zip and save it to your desktop.
    • Unzip it and put junction.exe in the Windows directory (C:\Windows). so you have C:\Windows\Junction.exe
    • Now go to Start > Run to open a run box > Copy and paste the following command in the open run box and click OK:

      cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    • A command window will open and the system will be scanned.
    • Wait until a log file opens.
    • Copy and paste log in your next reply
     
  12. sonicdog13

    sonicdog13 Thread Starter

    Joined:
    Oct 13, 2011
    Messages:
    8
    Junction v1.06 - Windows junction creator and reparse point viewer
    Copyright (C) 2000-2010 Mark Russinovich
    Sysinternals - www.sysinternals.com


    Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.


    ...
    Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe: Access is denied.




    ...

    ...


    Failed to open \\?\c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow: Access is denied.


    ...


    Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\1d4te66h.exe: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(1).exe: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(2).exe: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(3).exe: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis.exe: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill(1).com: Access is denied.



    Failed to open \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill.com: Access is denied.


    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...
    Failed to open \\?\c:\\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe: Access is denied.




    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...


    Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    .
    Failed to open \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini: Access is denied.


    ..

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    ...

    .
    Failed to open \\?\c:\\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe: Access is denied.



    Failed to open \\?\c:\\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe: Access is denied.


    ..

    ...

    ...

    ...
    Failed to open \\?\c:\\WINDOWS\system32\MRT.exe: Access is denied.




    ...

    ...

    ...

    ..No reparse points found.
     
  13. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Do the following:

    Please run the following:
    • please download GrantPerms.zip and save it to your desktop.
    • Unzip the file and run GrantPerms.exe
    • Copy and paste the following in the edit box:

      Code:
      c:\\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
      c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db
      c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow
      c:\\Documents and Settings\Carrie\My Documents\Downloads\1d4te66h.exe
      c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(1).exe
      c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(2).exe
      c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(3).exe
      c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis.exe
      c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill(1).com
      c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill.com
      c:\\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
      c:\\Qoobox\BackEnv
      c:\\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini
      c:\\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
      c:\\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      c:\\WINDOWS\system32\MRT.exe
      
    • Now Click Unlock.
    • When it is done click "OK".
    • Now click List Permissions and post the result (Perms.txt) that pops up.
    • A copy of Perms.txt will be saved in the same directory the tool is run.

    Next,
    Please download OTM by OldTimer.
    Alternative Mirror 1
    Alternative Mirror 2
    Save it to your desktop.
    Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
    • Copy the text between the dotted lines below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

      -------------------------------------------------------------------

      :Files
      c:\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini
      :Commands
      [EmptyTemp]
      [Reboot]

      ---------------------------------------------------------------------
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
    • Click the red [​IMG] button.
    • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
    • Close OTM
    Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

    If the machine reboots, the Results log can be found here:

    c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss is the date of the tool run.
    ..
    Next see if MSE will install, if so update and do a quick scan.

    Let me see logs from GrantPerms, OTM and if MSE installs/finds anything....
     
  14. sonicdog13

    sonicdog13 Thread Starter

    Joined:
    Oct 13, 2011
    Messages:
    8
    Ok i hope i did this one correctly I was able to get MSE and ran a scan but i didn't see a log or anything in the history maybe i am missing something

    GrantPerms by Farbar
    Ran by Carrie at 2011-10-17 17:51:53

    ===============================================
    \\?\c:\\Documents and Settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\Local Settings\Application Data\Microsoft\CardSpace\CardSpaceSP2.db.shadow

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\1d4te66h.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(1).exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(2).exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis(3).exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\HijackThis.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill(1).com

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Documents and Settings\Carrie\My Documents\Downloads\rkill.com

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\Qoobox\BackEnv

    Owner: BUILTIN\Administrators

    DACL(NP)(AI):
    BUILTIN\Administrators FULL ALLOW (CI)(OI)(I)
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)(I)
    CREATOR OWNER FULL ALLOW (CI)(OI)(IO)(I)
    BUILTIN\Users READ/EXECUTE ALLOW (CI)(OI)(I)
    BUILTIN\Users ADD SUBDIRECTORY ALLOW (CI)(I)
    BUILTIN\Users ADD FILE ALLOW (CI)(I)


    \\?\c:\\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    \\?\c:\\WINDOWS\system32\MRT.exe

    Owner: BUILTIN\Administrators

    DACL(P)(AI):
    BUILTIN\Administrators FULL ALLOW (NI)
    NT AUTHORITY\SYSTEM FULL ALLOW (NI)
    BUILTIN\Users READ/EXECUTE ALLOW (NI)


    All processes killed
    ========== FILES ==========
    c:\WINDOWS\assembly\GAC_MSIL\Desktop(3).ini moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Carrie
    ->Temp folder emptied: 72404638 bytes
    ->Temporary Internet Files folder emptied: 8497802 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 92939667 bytes
    ->Flash cache emptied: 1957 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 7092306 bytes
    ->Flash cache emptied: 456 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 7436 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: QBDataServiceUser17
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 49501 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1131562 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 301736680 bytes

    Total Files Cleaned = 462.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 10172011_175504

    Files moved on Reboot...
    C:\WINDOWS\temp\MpCmdRun.log moved successfully.
    File C:\WINDOWS\temp\TMP000000352214ABA50DBA803D not found!
    File C:\WINDOWS\temp\TMP0000003E22054F3E993927E5 not found!

    Registry entries deleted on Reboot...
     
  15. kevinf80

    kevinf80 Malware Specialist

    Joined:
    Mar 21, 2006
    Messages:
    10,148
    Mse does not produce a log as such, it would show if anything had been found during its scan, that would have been seen by selecting the History tab in the main interface.

    Use you system freely for 24 hours, post back and let me know if you have any issues... We`ll clean up if all is OK, just leave all tools in place for now...

    It`s 2:45 am local time for me, sleepy time me thinks. Been a longgggggggggggggg day..

    Cheers,

    Kevin
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1022147