Jump to content

Outgoing IP's Blocked


Recommended Posts

Hi, please see attached copy of DDS. I am having two or three addresses blocked outgoing and incoming.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.2.0

Run by mxxxx at 23:53:06 on 2012-01-29

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2399 [GMT -6:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

svchost.exe

svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\audio\r213367\stacsv.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\WINDOWS\system32\svchost.exe -k HPService

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\WINDOWS\system32\AESTFltr.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\DellTPad\Apoint.exe

C:\WINDOWS\OA001Mon.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\WLTRAY.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\Kaseya\PVTNTW85654557333111\KaUsrTsk.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\RealVNC\VNC4\WinVNC4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Southwest Airlines\Ding\Ding.exe

C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Program Files\SolidWorks Enterprise PDM\EdmServer.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\system32\NOTEPAD.EXE

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://oc-startpage.aol.com

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://start.facemoods.com/?a=fmtoby&s={searchTerms}&f=4

uURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll

mURLSearchHooks: AOL Toolbar Search Class: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - c:\program files\aol toolbar\aoltb.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: {04eb382a-4b48-4de7-a570-b0307b9b13c7} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - c:\program files\aol toolbar\aoltb.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - c:\program files\aol toolbar\aoltb.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [OA001Mon] c:\windows\OA001Mon.exe

mRun: [Conisio Login Manager] "c:\progra~1\solidw~1\EDMSER~1.EXE" /runatlogin

mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe

mRun: [KASHPVTNTW85654557333111] "c:\program files\kaseya\pvtntw85654557333111\KaUsrTsk.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\docume~1\mrobin~1\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

dPolicies-explorer: NoWindowsUpdate = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

LSP: mswsock.dll

Trusted Zone: whiteglovetech.com\m1

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 94.63.240.131 www.google.com

Hosts: 94.63.240.132 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\mrobinson\application data\mozilla\firefox\profiles\sl9aazxu.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oyq7hf0eZ&&i=26&search=

FF - plugin: c:\documents and settings\mrobinson\local settings\application data\robloxversions\version-09a201d8e5f247c7\NPRobloxProxy.dll

FF - plugin: c:\documents and settings\mrobinson\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\browser\nppdf32(2).dll

FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oyq7hf0eZ&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 2c91e843000000000000c417fe84e6bd

FF - user.js: extensions.incredibar_i.hardId - 2c91e843000000000000c417fe84e6bd

FF - user.js: extensions.incredibar_i.instlDay - 15357

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2718:44:25

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6Oyq7hf0eZ

FF - user.js: extensions.incredibar_i.upn2n - 92260742927265753

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 3

.

============= SERVICES / DRIVERS ===============

.

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-7-13 108392]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2010-7-13 108392]

R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\documents and settings\all users\application data\fileopen\services\FileOpenManagerSvc32.exe [2011-3-9 212352]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-18 652872]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-7-13 2477304]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-8-19 112512]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-8-19 33832]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2010-8-19 240344]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-1-23 106104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-18 20464]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20120129.008\NAVENG.SYS [2012-1-29 86136]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20120129.008\NAVEX15.SYS [2012-1-29 1576312]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [2010-8-26 134144]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2010-8-26 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2010-8-26 281472]

S0 cerc6;cerc6; [x]

S0 oekqxb;oekqxb;c:\windows\system32\drivers\nkyvdxov.sys --> c:\windows\system32\drivers\nkyvdxov.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-8 136176]

S2 KAPVTNTW85654557333111;Kaseya Agent; [x]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2010-7-13 23888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-8 136176]

S3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [2011-6-20 17920]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe --> c:\program files\symantec\symantec endpoint protection\smclu\setup\smcinst.exe [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2012-01-30 04:49:48 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-01-30 04:49:48 141312 ----a-w- c:\windows\system32\javacpl.cpl

2012-01-25 04:53:19 -------- d-----w- c:\windows\system32\NtmsData

2012-01-23 14:59:46 -------- d-----w- c:\documents and settings\mrobinson\application data\Malwarebytes

2012-01-23 14:44:58 626688 ----a-w- c:\program files\mozilla firefox\msvcr80.dll

2012-01-23 14:44:58 548864 ----a-w- c:\program files\mozilla firefox\msvcp80.dll

2012-01-23 14:44:58 479232 ----a-w- c:\program files\mozilla firefox\msvcm80.dll

2012-01-23 14:44:58 43992 ----a-w- c:\program files\mozilla firefox\mozutils.dll

2012-01-23 14:31:21 -------- d-----w- c:\windows\system32\wbem\repository\FS

2012-01-23 14:31:21 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-23 14:30:56 -------- d-----r- c:\program files\Skype

2012-01-23 14:30:54 -------- d-----w- c:\program files\AOL Toolbar

2012-01-23 14:30:54 -------- d-----w- c:\documents and settings\mrobinson\local settings\application data\AOL Toolbar

2012-01-23 14:30:54 -------- d-----w- c:\documents and settings\all users\application data\AOL Toolbar

2012-01-23 14:29:38 -------- d-----w- c:\documents and settings\mrobinson\local settings\application data\Spotify

2012-01-23 14:29:38 -------- d-----w- c:\documents and settings\mrobinson\application data\Spotify

2012-01-22 00:45:28 -------- d-----w- c:\program files\MyHeritage

2012-01-18 00:45:26 -------- d-----w- c:\program files\BFlix

2012-01-18 00:44:27 -------- d-----w- c:\program files\Incredibar.com

2012-01-18 00:42:55 -------- d-----w- c:\documents and settings\all users\application data\InstallMate

2012-01-03 13:10:44 182672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2012-01-03 13:10:44 182672 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-01-30 04:49:28 567184 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-10 21:24:06 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-19 18:42:40 1110476 ----a-w- c:\program files\7-Zip.exe

.

============= FINISH: 23:54:34.21 ===============

Link to post
Share on other sites

:welcome: Hello mrlr2012,

Let's start with the following, which will give us a safety belt, and some new reports.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

Set Windows to show all files and all folders.

On your Desktop, double click My Computer, from the menu options, select tools, then Folder Options, and then select VIEW Tab and look at all of settings listed.

"CHECK" (turn on) Display the contents of system folders.

Under column, Hidden files and folders----choose ( *select* ) Show hidden files and folders.

Next, un-check Hide extensions for known file types.

Next un-check Hide protected operating system files.

Step 3

Take out the trash (temporary files & temporary internet files)

Please download ATF Cleaner by Atribune, saving it to your desktop. It is used to cleanout temporary files & temp areas used by internet browsers.

Start ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose: Select All

Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

ATF-Cleaner should be run per the above in every user-login account {User Profile}

Step 4

Important! => Open Notepad > Click on Format > Uncheck Word wrap, if checked. Exit Notepad.

Step 5

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Close all open windows on the Task Bar. Click the icon (for Vista, or Windows 7 Right click the icon and Run as Administrator) to start the program.
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes.
  • It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.
  • Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!
  • Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: here or here

  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

eusa_hand.gifIf one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.

Then copy/paste the following into your post (in order):

  • the contents of OTL.txt;
  • the contents of Extras.txt ; and
  • the contents of checkup.txt

Use the more reply options when starting a reply so you can have a full reporting capability.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

Link to post
Share on other sites

Good Morning. So last night after I added latest Java, I was able to access Google and all sites. This morning system started acting up,. Thank you for your note. I was able to get as far as the ATFCleaner but could not access. It showed up as "this ID doesn't exist!"

Thanks in advance. Any help is greatly appreciated. MRLR

Link to post
Share on other sites

I could not complete the ATF Cleaner, however, was able to Run the OldTimer Files: OLT here:

OTL logfile created on: 1/30/2012 9:34:37 AM - Run 1

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\mrobinson\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 73.93% Memory free

5.33 Gb Paging File | 4.63 Gb Available in Paging File | 86.94% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 232.88 Gb Total Space | 195.30 Gb Free Space | 83.87% Space Free | Partition Type: NTFS

Computer Name: MROBINSON-LT | User Name: mrobinson | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/30 09:28:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mrobinson\Desktop\OTL.exe

PRC - [2012/01/29 22:49:29 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2011/08/24 09:00:42 | 000,409,600 | ---- | M] (Kaseya International Limited) -- C:\Program Files\Kaseya\PVTNTW85654557333111\KaUsrTsk.exe

PRC - [2011/03/09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) -- C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe

PRC - [2010/08/30 08:10:05 | 000,438,272 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe

PRC - [2010/07/13 14:32:12 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2010/07/13 14:32:12 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2010/07/13 14:32:10 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

PRC - [2010/07/13 14:32:10 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

PRC - [2010/07/13 14:32:08 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

PRC - [2010/02/17 15:20:16 | 000,278,528 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2010/02/17 14:34:40 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2010/01/28 16:18:36 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA001Mon.exe

PRC - [2010/01/15 06:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

PRC - [2009/03/16 19:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe

PRC - [2009/03/16 19:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe

PRC - [2009/03/16 19:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe

PRC - [2009/01/31 23:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2009/01/31 21:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/04/14 01:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/06/22 14:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/08/23 15:32:42 | 000,446,464 | ---- | M] () -- C:\Program Files\Kaseya\PVTNTW85654557333111\libkacm.dll

MOD - [2011/05/28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

MOD - [2011/05/22 11:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll

MOD - [2010/10/20 21:19:04 | 000,266,240 | ---- | M] () -- C:\WINDOWS\system32\CHookExt.dll

MOD - [2010/06/01 10:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll

MOD - [2010/02/02 20:47:42 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\preflib.dll

MOD - [2010/02/02 20:45:58 | 000,757,760 | ---- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll

MOD - [2008/04/14 01:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (Smcinst)

SRV - File not found [Auto | Stopped] -- -- (KAPVTNTW85654557333111)

SRV - [2012/01/29 22:49:29 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2011/05/11 13:11:33 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)

SRV - [2011/03/09 17:02:58 | 000,212,352 | ---- | M] (FileOpen Systems Inc.) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe -- (FileOpenManagerSvc)

SRV - [2010/08/30 08:10:05 | 000,438,272 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)

SRV - [2010/07/13 14:32:12 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2010/07/13 14:32:12 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2010/07/13 14:32:10 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)

SRV - [2010/07/13 14:32:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)

SRV - [2010/07/13 14:32:08 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2010/01/15 06:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)

SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)

SRV - [2009/03/16 19:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)

SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

========== Driver Services (SafeList) ==========

DRV - [2012/01/16 03:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120129.008\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/01/16 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2012/01/16 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/01/16 03:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120129.008\NAVENG.SYS -- (NAVENG)

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)

DRV - [2011/06/23 10:09:02 | 000,017,920 | ---- | M] (Kaseya) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KAPFA.sys -- (KAPFA)

DRV - [2010/08/19 10:55:59 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2010/07/13 14:32:12 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2010/07/13 14:32:12 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)

DRV - [2010/07/13 14:32:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2010/07/13 14:32:06 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2010/07/13 14:32:06 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2010/07/13 14:32:06 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2010/07/13 14:32:06 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)

DRV - [2010/03/10 17:20:08 | 000,251,440 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2010/02/02 20:47:36 | 002,696,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)

DRV - [2010/01/28 16:20:32 | 000,281,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)

DRV - [2009/10/30 07:51:14 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)

DRV - [2009/08/04 13:56:28 | 000,240,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®

DRV - [2009/05/28 09:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx)

DRV - [2009/03/16 19:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2009/03/16 19:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)

DRV - [2009/03/06 14:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)

DRV - [2006/06/14 10:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4

IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://start.facemoods.com/?a=fmtoby

IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"

FF - prefs.js..keyword.URL: "http://mystart.incre...eZ&&i=26="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Documents and Settings\mrobinson\Local Settings\Application Data\RobloxVersions\version-09a201d8e5f247c7\\NPRobloxProxy.dll ()

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\mrobinson\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/28 12:39:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/23 08:45:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/23 09:25:09 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/11/28 12:39:00 | 000,000,000 | ---D | M]

[2011/08/23 09:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mrobinson\Application Data\Mozilla\Extensions

[2012/01/17 18:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mrobinson\Application Data\Mozilla\Firefox\Profiles\sl9aazxu.default\extensions

[2012/01/23 08:30:29 | 000,000,000 | ---D | M] (ShopToWin19) -- C:\Documents and Settings\mrobinson\Application Data\Mozilla\Firefox\Profiles\sl9aazxu.default\extensions\{1c772e68-28fd-41cd-91d4-ac0895836c70}

[2011/11/23 10:36:22 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Documents and Settings\mrobinson\Application Data\Mozilla\Firefox\Profiles\sl9aazxu.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

[2012/01/23 08:30:26 | 000,000,000 | ---D | M] (Bflix extension) -- C:\Documents and Settings\mrobinson\Application Data\Mozilla\Firefox\Profiles\sl9aazxu.default\extensions\info@thebflix.com

[2012/01/17 18:44:00 | 000,002,203 | ---- | M] () -- C:\Documents and Settings\mrobinson\Application Data\Mozilla\Firefox\Profiles\sl9aazxu.default\searchplugins\MyStart Search.xml

[2012/01/23 08:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/01/23 08:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions(2)

[2012/01/22 12:52:09 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions(2)\{972ce4c6-7e08-4474-a285-3208198ce6fd}(2)

[2011/12/21 01:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011/12/20 22:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011/08/19 12:42:42 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml

[2011/12/20 22:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/01/20 07:51:44 | 000,000,884 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 94.63.240.131 www.google.com

O1 - Hosts: 94.63.240.132 www.bing.com

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {04eb382a-4b48-4de7-a570-b0307b9b13c7} - No CLSID value found.

O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [Conisio Login Manager] C:\Program Files\SolidWorks Enterprise PDM\EdmServer.exe (Dassault Systemes SolidWorks Corp.)

O4 - HKLM..\Run: [KASHPVTNTW85654557333111] C:\Program Files\Kaseya\PVTNTW85654557333111\KaUsrTsk.exe (Kaseya International Limited)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11c_Plugin.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)

O4 - Startup: C:\Documents and Settings\mrobinson\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)

O4 - Startup: C:\Documents and Settings\mrobinson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 8388608

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found

O15 - HKLM\..Trusted Domains: whiteglovetech.com ([m1] * in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.co.../DellSystem.CAB (DellSystem.Scanner)

O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell....lSystemLite.CAB (DellSystemLite.Scanner)

O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_02)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = virydtech.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FF9D7E3-3D63-4879-984D-A1F4CC3EE2F7}: DhcpNameServer = 209.18.47.61 209.18.47.62

O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/08/19 10:35:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{bd08d891-e299-11df-9f44-0026b9a4585f}\Shell\AutoRun\command - "" = E:\setup.exe

O33 - MountPoints2\D\Shell - "" = AutoRun

O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autoRcd.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 09:28:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mrobinson\Desktop\OTL.exe

[2012/01/30 09:05:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/01/30 09:04:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/01/30 09:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/01/30 09:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Local Settings\Application Data\Sun

[2012/01/29 23:57:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun

[2012/01/29 23:46:45 | 000,000,000 | R--D | C] -- C:\Documents and Settings\mrobinson\Start Menu\Programs\Administrative Tools

[2012/01/29 22:52:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/01/29 22:49:48 | 000,637,848 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012/01/29 22:49:48 | 000,223,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/01/29 22:49:48 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/01/29 22:49:48 | 000,141,312 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/01/29 22:49:47 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/01/24 22:53:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2012/01/23 18:04:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump

[2012/01/23 08:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Application Data\Malwarebytes

[2012/01/23 08:30:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2012/01/23 08:30:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype

[2012/01/23 08:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar

[2012/01/23 08:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Local Settings\Application Data\AOL Toolbar

[2012/01/23 08:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar

[2012/01/23 08:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Local Settings\Application Data\Spotify

[2012/01/23 08:29:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Application Data\Spotify

[2012/01/22 13:22:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Desktop\Arianna Med's

[2012/01/22 02:38:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer

[2012/01/21 18:46:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\My Documents\MyHeritage

[2012/01/21 18:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\MyHeritage

[2012/01/20 10:10:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun

[2012/01/20 08:27:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2012/01/20 08:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2012/01/17 18:45:26 | 000,000,000 | ---D | C] -- C:\Program Files\BFlix

[2012/01/17 18:44:27 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com

[2012/01/17 18:42:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2012/01/16 13:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Desktop\Operations Department Folder

[2012/01/16 13:22:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Desktop\Forms

[2012/01/14 09:23:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Desktop\Craft Beer Pics

[2012/01/02 17:44:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Desktop\Christmas 2011

[2012/01/02 17:39:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Desktop\Ari's Birthday Dec 30 2011

[2012/01/02 09:27:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mrobinson\Desktop\Wendy's Wedding 2011

[2009/08/07 21:20:00 | 000,630,784 | ---- | C] ( ) -- C:\WINDOWS\System32\softcoin.dll

[2009/08/07 21:20:00 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\gencoin.dll

========== Files - Modified Within 30 Days ==========

[2012/01/30 09:33:12 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/01/30 09:28:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mrobinson\Desktop\OTL.exe

[2012/01/30 09:04:56 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\mrobinson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/01/30 09:04:53 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\NTREGOPT.lnk

[2012/01/30 09:04:53 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\ERUNT.lnk

[2012/01/30 08:58:34 | 000,484,374 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2012/01/30 08:58:34 | 000,080,730 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2012/01/30 08:54:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/01/30 08:54:49 | 000,028,219 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2012/01/30 08:54:07 | 000,190,150 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012/01/30 08:53:37 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/01/30 08:52:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/01/30 01:35:36 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/01/30 00:45:27 | 000,020,383 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\historic_caveman_117126_tns.png

[2012/01/30 00:37:20 | 000,004,403 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\Shutterstock Caveman w Cave.jpg

[2012/01/30 00:35:57 | 000,002,728 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\back of caveman shutterstock.jpg

[2012/01/30 00:31:30 | 000,002,562 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\Stock Caveman.jpg

[2012/01/30 00:14:48 | 000,011,180 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\caveman image.jpg

[2012/01/29 22:49:29 | 000,223,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe

[2012/01/29 22:49:29 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe

[2012/01/29 22:49:29 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe

[2012/01/29 22:49:29 | 000,141,312 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl

[2012/01/29 22:49:28 | 000,637,848 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012/01/29 22:49:28 | 000,567,184 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll

[2012/01/23 10:24:21 | 000,041,081 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\BofA Stmt_09_07_2011.pdf

[2012/01/23 08:59:43 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/23 08:45:09 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mrobinson\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2012/01/23 08:45:09 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2012/01/23 07:06:11 | 000,015,028 | ---- | M] () -- C:\Documents and Settings\mrobinson\nah_log.dat

[2012/01/20 12:30:15 | 000,599,358 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\2010-05-27_Capital_Area_CEDS_2010-2015.pdf

[2012/01/20 07:51:44 | 000,000,884 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2012/01/17 19:46:49 | 000,031,421 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\2009 and 2010 State per capita consumption.pdf

[2012/01/17 18:44:29 | 000,000,448 | ---- | M] () -- C:\user.js

[2012/01/16 13:54:41 | 000,072,167 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\Purdue Xcript Request Maureen Lee 1994.pdf

[2012/01/16 13:19:55 | 000,028,219 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2012/01/11 07:32:02 | 001,957,052 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\Alum Tub Pic 002.jpg

[2012/01/10 16:05:28 | 000,518,062 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\wia_plan_ext.pdf

[2012/01/09 08:43:28 | 000,014,356 | ---- | M] () -- C:\Documents and Settings\mrobinson\Desktop\The Prisoner WIne.jpg

========== Files Created - No Company Name ==========

[2012/01/30 09:04:56 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\mrobinson\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

[2012/01/30 09:04:53 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\NTREGOPT.lnk

[2012/01/30 09:04:53 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\ERUNT.lnk

[2012/01/30 00:45:27 | 000,020,383 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\historic_caveman_117126_tns.png

[2012/01/30 00:37:20 | 000,004,403 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\Shutterstock Caveman w Cave.jpg

[2012/01/30 00:35:57 | 000,002,728 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\back of caveman shutterstock.jpg

[2012/01/30 00:31:30 | 000,002,562 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\Stock Caveman.jpg

[2012/01/30 00:14:47 | 000,011,180 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\caveman image.jpg

[2012/01/23 10:24:21 | 000,041,081 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\BofA Stmt_09_07_2011.pdf

[2012/01/23 08:59:43 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/01/23 07:06:11 | 000,015,028 | ---- | C] () -- C:\Documents and Settings\mrobinson\nah_log.dat

[2012/01/20 12:30:12 | 000,599,358 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\2010-05-27_Capital_Area_CEDS_2010-2015.pdf

[2012/01/17 19:46:49 | 000,031,421 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\2009 and 2010 State per capita consumption.pdf

[2012/01/17 18:44:27 | 000,000,448 | ---- | C] () -- C:\user.js

[2012/01/16 13:54:41 | 000,072,167 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\Purdue Xcript Request Maureen Lee 1994.pdf

[2012/01/10 16:05:27 | 000,518,062 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\wia_plan_ext.pdf

[2012/01/09 08:43:28 | 000,014,356 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\The Prisoner WIne.jpg

[2012/01/07 14:17:38 | 001,957,052 | ---- | C] () -- C:\Documents and Settings\mrobinson\Desktop\Alum Tub Pic 002.jpg

[2011/11/28 12:15:42 | 000,207,226 | ---- | C] () -- C:\WINDOWS\hpwins28.dat

[2011/11/28 12:15:42 | 000,000,418 | ---- | C] () -- C:\WINDOWS\hpwmdl28.dat

[2011/11/24 19:47:40 | 000,057,720 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2011/08/19 12:42:26 | 001,110,476 | ---- | C] () -- C:\Program Files\7-Zip.exe

[2011/03/18 19:38:08 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll

[2011/03/18 19:38:06 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll

[2011/03/18 19:38:06 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE

[2010/12/18 15:09:55 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/10/20 21:19:04 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\CHookExt.dll

[2010/10/12 07:28:52 | 000,006,656 | ---- | C] () -- C:\Documents and Settings\mrobinson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/03 07:48:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI

[2010/09/02 11:30:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2010/08/19 11:00:40 | 000,028,219 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010/08/19 10:49:13 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2010/08/19 10:49:12 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2010/08/19 10:49:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2010/08/19 10:49:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2010/08/19 10:49:11 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2010/08/19 10:49:10 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2010/08/19 10:49:09 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2010/08/19 10:49:08 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2010/08/19 10:37:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/08/19 10:33:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/08/19 05:28:10 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/08/19 05:27:10 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll

[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe

[2008/04/14 01:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2008/04/14 01:00:00 | 000,484,374 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2008/04/14 01:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2008/04/14 01:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2008/04/14 01:00:00 | 000,080,730 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2008/04/14 01:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2008/04/14 01:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2008/04/14 01:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2008/04/14 01:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin

[2008/04/14 01:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2005/04/15 05:52:33 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2005/04/15 05:52:33 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

========== LOP Check ==========

[2010/09/02 09:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications

[2010/09/03 07:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes

[2011/03/15 09:32:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen

[2012/01/23 08:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate

[2010/12/23 06:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/12/15 11:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\.oit

[2010/09/03 07:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\DassaultSystemes

[2010/09/03 07:49:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\EDrawings

[2011/03/15 09:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\FileOpen

[2011/08/22 12:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\FileZilla

[2011/11/23 10:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\OpenCandy

[2011/11/28 13:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\Southwest Airlines

[2012/01/23 08:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\Spotify

[2011/12/07 16:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mrobinson\Application Data\Unity

========== Purity Check ==========

< End of report >

OTL Jan 30 945am.Txt

Extras Jan 30 945.Txt

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.30

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

Windows Firewall Enabled!

Symantec Endpoint Protection

McAfee Security Scan Plus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 7 Update 2

Adobe Flash Player 11.0.1.152

Adobe Reader X (10.1.2)

Mozilla Firefox (9.0.1)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

``````````End of Log````````````

Link to post
Share on other sites

You will want to print out or copy these instructions to Notepad for Safe offline reference!

These steps are for mrlr2012 only. If you are a casual viewer, do NOT try this on your system!

If you are not mrlr2012 and have a similar problem, do NOT post here; start your own topic

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

Close any open programs that you started. This next process will do a Restart/reboot at the end. Please allow it to do so.

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :OTL
    O2 - BHO: (no name) - {04eb382a-4b48-4de7-a570-b0307b9b13c7} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [KASHPVTNTW85654557333111]
    :files
    recycler /alldrives
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd08d891-e299-11df-9f44-0026b9a4585f}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

ALSO, tell me if the license is current on Symantec Endpoint Security ? and why this sys also has McAfee Security Scan ?

Link to post
Share on other sites

Close / exit OTL if in case it is still on-screen.

Close & save any open work documents you have open. Close any apps you started.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For a reference, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

If you have a prior copy of Combofix, delete it now !

Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop and SAVE it as BRAVO.COM.

Link 1

Link 2

Link 3

* IMPORTANT !!! SAVE AS BRAVO.COM to your Desktop

If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on BRAVO.com & follow the prompts.
  • Accept the EULA when prompted.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

Please watch Combofix as it runs, as you may see messages which require your response, or the pressing of OK button.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

-------------------------------------------------------

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

Even when ComboFix appears to be doing nothing, please have inifinite patience. It has many phases.

=

RE-Enable your AntiVirus and AntiSpyware applications after Combofix has finished.

Reply with copy of the C:\Combofix.txt

Link to post
Share on other sites

I finally finished the instructions. Below is the output of the ComboFix.txt document. Thank you again! I hope this works. It was something called: "rootkit.zeroaccess" - I understand very difficult to clean or fix...MRLR.

ComboFix 12-01-30.02 - mrobinson 01/31/2012 15:10:52.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2992 [GMT -6:00]

Running from: c:\documents and settings\mrobinson\Desktop\bravo.com

AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\data

c:\data\default\us_sres.data

c:\documents and settings\mrobinson\nah_log.dat

c:\program files\Incredibar.com

c:\program files\Incredibar.com\incredibar\1.5.3.27\incredibar.crx

c:\windows\$NtUninstallKB17509$

c:\windows\$NtUninstallKB17509$\2844719745

c:\windows\$NtUninstallKB17509$\876507227\@

c:\windows\$NtUninstallKB17509$\876507227\bckfg.tmp

c:\windows\$NtUninstallKB17509$\876507227\cfg.ini

c:\windows\$NtUninstallKB17509$\876507227\Desktop.ini

c:\windows\$NtUninstallKB17509$\876507227\keywords

c:\windows\$NtUninstallKB17509$\876507227\kwrd.dll

c:\windows\$NtUninstallKB17509$\876507227\L\gabpjmrw

c:\windows\$NtUninstallKB17509$\876507227\lsflt7.ver

c:\windows\$NtUninstallKB17509$\876507227\U\00000001.@

c:\windows\$NtUninstallKB17509$\876507227\U\00000002.@

c:\windows\$NtUninstallKB17509$\876507227\U\00000004.@

c:\windows\$NtUninstallKB17509$\876507227\U\80000000.@

c:\windows\$NtUninstallKB17509$\876507227\U\80000004.@

c:\windows\$NtUninstallKB17509$\876507227\U\80000032.@

c:\windows\EventSystem.log

.

c:\windows\system32\drivers\cdrom.sys was missing

Restored copy from - c:\windows\system32\dllcache\cdrom.sys

.

.

((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))

.

.

2012-01-31 21:20 . 2008-04-14 06:10 62976 -c--a-w- c:\windows\system32\dllcache\cdrom.sys

2012-01-31 21:20 . 2008-04-14 06:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys

2012-01-30 19:33 . 2012-01-30 19:33 -------- d-----w- C:\_OTL

2012-01-30 18:40 . 2012-01-30 18:40 -------- d-----w- c:\documents and settings\mrobinson\Local Settings\Application Data\ApplicationHistory

2012-01-30 16:35 . 2012-01-30 16:35 -------- d-----w- c:\documents and settings\mrobinson\Application Data\ElevatedDiagnostics

2012-01-30 15:04 . 2012-01-30 15:04 -------- d-----w- c:\program files\ERUNT

2012-01-30 15:00 . 2012-01-30 15:00 -------- d-----w- c:\documents and settings\mrobinson\Local Settings\Application Data\Sun

2012-01-30 05:57 . 2012-01-30 05:57 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Sun

2012-01-30 04:52 . 2012-01-30 04:52 -------- d-----w- c:\program files\Common Files\Java

2012-01-30 04:49 . 2012-01-30 04:49 141312 ----a-w- c:\windows\system32\javacpl.cpl

2012-01-30 04:49 . 2012-01-30 04:49 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-01-25 04:53 . 2012-01-25 04:53 -------- d-----w- c:\windows\system32\NtmsData

2012-01-23 14:59 . 2012-01-23 14:59 -------- d-----w- c:\documents and settings\mrobinson\Application Data\Malwarebytes

2012-01-23 14:44 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2012-01-23 14:44 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-01-23 14:44 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-01-23 14:44 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-01-23 14:31 . 2012-01-23 14:31 -------- d-----w- c:\windows\system32\wbem\Repository

2012-01-23 14:30 . 2012-01-23 14:30 -------- d-----r- c:\program files\Skype

2012-01-23 14:30 . 2012-01-23 14:30 -------- d-----w- c:\program files\AOL Toolbar

2012-01-23 14:30 . 2012-01-23 14:30 -------- d-----w- c:\documents and settings\mrobinson\Local Settings\Application Data\AOL Toolbar

2012-01-23 14:30 . 2012-01-23 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Toolbar

2012-01-23 14:29 . 2012-01-23 14:29 -------- d-----w- c:\documents and settings\mrobinson\Local Settings\Application Data\Spotify

2012-01-23 14:29 . 2012-01-23 14:29 -------- d-----w- c:\documents and settings\mrobinson\Application Data\Spotify

2012-01-22 08:38 . 2012-01-22 08:38 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2012-01-22 00:45 . 2012-01-23 14:28 -------- d-----w- c:\program files\MyHeritage

2012-01-20 14:28 . 2012-01-20 14:28 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2012-01-18 00:45 . 2012-01-23 14:30 -------- d-----w- c:\program files\BFlix

2012-01-18 00:44 . 2012-01-18 00:44 448 ----a-w- C:\user.js

2012-01-18 00:42 . 2012-01-23 14:30 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-30 04:49 . 2010-11-16 15:04 567184 ----a-w- c:\windows\system32\deployJava1.dll

2011-12-10 21:24 . 2011-06-18 23:03 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-11-28 19:51 . 2011-11-28 19:51 8192 ----a-r- c:\documents and settings\mrobinson\Application Data\Microsoft\Installer\{84031A18-BA9A-4156-A74F-E05B52DDFCE2}\Icon84031A18.exe

2011-11-25 21:57 . 2008-04-14 07:00 293376 ----a-w- c:\windows\system32\winsrv.dll

2011-11-23 13:29 . 2008-04-14 07:00 1868544 ----a-w- c:\windows\system32\win32k.sys

2011-11-18 12:35 . 2008-04-14 07:00 60416 ----a-w- c:\windows\system32\packager.exe

2011-11-04 19:20 . 2008-04-14 07:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-11-04 19:20 . 2008-04-14 07:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-11-04 19:20 . 2008-04-14 07:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-04 11:23 . 2008-04-14 07:00 385024 ----a-w- c:\windows\system32\html.iec

2011-11-03 15:28 . 2008-04-14 07:00 386048 ----a-w- c:\windows\system32\qdvd.dll

2011-11-03 15:28 . 2008-04-14 07:00 1292288 ----a-w- c:\windows\system32\quartz.dll

2011-08-19 18:42 . 2011-08-19 18:42 1110476 ----a-w- c:\program files\7-Zip.exe

2011-12-21 07:24 . 2011-08-23 15:35 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-28 13537280]

"nwiz"="nwiz.exe" [2008-08-28 1630208]

"NVHotkey"="nvHotkey.dll" [2008-08-28 90112]

"NvMediaCenter"="NvMCTray.dll" [2008-08-28 86016]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-07-13 115560]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-17 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-03-17 729088]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-02-17 278528]

"OA001Mon"="c:\windows\OA001Mon.exe" [2010-01-28 24576]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2010-02-03 2670592]

"KASHPVTNTW85654557333111"="c:\program files\Kaseya\PVTNTW85654557333111\KaUsrTsk.exe" [2011-08-24 409600]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]

.

c:\documents and settings\mrobinson\Start Menu\Programs\Startup\

DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]

ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KAPVTNTW85654557333111]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

.

R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [10/21/2011 3:23 PM 196176]

R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [10/13/2011 5:21 PM 249648]

R2 FileOpenManagerSvc;FileOpenManagerSvc;c:\documents and settings\All Users\Application Data\FileOpen\Services\FileOpenManagerSvc32.exe [3/9/2011 5:02 PM 212352]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/18/2011 5:03 PM 652360]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [8/19/2010 10:49 AM 112512]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [8/19/2010 10:49 AM 33832]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [8/19/2010 10:43 AM 240344]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [1/23/2012 9:23 AM 106104]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/18/2011 5:03 PM 20464]

R3 OA001Afx;Provides a software interface to control audio effects of OA001 camera.;c:\windows\system32\drivers\OA001Afx.sys [8/26/2010 11:19 AM 134144]

R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [8/26/2010 11:19 AM 133632]

R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [8/26/2010 11:19 AM 281472]

S0 cerc6;cerc6; [x]

S0 oekqxb;oekqxb;c:\windows\system32\drivers\nkyvdxov.sys --> c:\windows\system32\drivers\nkyvdxov.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/8/2011 2:12 PM 136176]

S2 KAPVTNTW85654557333111;Kaseya Agent; [x]

S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [7/13/2010 2:32 PM 23888]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/8/2011 2:12 PM 136176]

S3 KAPFA;KAPFA;c:\windows\system32\drivers\KAPFA.sys [6/20/2011 11:58 AM 17920]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 6:49 AM 227232]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 8:37 PM 4640000]

S3 Smcinst;Symantec Auto-upgrade Agent;c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe --> c:\program files\Symantec\Symantec Endpoint Protection\SmcLU\Setup\smcinst.exe [?]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/14/2008 1:00 AM 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - FileOpenWebPublisherScreenHookDriver

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HPService REG_MULTI_SZ HPSLPSVC

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 20:12]

.

2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-08 20:12]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

Trusted Zone: whiteglovetech.com\m1

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

FF - ProfilePath - c:\documents and settings\mrobinson\Application Data\Mozilla\Firefox\Profiles\sl9aazxu.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6Oyq7hf0eZ&&i=26&search=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6Oyq7hf0eZ&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 2c91e843000000000000c417fe84e6bd

FF - user.js: extensions.incredibar_i.hardId - 2c91e843000000000000c417fe84e6bd

FF - user.js: extensions.incredibar_i.instlDay - 15357

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2718:44

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6Oyq7hf0eZ

FF - user.js: extensions.incredibar_i.upn2n - 92260742927265753

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10606

FF - user.js: extensions.incredibar_i.ppd - 3

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-Symantec Antvirus

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-01-31 15:25

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3412)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\CHookExt.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe

c:\windows\System32\WLTRYSVC.EXE

c:\windows\System32\bcmwltry.exe

c:\program files\Common Files\Symantec Shared\ccSvcHst.exe

c:\drivers\audio\r213367\stacsv.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

c:\program files\RealVNC\VNC4\WinVNC4.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\RunDLL32.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe

c:\program files\DellTPad\Apntex.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-01-31 15:30:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-01-31 21:29

.

Pre-Run: 208,011,735,040 bytes free

Post-Run: 209,193,500,672 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 3E44D55F7B99CB2242250F20387B2CD2

Link to post
Share on other sites

Save and close any work documents, close any apps that you started.

Download to your Desktop FixPolicies.exe, by Bill Castner, MS-MVP, a self-extracting ZIP archive from

>>> here <<<

  • Double-click FixPolicies.exe.
  • Click the "Install" button on the bottom toolbar of the box that will open.
  • The program will create a new Folder called FixPolicies.
  • Double-click to Open the new Folder, and then double-click the file within: Fix_Policies.cmd.
  • A black box (command prompt windows) will briefly appear and then close.

Step 2

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste contents of latest MBAM scan log & tell me, How is the system now ?

Edited by Maurice Naggar
Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.