Jump to content

landen

Members
  • Posts

    11
  • Joined

  • Last visited

Reputation

0 Neutral
  1. These are the logs. Jumping back to my laptop. Thanks -Landen CA File (after full bootup) - original earlier scan of K: was ok. Removed and reformatted Ready Boost but not using it. Started scanning at 10/2/2010 12:10:38 AM. Engine Ver: 36.1.0. Sig Ver:7888. Sig Date: 10/1/2010. ArcLib Ver: 8.2.6.3. C:\pagefile.sys - Could not open the file. C:\Boot\BCD - Could not open the file. C:\Boot\BCD.LOG - Could not open the file. C:\Documents and Settings\Administrator\NTUSER.DAT - Could not open the file. C:\Documents and Settings\Administrator\ntuser.dat.LOG1 - Could not open the file. C:\Documents and Settings\Administrator\ntuser.dat.LOG2 - Could not open the file. C:\Documents and Settings\Administrator\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db - Could not open the file. C:\Documents and Settings\Administrator\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow - Could not open the file. C:\Documents and Settings\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat - Could not open the file. C:\Documents and Settings\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - Could not open the file. C:\Documents and Settings\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - Could not open the file. C:\Documents and Settings\Administrator\AppData\Local\Microsoft\Windows Defender\FileTracker\{C0386F7C-707F-4351-B67A-C8E5C64ED251} - Could not open the file. C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\uncrypt.exe - Win32/Keylogger.U trojan. Deleted. C:\Documents and Settings\Administrator\DoctorWeb\Quarantine\uncrypt0.exe - Win32/Keylogger.U trojan. Deleted. C:\Documents and Settings\Administrator\Local Settings\Microsoft\CardSpace\CardSpaceSP2.db - Could not open the file. C:\Documents and Settings\Administrator\Local Settings\Microsoft\CardSpace\CardSpaceSP2.db.shadow - Could not open the file. C:\Documents and Settings\Administrator\Local Settings\Microsoft\Windows\UsrClass.dat - Could not open the file. C:\Documents and Settings\Administrator\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - Could not open the file. C:\Documents and Settings\Administrator\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - Could not open the file. C:\Documents and Settings\Administrator\Local Settings\Microsoft\Windows Defender\FileTracker\{C0386F7C-707F-4351-B67A-C8E5C64ED251} - Could not open the file. C:\Documents and Settings\All Users\Microsoft\Crypto\RSA\MachineKeys\30dd8ca769f99ffea408887f400ed1b4_8025f66c-7168-4ae5-984b-9a1e5aac2b38 - Could not open the file. C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - Could not open the file. C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - Could not open the file. C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - Could not open the file. C:\Documents and Settings\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - Could not open the file. C:\Program Files (x86)\TurboTax\Home & Business 2006\32bit\IDADOFx1.EXE - may be infected with Win32/ASuspect.HHPLN unknown type. Quarantined. C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\30dd8ca769f99ffea408887f400ed1b4_8025f66c-7168-4ae5-984b-9a1e5aac2b38 - Could not open the file. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log - Could not open the file. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log - Could not open the file. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Could not open the file. C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb - Could not open the file. C:\System Volume Information\{38088~1 - Could not open the file. C:\System Volume Information\{41DE0~1 - Could not open the file. C:\System Volume Information\{41DE0~2 - Could not open the file. C:\System Volume Information\{41DE0~3 - Could not open the file. C:\System Volume Information\{CDFB9~1 - Could not open the file. C:\Users\Administrator\NTUSER.DAT - Could not open the file. C:\Users\Administrator\ntuser.dat.LOG1 - Could not open the file. C:\Users\Administrator\ntuser.dat.LOG2 - Could not open the file. C:\Users\Administrator\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db - Could not open the file. C:\Users\Administrator\AppData\Local\Microsoft\CardSpace\CardSpaceSP2.db.shadow - Could not open the file. C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat - Could not open the file. C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 - Could not open the file. C:\Users\Administrator\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 - Could not open the file. C:\Users\Administrator\AppData\Local\Microsoft\Windows Defender\FileTracker\{C0386F7C-707F-4351-B67A-C8E5C64ED251} - Could not open the file. C:\Users\Administrator\Local Settings\Microsoft\CardSpace\CardSpaceSP2.db - Could not open the file. C:\Users\Administrator\Local Settings\Microsoft\CardSpace\CardSpaceSP2.db.shadow - Could not open the file. C:\Users\Administrator\Local Settings\Microsoft\Windows\UsrClass.dat - Could not open the file. C:\Users\Administrator\Local Settings\Microsoft\Windows\UsrClass.dat.LOG1 - Could not open the file. C:\Users\Administrator\Local Settings\Microsoft\Windows\UsrClass.dat.LOG2 - Could not open the file. C:\Users\Administrator\Local Settings\Microsoft\Windows Defender\FileTracker\{C0386F7C-707F-4351-B67A-C8E5C64ED251} - Could not open the file. C:\Users\All Users\Microsoft\Crypto\RSA\MachineKeys\30dd8ca769f99ffea408887f400ed1b4_8025f66c-7168-4ae5-984b-9a1e5aac2b38 - Could not open the file. C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSS.log - Could not open the file. C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\MSStmp.log - Could not open the file. C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\tmp.edb - Could not open the file. C:\Users\All Users\Microsoft\Search\Data\Applications\Windows\Windows.edb - Could not open the file. C:\Windows\bthservsdp.dat - Could not open the file. C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT - Could not open the file. C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - Could not open the file. C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 - Could not open the file. C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - Could not open the file. C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - Could not open the file. C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT - Could not open the file. C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - Could not open the file. C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 - Could not open the file. C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun-2D-421CFC91-A93E-42AB-A35C-F06F127FCC44.lock - Could not open the file. J:\0160f69a53357925e170\install.exe - Could not open the file. Files Scanned: 2263215 Files Infected: 3 Files Cleaned \ Deleted: 2 Files Quarantined: 1 Memory Infections: 0 Memory Infections Cleaned: 0 Boot Infections: 0 Boot Infections Cleaned: 0 Top infections found during scan (Limited to 10). Win32/Keylogger.U Win32/ASuspect.HHPLN Files not Cleaned\Deleted\Quarantined (Limit 100): 0 Finished scanning at 10/2/2010 7:16:15 AM. MALB Protection-log-2010-10-02 00:00:03 Administrator MESSAGE Protection started successfully 00:00:07 Administrator MESSAGE IP Protection started successfully 00:02:57 Administrator MESSAGE IP Protection stopped 00:03:00 Administrator MESSAGE Database updated successfully 00:03:00 Administrator MESSAGE IP Protection started successfully 00:10:06 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent QUARANTINE 00:10:07 Administrator ERROR Quarantine failed: UtilityReadFile failed with error code 2 01:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 01:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 02:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 02:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 03:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 03:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 04:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 04:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 05:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 05:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 06:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 06:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 07:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 07:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 08:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 08:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 09:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 09:08:22 Administrator MESSAGE Protection started successfully 09:08:26 Administrator MESSAGE IP Protection started successfully 09:12:05 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent QUARANTINE 09:12:06 Administrator ERROR Quarantine failed: UtilityReadFile failed with error code 2 09:59:59 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 10:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 11:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 11:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY 12:00:00 Administrator ERROR Scheduled update failed: WinHttpSendRequest failed with error code 12007 12:10:00 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE Trojan.Agent DENY Regular MALB log Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4733 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18943 10/2/2010 5:58:22 AM mbam-log-2010-10-02 (05-58-22).txt Scan type: Full scan (C:\|D:\|K:\|) Objects scanned: 743279 Time elapsed: 5 hour(s), 50 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  2. Yes. Dr Web. It finished in the middle of the night (which is probably half the problem because I was asleep and got up to check it). I saved the log when the scan completed (although I remember how weak the GUI was about selecting a location for it - I think the option was "log" and then press "Save"). I did another save after I pressed delete siggen or K:/Uncrypt.exe (within the same Dr. Web session assuming an append or new log) because I wanted you to see that part two in case it didn't delete it as hoped. Then I just brought the machine back up in Safe Mode and ran the virus scan and MALB from the command prompt. MALB and CA Internet had a fit with Dr Web still being on my machine so I got back up and let CA remove the Dr Web .exe (which I assumed was OK at the time, but I guess it wasn't). The CA command prompt scan also found the quarantined Dr. Web files and deleted them and now the Dr Web directory doesn't exist (per the CA log I'm sending). Dr. Web is in my Recycle Bin, but the log/logs are not. I'll put the machine on-line long enough to post so you can see what CA did and MALB did. The machine wasn't fully back up to check for the log (which I should have done, but I wasn't getting on-line either until the new scans finished so it didn't matter). Could the second pressing of save overwrite the original scan log within the same session? It doesn't explain why the logs aren't on the desktop or why the folder Dr. Web was in are gone. That must have been me trying to do this in the middle of the night. Logs on their way. - Landen
  3. Hey there Mr. Charlie. I'm unable to find the Dr. Watson log file. I did a search for it on c:. Is it suppose to be on the desktop? Also, I got the Seupd.exe Malware warning again during the other scans last night. Thanks -Landen.
  4. Hi Mr. Charlie. I have an update, but I can't send the Dr. Web log yet. I wanted to log in Safe Mode first and run my CA Internet virus software and MALB from the command line before I brought the machine completely back up and connect it back to the Internet. I had to do a hard reboot to get the machine to recycle. It stalled forever and then came up with a real (or fake) "Login Process has Failed to create the security options - Failure Security Options" dialog which seemed odd to come up when trying to shut down. The Dr. Web software found 2 things. Towards the beginning it found a virus in the Lynksys update which was waiting for me to install. It moved it. Then, I think it found the llittle grean monster on my ReadyBoost RAM USB stick (K:\Uncrypt.exe identified as Backdoor.Siggen.3208). It couldn't cure it and there's 2 USB sticks in the machine along with other storage locations and I didn't have the drive letters memorized. I knew which one the ReadyBoost files were on, but I didn't know/remember what drive letter it was assigned to. I had to pull the stick out and get it to try to rescan K: and when Dr. Web said the drive didn't exist, I knew which one I was dealing with. I put it back in and it allowed me to delete it (which I didn't see the option for when it first came up or I would have done that - I thought I was stuck and didn't want to get out of that safe mode created by the software until that thing was history). Anyway, I double checked that the file did not exist (including hidden) so when the scans are finished, I'll bring it up normally and send the logs over. Maybe it wasn't spotted because I concentrated so much on c:? One things clear - you know and I don't, so I'll send everything over in a bit. Thanks again -Landen. BTW: If you were puzzled by the LogMeIn leftovers on my machine, that was the first software I took off when this thing hit me. The other thing is the machine was purchased off the floor of Best Buy and they didn't restore it like they were supposed to. I waited on the Geeks there long enough for them to do it, but didn't know until I got back from my trip. When I got home, it still had/has a Best Buy group policy associated with it. I spent hours on the phone with them just trying to get them to restore the machine like they were supposed to, but the Best Buy I purchased it from was 3 hours away (I stopped on the way home and they had 1 left of the model I wanted). They would not let me/pay for me to take it to the local Best Buy to have them do a fresh install. If you saw the remnants of a Best Buy Group Policy, that's why. Thanks again.
  5. OK Mr Charlie. It did require a reboot, but when it came back up the txt came up with it. I checked the MovedFiles dir and this was the latest (only?) one. Thanks again! -Landen All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LogMeIn GUI deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LvLXPiejlk+ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Mquxe deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\CleanSetup deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found. File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found. File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found. File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found. File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\pure-go\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4746C79A-2042-4332-8650-48966E44ABA8}\ deleted successfully. File {4746C79A-2042-4332-8650-48966E44ABA8} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found. File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{301df3ff-96db-11dd-872a-001ec950e8dd}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{301df3ff-96db-11dd-872a-001ec950e8dd}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{301df3ff-96db-11dd-872a-001ec950e8dd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{301df3ff-96db-11dd-872a-001ec950e8dd}\ not found. File L:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d69c3691-298c-11de-96a9-001ec950e8dd}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d69c3691-298c-11de-96a9-001ec950e8dd}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d69c3691-298c-11de-96a9-001ec950e8dd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d69c3691-298c-11de-96a9-001ec950e8dd}\ not found. File N:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d69c3691-298c-11de-96a9-001ec950e8dd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d69c3691-298c-11de-96a9-001ec950e8dd}\ not found. File N:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d69c3691-298c-11de-96a9-001ec950e8dd}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d69c3691-298c-11de-96a9-001ec950e8dd}\ not found. File N:\SETUP.EXE not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\P\ deleted successfully. File P:\setup.exe not found. ADS C:\ProgramData\TEMP:C46995DA deleted successfully. ADS C:\Program Files\Common Files\System:ag9bgjmstAcVDV82Wci1u1FSbEIqx deleted successfully. ADS C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies:28uNiZ6OH2mqif2jzRDLHAvCjY deleted successfully. ADS C:\ProgramData\TEMP:C8B8CEBD deleted successfully. ADS C:\ProgramData\Microsoft:csZT9PpRV7Q0ZP3nmeoAYv deleted successfully. ADS C:\ProgramData\Microsoft:oMn8XL918BxoDoqhpGjq9WD6 deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32\\Drivers32 VIDC.XVID not found. ========== FILES ========== C:\Users\Administrator\Desktop\bbju8gxj.exe moved successfully. ========== COMMANDS ========== File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. HOSTS file reset successfully [EMPTYTEMP] User: Administrator ->Temp folder emptied: 28619908 bytes ->Temporary Internet Files folder emptied: 12666218 bytes ->Java cache emptied: 45861578 bytes ->Google Chrome cache emptied: 251110188 bytes ->Flash cache emptied: 62423 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Experience ->Temp folder emptied: 1436583 bytes ->Temporary Internet Files folder emptied: 32768 bytes User: Mcx1 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2340073 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 22016 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 88741294 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 18332394 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 429.00 mb OTL by OldTimer - Version 3.2.14.1 log created on 09302010_160603 Files\Folders moved on Reboot... File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot. C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\embeded[1].txt scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\globe32[1].png scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\template.rab[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__ICSAgent64.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__LMIinit.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__LMIinit.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__LMIprinter.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__LMIprinter.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__LogMeIn.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__LogMeIn.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__raabout.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__racodec.ax[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__ramaint.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x64__ra_reboot.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LMIGuardian.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LMIGuardianDll.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LMImirr.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LMImirr2.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LMIprinternt.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LMIprinterui.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LMIprocnt.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LMIRfsClientNP.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__LogMeInToolkit.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__raabout.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__rahook.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__rainst.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__rntfywnd.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WQAQZ93M\x86__rntfywnd.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\SurveyScriptsNS[1].js scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\white_gradient[1].png scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__LMIGuardian.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__LMIGuardian.exe[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__LMImirr.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__LMImirr.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__LMIprinterui.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__LMIprinterui.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__LogMeInSystray.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__LogMeInSystray.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__racodec.ax[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__rahook.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__rntfywnd.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x64__rntfywnd.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__LMIGuardianDll.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__LMIGuardianEvt.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__LMImirr2.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__LMIport.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__LMIprinterui.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__LMIprinteruint.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__LMIRfsClientNP.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__LogMeIn.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__openssl.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__racodec.ax[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__rainst.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__ramaint.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__zip.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UCTAYNB5\x86__zip.exe[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\main[1].css scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\raupdate.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\RequiredFieldsNS[1].js scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__LMIGuardianDll.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__LMIGuardianDll.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__LMImirr2.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__LMImirr2.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__LMIproc.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__LMIproc.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__LogMeInToolkit.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__openssl.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__rahook.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__rainst.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__zip.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x64__zip.exe[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__LMIGuardianEvt.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__LMIinit.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__LMIport.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__LMIprinter.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__LMIprinteruint.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__LMIproc.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__LogMeIn.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__LogMeInSystray.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__raabout.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__rahook.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__ramaint.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q0JU3LXV\x86__ra_reboot.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\raupdate.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\template.rab[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\View[1].aspx scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\white_gradient[1].png scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__LMIGuardianEvt.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__LMIGuardianEvt.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__LMIport.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__LMIport.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__LMIRfsClientNP.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__LMIRfsClientNP.dll[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__openssl.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__raabout.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__rainst.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x64__ramaint.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__ICSAgent32.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__LMIGuardian.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__LMIinit.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__LMImirr.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__LMIprinter.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__LMIprinternt.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__LMIproc.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__LMIprocnt.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__LogMeInSystray.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__openssl.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__racodec.ax[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__rahook9x.dll[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__ra_sc.exe[1].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P6OKTF57\x86__ra_sc.exe[2].cab scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini scheduled to be moved on reboot. File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini scheduled to be moved on reboot. Registry entries deleted on Reboot...
  6. OK. Here they are Mr. Charlie. At some point during the scan the check box for "Skip Microsoft Files" checkmark appeared in the box. It wasn't checked when the scan started. I may be paranoid, but just wanted to let you know. Thanks - Landen. OTL.Txt Extras.Txt
  7. Yes. 64-bit Vista Ult. SP1. I don't know the name of the virus or malware that hit me, but when it started, I disconnected from the Internet and did research from an old laptop. The HiJackThis log below is from the time before I got back on the Internet (I think to purchase MALB) and tried to clean it up myself. I didn't know at the time malware software wasn't in CA's Suite. If I try to go to the Security Center in the Control Panel, the system now says "The Security Center Service Can't be started". Defender is up though. I recieved an Administrator warning about access to the registry as well (which never happened before) and then I used an app that ran as the system which enabled access again. Below is a HiJack log from the 24th with all the entries from "Lvbsufhfngruf" in it. I just did what I usually do and tried to figure out what happened. I haven't had a virus/malware/trojan before. There are other things like trying to turn back on CA Real Time Security, it says ok and reboots, but it doesn't turn it on. My system randomly builds huge temp_1* and temp_2 directories almost a Gig in size (sporatically) in the appdata/local/temp dir (just over and over like it is trying to fill my disk). The main thing I "see" now is the c:/ProgramData/Updata/Seupd.exe attempt I thought MALB was stopping. I can't remember if the file existed, but it's not in there now. I also removed the temp .exe's added by this Lvbsufhfngruf registry values. This is the old log (if it helps). Thanks Mr. Charlie. Landen Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:52:38 AM, on 9/24/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe C:\Program Files (x86)\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Windows\SysWOW64\java.exe C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\SysWOW64\PSIService.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\MagicDisc\MagicDisc.exe C:\Program Files (x86)\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe C:\Program Files (x86)\CA\CA Internet Security Suite\ccprovsp.exe C:\Users\Administrator\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS5\dynamiclinkmanager.exe C:\Program Files (x86)\Common Files\Adobe\dynamiclink\CS5\dynamiclinkmanager.exe C:\Program Files\Adobe\Adobe After Effects CS5\Support Files\32\Adobe QT32 Server.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Administrator\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Administrator\Downloads\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsoctv.com/interactive-radar/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: ::1 localhost O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file) O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.1203.0\msneshellx.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [LELA] "C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [cctray] "C:\Program Files (x86)\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [uVS12 Preload] "C:\Program Files (x86)\Corel\Corel VideoStudio 12\uvPL.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LvbsufhfngdP] C:\Users\Administrator\AppData\Local\Temp\y1ks1.exe O4 - HKLM\..\Run: [Lvbsufhfngl/] C:\Users\Administrator\AppData\Local\Temp\gdi32.exe O4 - HKLM\..\Run: [Lvbsufhfngruf] C:\Users\Administrator\AppData\Local\Temp\wininst.exe O4 - HKLM\..\Run: [Lvbsufhfngupf] C:\Users\Administrator\AppData\Local\Temp\sysedit.exe O4 - HKLM\..\Run: [VetStart] "C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r O4 - HKLM\..\Run: [Lvbsufhfngosf] C:\Users\Administrator\AppData\Local\Temp\taskmgr.exe O4 - HKLM\..\Run: [Lvbsufhfngnb] C:\Users\Administrator\AppData\Local\Temp\cmd.exe O4 - HKLM\..\Run: [Lvbsufhfngph] C:\Users\Administrator\AppData\Local\Temp\setup.exe O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ynwnwf] RUNDLL32.EXE C:\Users\ADMINI~1\AppData\Local\Temp\msrcqxbq.dll,w O4 - HKCU\..\Run: [Mquxe] C:\Windows\system.exe O4 - HKCU\..\Run: [LvbsufhfngdP] C:\Users\Administrator\AppData\Local\Temp\y1ks1.exe O4 - HKCU\..\Run: [Lvbsufhfngrrc] C:\Users\Administrator\AppData\Local\Temp\winamp.exe O4 - HKCU\..\Run: [Lvbsufhfngre] C:\Users\Administrator\AppData\Local\Temp\win.exe O4 - HKCU\..\Run: [Lvbsufhfngne] C:\Users\Administrator\AppData\Local\Temp\mdm.exe O4 - HKCU\..\Run: [Lvbsufhfngl/] C:\Users\Administrator\AppData\Local\Temp\gdi32.exe O4 - HKCU\..\Run: [Lvbsufhfngruf] C:\Users\Administrator\AppData\Local\Temp\wininst.exe O4 - HKCU\..\Run: [Lvbsufhfngupf] C:\Users\Administrator\AppData\Local\Temp\sysedit.exe O4 - HKCU\..\Run: [Lvbsufhfngosf] C:\Users\Administrator\AppData\Local\Temp\taskmgr.exe O4 - HKCU\..\Run: [Lvbsufhfngnb] C:\Users\Administrator\AppData\Local\Temp\cmd.exe O4 - HKCU\..\Run: [Lvbsufhfngph] C:\Users\Administrator\AppData\Local\Temp\setup.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...tDetection2.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files (x86)\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files (x86)\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: mental ray Satellite 3.7.1 for Maya 2009 (64 bit) (RaySat2009Server) - Unknown owner - C:\Program Files\Autodesk\mrsat3.7.1-maya2009\bin\raysat2009server.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 19900 bytes
  8. I'm SO glad I got you to help me Mr. Charlie. I've been going through the threads and your threads seemed to lead to outcomes (not to say I read all threads or anything else). I just hoped I would be assigned to you. Thank you so much for your help! Landen The last part (Protection-Log-2010-09-30.txt) of this post shows the crazy characters and the quarentine file I get from MALB. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 9:43:47 AM, on 9/30/2010 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\CA\CA Internet Security Suite\cctray\cctray.exe C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Users\Administrator\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Users\Administrator\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wsoctv.com/interactive-radar/index.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O1 - Hosts: ::1 localhost O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [LELA] "C:\Program Files (x86)\Linksys\Linksys EasyLink Advisor\Linksys EasyLink Advisor.exe" /minimized O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" O4 - HKLM\..\Run: [cctray] "C:\Program Files (x86)\CA\CA Internet Security Suite\cctray\cctray.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [VetStart] "C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe" -r O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [CleanSetup] cmd /C rmdir /S /Q "C:\Users\Administrator\AppData\Local\Temp\nro.tmp\" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Mquxe] C:\Windows\system.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe O4 - Global Startup: Device Detector 3.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DevDtct2.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files (x86)\Digital Line Detect\DLG.exe O4 - Global Startup: Directrec Configuration Tool.lnk = C:\Program Files (x86)\Olympus\DeviceDetector\DirectrecConfig.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files (x86)\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: CaCCProvSP - Unknown owner - C:\Program Files (x86)\CA\CA Internet Security Suite\ccprovsp.exe O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: DM1Service - OLYMPUS IMAGING CORP. - C:\Program Files (x86)\Olympus\DeviceDetector\DM1Service.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files (x86)\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\WD\WD Anywhere Backup\MemeoBackgroundService.exe O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max Design 2009 64-bit 64-bit (mi-raysat_3dsMax2009_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_64server.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\SysWOW64\drivers\pclepci.sys O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: mental ray Satellite 3.7.1 for Maya 2009 (64 bit) (RaySat2009Server) - Unknown owner - C:\Program Files\Autodesk\mrsat3.7.1-maya2009\bin\raysat2009server.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files (x86)\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14137 bytes Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4722 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18943 9/30/2010 9:50:35 AM mbam-log-2010-09-30 (09-50-35).txt Scan type: Flash scan Objects scanned: 120520 Time elapsed: 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Protection-Log-2010-09-30.txt: 03:00:10 Administrator MESSAGE Scheduled update executed successfully 03:00:11 Administrator MESSAGE IP Protection stopped 03:00:14 Administrator MESSAGE Database updated successfully 03:00:15 Administrator MESSAGE IP Protection started successfully 07:00:09 Administrator MESSAGE Scheduled update executed successfully 07:00:09 Administrator MESSAGE IP Protection stopped 07:00:13 Administrator MESSAGE Database updated successfully 07:00:13 Administrator MESSAGE IP Protection started successfully 09:27:50 Administrator DETECTION C:\ProgramData\UPDATE\SEUPD.EXE ???????????????? ????????????????????????????? ?????????????????????????????
  9. Hi. I've watched other threads here for the past few days and I don't know what else to do than ask for help. This machine was infected (I believe 9/19 late through early 9/20). Malwarebytes started picking it up when I bought and installed it that night (just had virus software, but the settings we'ren't correct). I'm sure you will find more, but right now MAB's down to the hourly c:/ProgramData/update/SEUPD.EXE attempt. The original (whatever it was): - accessed the host file and added 2 IP addresses (this is one - 212.117.179.25) - added a lot of lines to the registry under the name lvbsufhfngruf (not there now) - added this to User and Machine under RUN: msrcqxbg.dll (with an argument letter, but I can't find it) - added files and directories to the [%User%]/local/Appdata/Temp/ dir GDI32.exe - among other things I'm sure you've seen before so I won't rattle on. There's a lot of startup program disabled in Windows security (I think MAB did throughout the past couple days). If you need them, please let me know. I tried to run the dds.scr script, but I only recieved one text file which looks crazy, but I'm attaching it. I really appreciate your help. I can't believe of all machines this happened to this one, but I should have paid better attention to it's security. Thank you So much for your help. I am getting so far behind it's crazy. Landen mbam_Upload_Files.zip
  10. Hi everyone. I don't join or post as a rule and just wanted to say hello to the group, but what a mess I "hope" I just cleaned up. This was my 1st personal attack (I'm usually clean up other people's messes) but to think this bomb that went off in my machine and was able to add 2 IP addresses to my host file (212.117.178.25 and another). I'm mad at myself for not looking there. I physically disconnected immediately, but it looked like I received every virus/maleware/trogan, etc developed between 8-2008 and 9-2010. Any, hi all. L
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.