Jump to content

domer7

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Reputation

1 Neutral
  1. Have downloaded latest version but cannot get it to open. Downloaded MB Support tool and have attached log zip file mbst-grab-results.zip
  2. Maurice, Below is the log for a full MBAM scan. Regards, domer MBAM Log 6-2-13 Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2013.06.02.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Steve & Anita :: HOMEMAIN [administrator] Protection: Disabled 6/2/2013 11:04:59 AM mbam-log-2013-06-02 (11-04-59).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 393684 Time elapsed: 1 hour(s), 23 minute(s), 56 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Maurice, Thank you for all your help. The desktop is cluttered as I have kept all of the different tools and logs downloaded and created through this cleanup / repair process. I will move all the log files to a separate folder in My Documents. I will still need to uninstall all of the diagnostic tools. One item which still concerns me is the Windows Firewall Security message which states "The network connection settings have become corrupted." What does that mean with regards to my computer security? Is that repairable without re-installing Windows? Finally, I have purchased a new Windows 8 HP Laptop for my use while I am working away from home. Where would you suggest I go to set it up for best security performance? Thanks again for your help and perseverance with all our issues. All the best, domer
  4. One other odd thing that happens is as our desktop is loading, as all of the icons slowly turn from a generic Windows menu appearance to their unique icon, the screen blacks out momentarily then returns to the desktop. I noticed this occurs on both the administrator account and my daughter's desktop. Google Chrome and Yahoo e-mail seem to be working fine.
  5. Hi Maurice, Sorry for the delay in responding. I am working out of town for the next few months, so I need to determine if I can still work on this remotely. Since our last communication, MSE detected security risks. We ran an MSE scan Wednesday and found the following: Item 1 Category: Trojan Downloader ASX/Wimad.CG Description: This program is dangerous and downloads other programs. Recommended action: Remove this software immediately. Items: containerfile:C:\Documents and Settings\Steve & Anita\My Documents\My Music\My Music\New Music\Blues Travelers - 100 Years.wma containerfile:C:\Documents and Settings\Steve & Anita\My Documents\My Music\My Music\New Music\Blues Traveler\Blues Travelers - 100 Years.wma file:C:\Documents and Settings\Steve & Anita\My Documents\My Music\My Music\New Music\Blues Travelers - 100 Years.wma->(ASF_Script_Commands) file:C:\Documents and Settings\Steve & Anita\My Documents\My Music\My Music\New Music\Blues Traveler\Blues Travelers - 100 Years.wma->(ASF_Script_Commands) Item 2 Category: Trojan Downloader ASX/Wimad.AN Description: This program is dangerous and downloads other programs. Recommended action: Remove this software immediately. Items: containerfile:C:\Documents and Settings\Evan\My Documents\My Music\iTunes\iTunes Music\Nasum - Circle Of Defeat.wma containerfile:C:\Documents and Settings\Evan\My Documents\My Music\iTunes\iTunes Music\Nasum - Shadows.wma file:C:\Documents and Settings\Evan\My Documents\My Music\iTunes\iTunes Music\Nasum - Circle Of Defeat.wma->(ASF_Script_Commands) file:C:\Documents and Settings\Evan\My Documents\My Music\iTunes\iTunes Music\Nasum - Shadows.wma->(ASF_Script_Commands) Item 3 Category: Trojan Downloader ASX/Wimad.DT Description: This program is dangerous and downloads other programs. Recommended action: Remove this software immediately. Items: containerfile:C:\Documents and Settings\Ilana\Local Settings\Application Data\iMesh\Partials\{EB9F32EE-6331-4D92-A34C-DEEE28B4EC48}.tmp file:C:\Documents and Settings\Ilana\Local Settings\Application Data\iMesh\Partials\{EB9F32EE-6331-4D92-A34C-DEEE28B4EC48}.tmp->(ASF_Script_Commands) Item 34 Category: Trojan Downloader Description: This program is dangerous and downloads other programs. Recommended action: Remove this software immediately. Items: containerfile:C:\Documents and Settings\Ilana\My Documents\My Music\iMesh\Red Solo Cup\Toby Keith\- Red Solo Cup - Toby Keith.mp3 file:C:\Documents and Settings\Ilana\My Documents\My Music\iMesh\Red Solo Cup\Toby Keith\- Red Solo Cup - Toby Keith.mp3->(ASF_Script_Commands) Ran a Malwarebytes scan this morning and it came back clean. What is interesting to me is the files indicated as the container files were downloaded a long time ago - months to years ago - and never found during other scans. Right now MSE has these quarantined. The host files are also on two other back-up drives used to back up data. Suggestions? domer7
  6. Maurice, We tried to run the MS Fixit tool. A pop-up came up stating "Fixit does not apply to your operating system or application version." Popup box had an OK button. Pressed OK button. Installation Wizard came up with a message saying "MS Fixit failed to process." Three. options offered - 1. Tell us what you think 2. Click for On-Line Help 3rd option ?? and Cancel button. My son pushed the cancel button. On another note, he noticed his account on this computer appears to have some issue as it takes a long time to load and when it does load, the desktop is blank and there is no task bar. He can access his files through the Task Manager option. He does not use this account that often as he does have a laptop he uses for college. Adminstrator account and my daughters account appear OK and our account is running well. Based on the failure of the Fixit tool, we did not run MBAM, Should we go ahead and run that scan anyway? domer7
  7. Yes, I am working out of town, but am trying to complete the next step through my family at home. Will post soon.
  8. Maurice, Downloaded latest version of each program. OTL did not create an extras log Security Check Log was blank. Both programs had previous versions on my desktop. OTL Log OTL logfile created on: 5/21/2013 12:50:03 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Steve & Anita\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.45 Gb Available Physical Memory | 72.60% Memory free 3.85 Gb Paging File | 3.48 Gb Available in Paging File | 90.41% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 149.04 Gb Total Space | 87.99 Gb Free Space | 59.04% Space Free | Partition Type: NTFS Computer Name: HOMEMAIN | User Name: Steve & Anita | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/05/21 12:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve & Anita\Desktop\OTL.exe PRC - [2013/04/26 15:24:42 | 000,423,144 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004/11/10 10:41:20 | 000,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe ========== Modules (No Company Name) ========== MOD - [2012/12/09 18:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2005/06/28 13:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ========== Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe -- (Roxio Upnp Server 9) SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9) SRV - [2013/05/15 10:46:17 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2013/01/27 11:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2009/08/24 19:01:08 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - [2007/02/27 17:20:22 | 001,204,416 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe -- (SandraTheSrv) SRV - [2007/02/27 17:19:14 | 000,123,064 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe -- (SandraDataSrv) SRV - [2004/11/10 10:41:20 | 000,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | System | Stopped] -- -- (UDFReadr) DRV - File not found [File_System | Boot | Stopped] -- -- (PQV2i) DRV - File not found [Kernel | System | Stopped] -- -- (PQIMount) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5) DRV - File not found [Kernel | System | Stopped] -- -- (Cdralw2k) DRV - File not found [Kernel | System | Stopped] -- -- (Cdr4_xp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\STEVE&~1\LOCALS~1\Temp\catchme.sys -- (catchme) DRV - [2013/05/21 12:25:07 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{FDE53EF9-88B3-4FD2-8002-BBFDFA3CB831}\MpKsl3b6072fd.sys -- (MpKsl3b6072fd) DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009/12/30 11:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt) DRV - [2009/08/14 06:45:24 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50) DRV - [2009/08/14 06:45:24 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50) DRV - [2009/06/30 10:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2009/06/17 09:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009/06/17 09:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009/06/17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009/06/17 09:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2006/05/03 09:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/05/20 16:01:32 | 000,025,600 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe) DRV - [2005/05/20 16:01:26 | 000,068,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2005/05/20 16:01:00 | 000,036,480 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK) DRV - [2005/05/20 16:00:48 | 000,054,528 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/18 16:21:00 | 000,189,568 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp) DRV - [2004/03/19 05:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004/02/23 20:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003/12/19 02:00:00 | 000,006,656 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cinemsup.sys -- (Cinemsup) DRV - [2003/10/31 04:22:38 | 000,077,312 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\viasraid.sys -- (viasraid) DRV - [2003/08/05 19:43:04 | 000,159,744 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k) DRV - [2003/04/19 02:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tandpl.sys -- (tandpl) DRV - [2003/03/04 02:50:00 | 000,073,134 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2) DRV - [2003/03/04 02:50:00 | 000,053,870 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2) DRV - [2003/03/02 19:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\enodpl.sys -- (enodpl) DRV - [2002/10/15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.focusonthefamily.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 14 A3 6F 2E 3C 3D CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {F1F5A2C9-FFD1-4C0F-A7FE-57135955C4EE} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search IE - HKCU\..\SearchScopes\{F1F5A2C9-FFD1-4C0F-A7FE-57135955C4EE}: "URL" = http://www.google.co...utputEncoding?} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Steve & Anita\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\Steve & Anita\Application Data\Move Networks\plugins\npqmp071505000010.dll (Move Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/11/17 11:00:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\Steve & Anita\Application Data\Move Networks [2009/09/29 15:08:42 | 000,000,000 | ---D | M] [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: http://www.google.com CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Move Streaming Media Player (Enabled) = C:\Documents and Settings\Steve & Anita\Application Data\Move Networks\plugins\npqmp071505000010.dll CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Google Docs = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Search = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Gmail = C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013/05/12 09:32:30 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKCU..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: vetcentric.com ([]https in Trusted sites) O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} https://support.micr...ActiveX/odc.cab (Microsoft PID Sniffer) O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.s...abs/tgctlsr.cab (Reg Error: Key error.) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool) O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.) O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6CE2CB9D-B559-4F0C-AEA9-3F0D829E0F77}: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/04/09 18:31:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/05/21 12:44:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve & Anita\Desktop\OTL.exe [2013/05/14 12:21:45 | 000,354,299 | ---- | C] (Farbar) -- C:\Documents and Settings\Steve & Anita\Desktop\FSS.exe [2013/05/14 09:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Application Data\WinPatrol [2013/05/14 09:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinPatrol [2013/05/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2013/05/14 09:51:59 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios [2013/05/14 09:50:04 | 000,906,440 | ---- | C] (BillP Studios) -- C:\Documents and Settings\Steve & Anita\Desktop\wpsetup.exe [2013/05/14 09:20:19 | 000,238,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2013/05/14 09:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2013/05/14 07:34:35 | 011,091,432 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Steve & Anita\Desktop\mseinstall.exe [2013/05/13 10:31:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013/05/13 10:30:57 | 000,000,000 | ---D | C] -- C:\JRT [2013/05/13 10:20:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Documents and Settings\Steve & Anita\Desktop\JRT.exe [2013/05/13 10:20:06 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steve & Anita\Desktop\tdsskiller.exe [2013/05/13 10:19:42 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Steve & Anita\Desktop\aswMBR.exe [2013/05/12 21:29:18 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve & Anita\Desktop\Steve & Anita.exe [2013/05/12 21:29:17 | 000,000,000 | ---D | C] -- C:\rsit [2013/05/12 18:20:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile [2013/05/12 18:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix [2013/05/12 09:17:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013/05/12 09:17:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013/05/12 09:17:20 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013/05/12 09:17:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013/05/12 09:16:30 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/05/12 09:14:05 | 005,069,265 | R--- | C] (Swearware) -- C:\Documents and Settings\Steve & Anita\Desktop\Combo-Fix.exe [2013/05/11 20:22:15 | 000,167,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.f764.deleteme [2013/05/11 20:20:56 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine [2013/05/11 20:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2013/05/11 20:09:08 | 083,811,088 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Steve & Anita\Desktop\msert.exe [2013/05/11 20:04:31 | 011,163,168 | ---- | C] (McAfee Inc) -- C:\Documents and Settings\Steve & Anita\Desktop\stinger32.exe [2013/05/11 18:49:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\PackageAware [2013/05/11 14:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Desktop\RK_Quarantine [2013/05/11 14:22:46 | 001,752,992 | ---- | C] (Bleeping Computer, LLC) -- C:\Documents and Settings\Steve & Anita\Desktop\rkill.com [2013/04/28 15:37:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\Application Data\FastStone [2013/04/28 15:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\FastStone Image Viewer [2013/04/28 15:36:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FastStone Image Viewer [2013/04/24 10:35:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve & Anita\My Documents\Contacts [2011/12/27 13:36:56 | 069,341,552 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesSetup.exe ========== Files - Modified Within 30 Days ========== [2013/05/21 12:48:13 | 000,890,825 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SecurityCheck.exe [2013/05/21 12:45:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/05/21 12:44:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve & Anita\Desktop\OTL.exe [2013/05/21 12:34:36 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/05/21 12:28:26 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/05/21 12:28:06 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/05/21 12:24:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/05/21 07:11:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/05/15 14:15:40 | 001,236,054 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Firewall Advanced.bmp [2013/05/15 14:14:44 | 001,236,054 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Firewall Exceptions.bmp [2013/05/15 13:45:25 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013/05/15 13:41:07 | 000,003,154 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\MSIServer.reg [2013/05/15 13:40:59 | 000,005,848 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SharedAccess.reg [2013/05/15 10:46:15 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/05/15 10:46:15 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/05/14 17:16:25 | 000,003,658 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\wscsvc.reg [2013/05/14 17:15:59 | 000,001,040 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\LEGACY_WSCSVC.reg [2013/05/14 12:42:05 | 000,561,112 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\My Documents\DPE.DUS [2013/05/14 12:18:19 | 000,354,299 | ---- | M] (Farbar) -- C:\Documents and Settings\Steve & Anita\Desktop\FSS.exe [2013/05/14 09:50:11 | 000,906,440 | ---- | M] (BillP Studios) -- C:\Documents and Settings\Steve & Anita\Desktop\wpsetup.exe [2013/05/14 09:15:54 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2013/05/14 07:48:49 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Microsoft Office Word 2007.lnk [2013/05/14 07:39:28 | 000,866,592 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Norton_Removal_Tool.exe [2013/05/14 07:34:35 | 011,091,432 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Steve & Anita\Desktop\mseinstall.exe [2013/05/13 10:24:23 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\MBR.dat [2013/05/13 10:20:42 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Documents and Settings\Steve & Anita\Desktop\JRT.exe [2013/05/13 10:20:16 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Steve & Anita\Desktop\tdsskiller.exe [2013/05/13 10:19:42 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Steve & Anita\Desktop\aswMBR.exe [2013/05/12 21:27:30 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\RSIT.exe [2013/05/12 18:20:52 | 000,002,690 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile.reg [2013/05/12 18:18:47 | 000,004,382 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix.reg [2013/05/12 18:11:52 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile.zip [2013/05/12 18:11:41 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix.zip [2013/05/12 09:32:30 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013/05/12 09:14:19 | 005,069,265 | R--- | M] (Swearware) -- C:\Documents and Settings\Steve & Anita\Desktop\Combo-Fix.exe [2013/05/11 23:02:45 | 000,000,168 | RH-- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger.opt [2013/05/11 22:59:08 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger_11052013_202814.html [2013/05/11 20:26:54 | 000,000,645 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger_11052013_202056.html [2013/05/11 20:22:12 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.f764.deleteme [2013/05/11 20:17:22 | 000,469,668 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\runtime.dat [2013/05/11 20:09:13 | 083,811,088 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Steve & Anita\Desktop\msert.exe [2013/05/11 20:04:31 | 011,163,168 | ---- | M] (McAfee Inc) -- C:\Documents and Settings\Steve & Anita\Desktop\stinger32.exe [2013/05/11 18:47:22 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk [2013/05/11 14:23:50 | 000,816,128 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\RogueKiller.exe [2013/05/11 14:22:52 | 001,752,992 | ---- | M] (Bleeping Computer, LLC) -- C:\Documents and Settings\Steve & Anita\Desktop\rkill.com [2013/05/11 14:14:48 | 000,773,002 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Contact Prescription 2013.jpg [2013/05/10 14:32:35 | 002,682,648 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Relo Agreement.jpg [2013/05/10 14:30:26 | 001,145,803 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Relo Form.jpg [2013/05/10 11:34:26 | 000,009,223 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\hijackthis log 5-10-13 [2013/05/03 11:22:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/05/02 08:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe [2013/05/01 15:13:58 | 000,000,312 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\My Documents\spider.sav [2013/04/29 12:50:51 | 000,000,278 | ---- | M] () -- C:\WINDOWS\hpqcopy.INI [2013/04/29 10:07:27 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\Microsoft Office Excel 2007.lnk [2013/04/28 15:36:29 | 000,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk [2013/04/27 14:21:19 | 000,071,003 | -H-- | M] () -- C:\Documents and Settings\Steve & Anita\My Documents\hpothb07.tif [2013/04/22 11:49:54 | 000,003,394 | ---- | M] () -- C:\Documents and Settings\Steve & Anita\Desktop\attachments_2013_04_22.zip [2013/04/22 09:25:53 | 000,198,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2013/05/15 14:15:40 | 001,236,054 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Firewall Advanced.bmp [2013/05/15 14:14:44 | 001,236,054 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Firewall Exceptions.bmp [2013/05/15 13:41:06 | 000,003,154 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\MSIServer.reg [2013/05/15 13:40:55 | 000,005,848 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SharedAccess.reg [2013/05/15 09:43:41 | 000,002,076 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk [2013/05/15 09:43:41 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk [2013/05/14 17:16:24 | 000,003,658 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\wscsvc.reg [2013/05/14 17:15:57 | 000,001,040 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\LEGACY_WSCSVC.reg [2013/05/14 12:41:59 | 000,561,112 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\My Documents\DPE.DUS [2013/05/14 09:25:35 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job [2013/05/14 09:15:54 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2013/05/14 09:15:36 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk [2013/05/14 07:39:25 | 000,866,592 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Norton_Removal_Tool.exe [2013/05/13 10:24:23 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\MBR.dat [2013/05/12 21:27:29 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\RSIT.exe [2013/05/12 18:24:27 | 000,004,382 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix.reg [2013/05/12 18:24:07 | 000,002,690 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile.reg [2013/05/12 18:11:51 | 000,000,618 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_regfile.zip [2013/05/12 18:11:40 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\xp_txt_fix.zip [2013/05/12 09:17:20 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013/05/12 09:17:20 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013/05/12 09:17:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013/05/12 09:17:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013/05/12 09:17:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013/05/11 23:02:45 | 000,000,168 | RH-- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger.opt [2013/05/11 20:28:14 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger_11052013_202814.html [2013/05/11 20:20:56 | 000,000,645 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\Stinger_11052013_202056.html [2013/05/11 20:17:17 | 000,469,668 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\runtime.dat [2013/05/11 18:47:22 | 000,000,925 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Revo Uninstaller Pro.lnk [2013/05/11 14:23:47 | 000,816,128 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\RogueKiller.exe [2013/05/11 14:14:48 | 000,773,002 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Contact Prescription 2013.jpg [2013/05/11 07:52:41 | 000,890,825 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SecurityCheck.exe [2013/05/10 14:30:26 | 001,145,803 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Relo Form.jpg [2013/05/10 14:29:45 | 002,682,648 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\SF Relo Agreement.jpg [2013/05/10 11:34:26 | 000,009,223 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\hijackthis log 5-10-13 [2013/05/03 11:22:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/04/28 15:36:28 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FastStone Image Viewer.lnk [2013/04/22 11:49:45 | 000,003,394 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Desktop\attachments_2013_04_22.zip [2013/04/12 08:55:32 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2013/04/12 08:55:32 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2013/04/12 08:55:31 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2013/02/08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012/02/28 19:48:50 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011/03/06 17:14:14 | 000,000,329 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Application Data\burnaware.ini [2011/01/03 22:15:25 | 000,001,534 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini [2010/10/27 20:27:44 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/10/27 20:22:43 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2010/08/07 19:48:43 | 000,000,064 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\default.pls [2010/07/04 13:22:27 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi [2010/01/07 00:41:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\imageCache8_UNI.db [2009/12/17 12:28:46 | 012,177,408 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sandra.mda [2009/12/06 13:25:47 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Application Data\DMX.bmk [2009/12/04 08:41:42 | 000,315,692 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\rx_image.Cache [2007/03/09 20:39:09 | 000,000,120 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Application Data\FixVTS.ini [2007/02/08 20:31:55 | 016,133,564 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\imageCache7.db [2006/04/14 21:25:15 | 000,335,360 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\audioCache8_UNI.db [2006/04/11 20:49:42 | 000,003,135 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/04/10 21:57:23 | 000,064,512 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/04/09 23:22:30 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Steve & Anita\Local Settings\Application Data\fusioncache.dat ========== ZeroAccess Check ========== [2006/04/09 23:21:19 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009/12/21 22:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment ========== LOP Check ========== [2012/05/24 21:52:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\18242 [2013/02/03 21:49:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2011/03/19 21:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\312FD [2012/11/08 23:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3AEA [2007/12/24 19:55:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3 [2011/05/15 16:53:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo [2006/06/13 20:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund [2007/03/22 21:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/05/15 15:16:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate [2006/11/29 00:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaLife [2009/05/03 13:44:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings [2010/03/20 21:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PhotoShow Shared Assets [2010/03/20 21:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc [2007/02/06 22:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2010/03/20 21:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall [2013/04/19 17:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VS Revo Group [2013/04/16 22:37:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2011/12/27 13:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2013/05/11 19:33:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0 [2012/05/24 21:34:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Ashampoo [2010/01/12 11:18:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Auslogics [2009/11/24 17:50:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Backup MyPC Deluxe [2010/03/31 14:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\ElevatedDiagnostics [2006/04/09 23:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\IsolatedStorage [2007/03/22 21:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Leadertech [2006/08/16 09:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\MediaLife [2010/03/20 21:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Simple Star [2012/07/14 15:49:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Tific [2007/02/06 22:43:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\Ulead Systems [2012/05/23 22:27:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\uTorrent [2013/05/14 09:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve & Anita\Application Data\WinPatrol ========== Purity Check ========== < End of report >
  9. Thanks Maurice, I will be home tomorrow and have these steps completed by 2:00 pm PDT. domer
  10. Maurice, I am going to be out of town starting tomorrow through next Monday, returning Tuesday. I will have one day to perform next steps then I will be gone for another 10 days. During the second absence, if there are still steps to accomplish, I will turn it over to my son - college senior and very capable of following directions, though not as computer knowledgeable. Your instructions and help have been very clear and your help has been very gracious and greatly appreciated. Please do not close the thread. domer
  11. regedit complete. No change in Firewall Settings. Attached screen shots of Exceptions and Advanced tabs. Firewall ON is enabled Firewall Exceptions.bmp Firewall Advanced.bmp
  12. Maurice, I have never used a registry cleaner or optimizer I installed Win Patrol yesterday with Microsoft Security Essentials. As the mobsync is not harmful, I will click on except change so I can log out of regedit and move on to next steps. Regarding MS Word and Excel, the programs have not disappeared, however when I click on the item in the Start-All Programs option, Windows Installer starts up.
  13. Maurice, When I hit Apply, this WinPatrol ALert popped up - see attachment. I have not gone any further. From your last request, here is information from msconfig: Selective Startup was checked with the following services also checked - Process SYSTEM.INI File Process WIN.INI File Load System Services Load Startup Items Button Enabled - Use Original BOOT.INI Look for Remote Procedure Call (RPC) Locator. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Checked but Stopped Look for Security Center. Is it shown? Is it checked? If not, click on chekbox to checkmark. Not Listed Look for Windows Firewall. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Not Listed Look for Windows Installer. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Not Listed Look for Windows Management Instrumentation. Is it shown ? Is it checked? If not, click on that checkbox to checkmark. Checked and Running When done, press the Apply button, and the OK button. WinPatrol Alert.bmp
  14. Maurice. I did download and use the Norton Product removal tool. Microsoft Security Essentials is running. In trying to merge the two registry files, the first one imported OK. The second one did not and an error message popped up - Cannot Import LEGACY_WSCSVC.REG : Error accessing Registry. Not sure what I should do next, but am out of REGEDIT. I could not attache the error message as I am unsure how to insert the PrintScreen capture without Word or Excel installed at the moment. Found out both had been deleted at some point today. No change in Firewall Security Center settings as described in previous post. domer
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.