Jump to content

Adware? 1st System Check then Internet Security


caewe12
 Share

Recommended Posts

Make sure you turn off your antivirus program (temporarily).

Create a new folder on your C drive, name it ARK ===> C:\\ARK

Go Here and click the "Download EXE" button & Save the file to ARK folder

Double-click the exe. (If you get an immediate message about rootkit activity, ignore and proceed with instructuions please)

Click on the Rootkit/Malware Tab &

then, on the far right side, untick the Registry box,

then click Scan.

Scan progress will be shown at bottom of the program screen. Have "infinite" patience while it runs.

Once the scan is done, press the Copy button, then open NOTEPAD, Paste to it, and Save the file as Gmer.log in your ARK folder.

Attach the results here in your reply.

Re-Enable your anti-virus program

Link to post
Share on other sites

  • Replies 127
  • Created
  • Last Reply

Top Posters In This Topic

Give more details on your McAfee: The complete name of it & version number & what you are trying to do with it.

Is the issue that you can't disable it?

Is it licensed? and is it current ? or was it a trial edition? when did you first get it?

The more details you provide, the better all around to diagnose.

ALSO

Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.

  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Copy & Paste contents of both in next reply.

Link to post
Share on other sites

Hi,

The issue with the McAfee is that I cannot enable it. In Windows Security Center it states "McAfee Antivirus and Antispyware reports that it is turned off". There is a file in the Programs Folder McAfee Security Scan Plus but it is empty so not sure how to get more information about it. It was provided by my internet service provider Cox and I thought it was automatically updated. In the past if prompted to update it I have done so. Honestly as far as a time line.........I don't remember. Sorry. I fear I am pretty inept when it comes to computers, realizing I will need to educate myself a bit.

Ran RSIT. Here are the logs.

Logfile of random's system information tool 1.09 (written by random/random)

Run by Ekenbarger's at 2012-02-18 13:12:12

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 105 GB (71%) free of 149 GB

Total RAM: 2558 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:12:33 PM, on 2/18/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Napster\napster.exe

C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\system32\CTsvcCDA.EXE

C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

C:\Program Files\Norton Ghost\Agent\VProSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\wanmpsvc.exe

C:\WINDOWS\system32\MsPMSPSv.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\WINDOWS\system32\dlcccoms.exe

C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe

C:\Program Files\trend micro\Ekenbarger's.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - (no file)

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing)

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

O3 - Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - (no file)

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [selectRebates] C:\Program Files\SelectRebates\SelectRebates.exe

O4 - HKLM\..\Run: [wgjpPXjtqGl.exe] C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti

O4 - HKCU\..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\SPYBOT~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www6.iepdirect.com/ScriptX_6_5/smsx.cab

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} (BitDefender QuickScan Control) - http://quickscan.bitdefender.com/qsax/qsax.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} (Domino Web Access 7 Control) - https://e-talk1.whps.org/dwa7W.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O19 - User stylesheet: C:\Documents and Settings\Ekenbarger's\Recent\neopets.css.lnk (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe

O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--

End of file - 10381 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job

C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job

C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default<p>prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT3106777&SearchSource=13"

prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3, toolbar@shopathome.com:5.2.0.0, {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1, {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

prefs.js - "keyword.URL" - "

Link to post
Share on other sites

  • Please double-click OTL.exe otlDesktopIcon.png to run it. (Note: If you are running on Windows 7 or Vista, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    *****************************************************************
    :processes
    killallprocesses
    :files
    recycler /alldrives
    C:\Program Files\SelectRebates\SelectRebates.exe
    C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe
    C:\Documents and Settings\All Users\Application Data\isecurity.exe
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SelectRebates"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "wgjpPXjtqGl.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Internet Security"=-
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [EMPTYFLASH]
    [Reboot]
    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • Close any browser(s) windows that may be open.
  • Using your mouse, click on the red-lettered button Run Fix.
  • Once you see a message box "Fix complete! Click OK to open the fix log."
    Click the OK button
  • The log will open in Notepad (your default text editor).
  • Save the log. Post a copy of that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.

If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next, I suggest you de-install McAfee and get one (and only one) of these free anti-virus programs. Save the setup program to your Desktop. Do not run the setup program just yet.

Avira Free for home use http://www.avira.com/en/avira-free-antivirus

Avast http://www.avast.com/en-us/free-antivirus-download

MS Security Essentials http://windows.microsoft.com/en-US/windows/products/security-essentials

Click the Start button , click Control Panel, next select Programs, and then select Programs and Features.

De-install McAfee

Logoff and Restart the system.

Now then, run the Setup program for your new anti-virus program.

Bring up your new AV and do an UPDATE run to insure the new program is all up-to-date.

Run a full scan of your system and save the log.

Reply with a copy of OTL MovedFiles log and tell me about results of anti-virus scan.

This appears to be a tougher infection of the rogue. There is a lot more work to do.

Link to post
Share on other sites

Hi,

Quite frustrated at this point. Ran OTL. See log below. Uninstalled McAfee and downloaded Avira Free. Ran the scan but couldn't seem to find the log or how to save. Export log was the only option. Tried that and it wanted to run Active X which I was unsure about allowing. I know malware uses Active X sometimes. So I didn't allow it but then my computer wasn't responding and I had to close the window. Clicked on the ARO icon "Check PC for errors" and a pop up with a message appeared "Reminder registry errors and tweaks were remaining and your junk status was caution after your last scan. Buy now to repair all and have fewer errors on your PC...yada yada. There are two buttons - Keep these errors or Buy now and also a remove option. I went into the ARO folder via the Program Files folder and there are files but nothing that looks like a log to me. Extensions in the folder are exe, dll, Ini, dat, hta and bmp. Afraid to click on anything.

HELP!

All processes killed

========== PROCESSES ==========

========== FILES ==========

C:\RECYCLER\S-1-5-21-1946173170-350803515-410004273-1006 folder moved successfully.

C:\RECYCLER folder moved successfully.

recycler not found in D:\

F:\RECYCLER\S-1-5-21-1946173170-350803515-410004273-1006 folder moved successfully.

F:\RECYCLER folder moved successfully.

File\Folder C:\Program Files\SelectRebates\SelectRebates.exe not found.

File\Folder C:\Documents and Settings\All Users\Application Data\wgjpPXjtqGl.exe not found.

File\Folder C:\Documents and Settings\All Users\Application Data\isecurity.exe not found.

========== REGISTRY ==========

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\SelectRebates deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wgjpPXjtqGl.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Internet Security not found.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Ekenbarger's

->Temp folder emptied: 57072191 bytes

->Temporary Internet Files folder emptied: 8413002 bytes

->Java cache emptied: 182135 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 566 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 0 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Google Chrome cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 472808 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 49422 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 1874 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 63.00 mb

Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: Ekenbarger's

->Flash cache emptied: 0 bytes

User: LocalService

->Flash cache emptied: 0 bytes

User: NetworkService

User: Owner

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 02182012_141114

Files\Folders moved on Reboot...

C:\WINDOWS\temp\Perflib_Perfdata_1304.dat moved successfully.

File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1d04.dat not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi,

Not sure if this is relevant to anything but woke up this am and found an error message on the computer along with an Apple Update pop up. The Windows error message said "Generic Host Process for Win32 Services has encountered a problem........" it asked if I wanted to send a report. I have the error signature info if you think it is important I'll post it. Thanks. CAE

Link to post
Share on other sites

Please stop, and re-check very closely. How / where did you get "Aroscan" ?? This sounds like a rogue to me. Stop & do not do anything with it.

Next, a new run of OTL

Locate the OTL.exe on your Desktop

Double-click OTL.exe otlDesktopIcon.png to start it.

Look at the upper left of window. Press the pink color Quick Scan button.

Have patience while it runs.

It will produce a new log. Save it.

Copy and paste back here a copy of the new OTL.txt

Link to post
Share on other sites

Hi,

The ARO scanlog looks like the same information that popped up when I ran the scan. I did a file search and found it. I can tell you how (the pathway retraced) C:/Documents and Settings then Ekenbargers folders then Application Data then Sammsoft folder then ARO folder then Version 2012 folder and then in there were different files including AROscanlog.xml. Will run the OTL now. CAE

Link to post
Share on other sites

Okay. Ran the OTL. Will you be online later? I need to get some work done but this is a huge priority for me. Any idea what the time line for resolution might be? Thanks. CAE

OTL logfile created on: 2/19/2012 10:51:33 AM - Run 3

OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Ekenbarger's\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 78.06% Memory free

3.09 Gb Paging File | 2.73 Gb Available in Paging File | 88.08% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.58 Gb Total Space | 102.65 Gb Free Space | 70.51% Space Free | Partition Type: NTFS

Drive D: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Drive F: | 465.76 Gb Total Space | 412.77 Gb Free Space | 88.62% Space Free | Partition Type: NTFS

Computer Name: JAM1 | User Name: Ekenbarger's | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr

PRC - [2011/08/23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe

PRC - [2011/06/30 16:21:23 | 000,273,544 | -H-- | M] (RealNetworks, Inc.) -- C:\Program Files\real\realplayer\Update\realsched.exe

PRC - [2008/05/29 16:18:26 | 000,323,216 | -H-- | M] (Napster) -- C:\Program Files\Napster\napster.exe

PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe

PRC - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe

PRC - [2006/10/23 07:50:35 | 000,046,640 | RH-- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

PRC - [2006/09/25 19:52:48 | 000,050,736 | -H-- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe

PRC - [2005/04/25 08:49:52 | 000,086,142 | -H-- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

PRC - [2005/01/27 01:02:00 | 000,086,016 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

PRC - [2003/08/27 10:29:46 | 000,065,536 | -H-- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe

========== Modules (No Company Name) ==========

MOD - [2011/11/01 23:26:32 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/11/01 23:26:12 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2005/06/21 15:22:06 | 000,483,328 | -H-- | M] () -- C:\WINDOWS\system32\dlcclmpm.dll

MOD - [2005/06/06 10:58:38 | 000,065,536 | -H-- | M] () -- C:\WINDOWS\system32\dlcccfg.dll

MOD - [2005/04/01 11:44:16 | 000,061,440 | -H-- | M] () -- C:\Program Files\Dell Photo AIO Printer 924\dlcccnv4.dll

MOD - [2005/01/27 01:02:00 | 000,086,016 | -H-- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (nosGetPlusHelper) getPlus®

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)

SRV - [2008/01/19 20:01:08 | 004,388,192 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost)

SRV - [2007/12/20 17:13:46 | 001,553,896 | -H-- | M] (Symantec) [On_Demand | Running] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)

SRV - [2007/09/12 18:27:24 | 002,999,664 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2006/10/23 07:50:35 | 000,046,640 | RH-- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)

SRV - [2005/06/21 15:19:38 | 000,491,520 | -H-- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)

SRV - [2005/04/25 08:49:52 | 000,086,142 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel®

SRV - [2003/08/27 10:29:46 | 000,065,536 | -H-- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

========== Driver Services (SafeList) ==========

DRV - [2009/11/04 16:54:12 | 000,040,552 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/11/04 16:53:40 | 000,034,248 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2008/04/13 13:56:49 | 000,012,800 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS)

DRV - [2008/01/19 20:12:42 | 000,128,104 | -H-- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)

DRV - [2008/01/19 19:45:40 | 000,038,112 | -H-- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)

DRV - [2008/01/19 19:40:16 | 000,015,088 | -H-- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)

DRV - [2007/12/20 17:13:54 | 000,136,416 | -H-- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap)

DRV - [2007/04/16 12:28:02 | 000,194,362 | -H-- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2006/01/26 12:21:04 | 000,034,686 | -H-- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)

DRV - [2006/01/10 11:07:58 | 000,004,864 | -H-- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/04/15 02:14:58 | 001,130,496 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2004/11/02 15:12:14 | 000,019,456 | -H-- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)

DRV - [2004/08/04 05:00:00 | 000,004,224 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RDPCDD.sy@ -- (RDPCDD)

DRV - [2004/06/16 03:52:40 | 000,061,157 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)

DRV - [2004/06/09 17:16:00 | 000,840,960 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)

DRV - [2004/03/24 10:12:44 | 000,004,272 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)

DRV - [2004/03/06 04:15:34 | 000,647,929 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)

DRV - [2004/03/06 04:14:42 | 001,233,525 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)

DRV - [2004/03/06 04:13:38 | 000,037,048 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

DRV - [2003/09/22 13:48:00 | 000,130,192 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)

DRV - [2003/09/22 13:47:00 | 000,178,672 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

DRV - [2003/09/19 14:47:24 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2003/03/05 18:19:00 | 000,015,840 | -H-- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pfmodnt.sys -- (PfModNT)

DRV - [2003/01/10 16:13:04 | 000,033,588 | -H-- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

DRV - [2002/11/08 19:45:06 | 000,017,217 | -H-- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)

DRV - [1999/09/27 10:48:42 | 000,034,916 | -H-- | M] (Marimba, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MrtRate.sys -- (mrtRate)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cox.net/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "WinZipBar Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3106777&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "WinZipBar Customized Web Search"

FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3106777&SearchSource=13"

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3

FF - prefs.js..extensions.enabledItems: toolbar@shopathome.com:5.2.0.0

FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.5.1.1

FF - prefs.js..extensions.enabledItems: {50fafaf0-70a9-419d-a109-fa4b4ffd4e37}:3.8.1.0

FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=CDxdm003YYus&ptb=CF74B0F9-D5D0-4EC8-AC35-8A70571C102D&ind=2011081120&ptnrS=CDxdm003YYus&si=CK2Cs7C9yKoCFaUZQgodWFpFyg&n=77dea9a0&psa=&st=kwd&searchfor="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.99: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)

FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/30 16:21:41 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/26 18:23:55 | 000,000,000 | -H-D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/18 14:12:08 | 000,000,000 | -H-D | M]

[2008/12/18 23:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Extensions

[2011/12/26 17:02:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions

[2010/06/10 15:38:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/08/11 19:00:55 | 000,000,000 | ---D | M] (Coupons.com Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}

[2011/12/26 15:55:10 | 000,000,000 | ---D | M] (WinZipBar Community Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}

[2011/09/03 08:54:55 | 000,000,000 | ---D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\extensions\toolbar@shopathome.com

[2011/12/16 19:41:06 | 000,000,921 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\conduit.xml

[2011/10/18 15:04:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Mozilla\Firefox\Profiles\fi5w6q0t.default\searchplugins\CouponAlert_2p.xml

[2012/02/17 19:45:43 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/02/17 19:45:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

[2011/06/30 16:21:41 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

[2012/02/17 19:45:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011/07/13 16:52:56 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll

[2012/02/17 19:45:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011/07/13 16:52:58 | 000,091,552 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2012/02/18 14:11:16 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (no name) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - No CLSID value found.

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found

O3 - HKLM\..\Toolbar: (no name) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (AOL LLC)

O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1178326658\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)

O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [AROReminder] C:\Program Files\ARO 2012\ARO.exe (Support.com, Inc.)

O4 - HKCU..\Run: [bomgar Support Reconnect [1297805904]] "C:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4D5AF24F\bomgar-scc.exe" -nomulti File not found

O4 - HKCU..\Run: [internet Security] C:\Documents and Settings\All Users\Application Data\isecurity.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1

O8 - Extra context menu item: &Search - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\Spybot - Search & Destroy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www6.iepdirect.com/ScriptX_6_5/smsx.cab (MeadCo ScriptX)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212869638656 (WUWebControl Class)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} https://e-talk1.whps.org/dwa7W.cab (Domino Web Access 7 Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{830D72BE-6132-4A2A-B8DD-7BC8B69A920B}: DhcpNameServer = 192.168.2.1 68.105.28.11 68.105.29.11 68.105.28.12

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O35 - HKCU\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/18 14:25:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft

[2012/02/18 14:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ARO 2012

[2012/02/18 14:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\ARO 2012

[2012/02/18 14:17:58 | 006,716,856 | ---- | C] (Support.com ) -- C:\Documents and Settings\Ekenbarger's\Desktop\ARO2012_tbt.exe

[2012/02/18 14:11:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2012/02/18 13:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2012/02/18 13:12:12 | 000,000,000 | ---D | C] -- C:\rsit

[2012/02/18 10:13:47 | 000,000,000 | ---D | C] -- C:\ARK

[2012/02/18 09:49:52 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe

[2012/02/17 20:05:02 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Ekenbarger's\Desktop\aswMBR.exe

[2012/02/17 19:58:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan

[2012/02/17 19:56:10 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com

[2012/02/17 19:56:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\AskToolbar

[2012/02/17 19:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/02/17 19:45:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ask

[2012/02/15 21:30:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/02/15 20:07:50 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2012/02/15 20:01:58 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2012/02/15 20:01:58 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2012/02/15 20:01:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2012/02/15 20:01:58 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2012/02/15 20:00:37 | 000,000,000 | ---D | C] -- C:\Combo-Fix

[2012/02/15 19:59:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/02/15 19:56:46 | 004,404,931 | R--- | C] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\Combo-Fix.exe

[2012/02/12 15:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/02/11 20:14:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP

[2012/02/09 20:18:06 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ekenbarger's\Desktop\mbam--setup-1.60.1.1000.exe

[2012/02/09 20:04:12 | 000,000,000 | ---D | C] -- C:\_OTL

[2012/02/09 19:42:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2012/02/09 19:40:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT

[2012/02/09 19:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT

[2012/02/09 19:39:53 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Ekenbarger's\Desktop\erunt-setup.exe

[2012/02/07 19:06:38 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr

[2012/02/07 19:06:22 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr

[2012/02/07 17:33:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Administrative Tools

[2012/02/06 20:34:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ekenbarger's\Recent

[2012/02/06 19:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy

[2012/02/06 19:40:35 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe

[2005/09/16 00:27:14 | 000,065,536 | -H-- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/19 10:51:24 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1946173170-350803515-410004273-1006.job

[2012/02/19 10:51:24 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1946173170-350803515-410004273-1006.job

[2012/02/19 10:36:46 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job

[2012/02/19 10:15:01 | 000,000,886 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/19 09:56:01 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012/02/18 22:17:02 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/02/18 16:15:01 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/18 14:54:01 | 000,000,868 | -H-- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job

[2012/02/18 14:25:33 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Check PC For Errors.lnk

[2012/02/18 14:25:33 | 000,001,525 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk

[2012/02/18 14:19:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/02/18 14:19:42 | 2682,425,344 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/18 14:17:57 | 006,716,856 | ---- | M] (Support.com ) -- C:\Documents and Settings\Ekenbarger's\Desktop\ARO2012_tbt.exe

[2012/02/18 14:11:16 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts

[2012/02/18 13:11:47 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe

[2012/02/18 09:49:58 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Ekenbarger's\Desktop\tdsskiller.exe

[2012/02/18 09:44:01 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\MBR.dat

[2012/02/18 09:39:28 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Ekenbarger's\Desktop\aswMBR.exe

[2012/02/15 21:30:54 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2012/02/15 20:08:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini

[2012/02/15 19:56:57 | 004,404,931 | R--- | M] (Swearware) -- C:\Documents and Settings\Ekenbarger's\Desktop\Combo-Fix.exe

[2012/02/11 20:12:25 | 000,000,882 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP.zip

[2012/02/11 14:35:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2012/02/11 11:34:41 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ekenbarger's\Desktop\mbam--setup-1.60.1.1000.exe

[2012/02/11 10:24:45 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\NTREGOPT.lnk

[2012/02/11 10:24:45 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\ERUNT.lnk

[2012/02/11 10:23:29 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Ekenbarger's\Desktop\erunt-setup.exe

[2012/02/07 19:14:21 | 000,879,683 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe

[2012/02/07 19:06:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTL.scr

[2012/02/07 19:06:23 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ekenbarger's\Desktop\OTH.scr

[2012/02/07 17:12:06 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe

[2012/02/07 16:56:39 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk

[2012/02/07 16:47:51 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk

[2012/02/06 21:23:09 | 000,000,653 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk

[2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk

[2012/02/06 19:42:27 | 000,000,857 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/02/06 19:39:14 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Ekenbarger's\Desktop\spybotsd162.exe

[2012/02/06 18:35:11 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/02/06 14:52:57 | 000,000,853 | ---- | M] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

[2 C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp files -> C:\Documents and Settings\Ekenbarger's\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/18 14:25:33 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Check PC For Errors.lnk

[2012/02/18 14:25:33 | 000,001,525 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Check PC For Errors.lnk

[2012/02/18 13:11:44 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\RSIT.exe

[2012/02/18 09:44:01 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\MBR.dat

[2012/02/17 19:56:11 | 000,000,248 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2012/02/15 21:30:54 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2012/02/15 20:08:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2012/02/15 20:07:54 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2012/02/15 20:01:58 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2012/02/15 20:01:58 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2012/02/15 20:01:58 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2012/02/15 20:01:58 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2012/02/15 20:01:58 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2012/02/11 20:12:30 | 000,000,882 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\WscsvcXP.zip

[2012/02/09 19:40:56 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\NTREGOPT.lnk

[2012/02/09 19:40:56 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\ERUNT.lnk

[2012/02/07 19:14:17 | 000,879,683 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\SecurityCheck.exe

[2012/02/07 17:12:05 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\oo9mvqzj.exe

[2012/02/07 16:56:39 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut (2) to Cheryl's.lnk

[2012/02/07 16:47:51 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Shortcut to Desktop.lnk

[2012/02/07 06:12:36 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Start Menu\Programs\Internet Explorer (2).lnk

[2012/02/06 21:23:09 | 000,000,653 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Shortcut to Cheryl's.lnk

[2012/02/06 21:19:19 | 2682,425,344 | -HS- | C] () -- C:\hiberfil.sys

[2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Desktop\Spybot - Search & Destroy.lnk

[2012/02/06 19:41:39 | 000,000,857 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2012/02/06 18:27:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/02/06 14:52:57 | 000,000,853 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\Microsoft\Internet Explorer\Quick Launch\System Check.lnk

[2011/05/21 09:05:16 | 000,709,456 | -H-- | C] () -- C:\WINDOWS\is-JCNJV.exe

[2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k

[2011/05/17 19:09:15 | 000,013,884 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3m68k04uhh2v0qs0ndbrt8fyr74347y1k

[2011/05/06 14:29:52 | 000,023,624 | -H-- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys

[2011/03/13 09:09:42 | 000,638,976 | -H-- | C] () -- C:\WINDOWS\System32\dlccpmui.dll

[2011/03/13 09:09:42 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsr.dll

[2011/03/13 09:09:41 | 000,372,736 | -H-- | C] () -- C:\WINDOWS\System32\dlccih.exe

[2011/03/13 09:09:41 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccins.dll

[2011/03/13 09:09:41 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\dlccvs.dll

[2011/03/13 09:09:40 | 000,413,696 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomm.dll

[2011/03/13 09:09:40 | 000,368,640 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.exe

[2011/03/13 09:09:40 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\dlccpplc.dll

[2011/03/13 09:09:39 | 001,134,592 | -H-- | C] () -- C:\WINDOWS\System32\dlccusb1.dll

[2011/03/13 09:09:39 | 000,770,048 | -H-- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll

[2011/03/13 09:09:39 | 000,483,328 | -H-- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll

[2011/03/13 09:09:38 | 000,704,512 | -H-- | C] () -- C:\WINDOWS\System32\dlcccomc.dll

[2011/03/13 09:09:38 | 000,491,520 | -H-- | C] () -- C:\WINDOWS\System32\dlcccoms.exe

[2011/03/13 09:09:38 | 000,155,648 | -H-- | C] () -- C:\WINDOWS\System32\dlccprox.dll

[2011/03/13 09:09:37 | 001,183,744 | -H-- | C] () -- C:\WINDOWS\System32\dlccserv.dll

[2011/03/13 09:09:36 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\System32\dlcccur.dll

[2011/03/13 09:09:35 | 000,430,080 | -H-- | C] () -- C:\WINDOWS\System32\dlccutil.dll

[2011/03/13 09:09:35 | 000,073,728 | -H-- | C] () -- C:\WINDOWS\System32\dlcccu.dll

[2011/03/13 09:09:32 | 000,176,128 | -H-- | C] () -- C:\WINDOWS\System32\dlccinsb.dll

[2011/03/13 09:09:32 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dlcccub.dll

[2011/03/13 09:09:31 | 000,131,072 | -H-- | C] () -- C:\WINDOWS\System32\dlccjswr.dll

[2011/03/13 09:09:25 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\dlcccfg.dll

[2011/02/17 18:00:30 | 000,034,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamcatchme.sys

[2010/05/11 06:24:12 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\System32\SunData.ini

[2010/05/11 06:22:51 | 000,000,085 | -H-- | C] () -- C:\WINDOWS\TTL3Util.ini

[2010/05/11 06:22:37 | 000,000,288 | -H-- | C] () -- C:\WINDOWS\TTL3.ini

[2010/01/07 20:19:32 | 000,004,272 | -H-- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys

[2008/12/17 20:03:46 | 000,073,984 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2008/10/17 08:26:43 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\FoneSync.INI

[2008/09/13 18:00:52 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/07/02 13:55:05 | 000,000,234 | -H-- | C] () -- C:\WINDOWS\TFF32.ini

[2007/10/13 10:41:53 | 000,101,824 | -H-- | C] () -- C:\Program Files\MC

[2007/08/22 22:41:51 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/05/28 14:39:51 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2007/05/28 14:29:32 | 000,000,584 | -H-- | C] () -- C:\WINDOWS\PowerReg.dat

[2007/04/14 10:55:37 | 000,000,107 | -H-- | C] () -- C:\WINDOWS\wpd99.drv

[2007/04/14 10:55:17 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\pdfmona.dll

[2007/04/08 19:50:42 | 000,000,021 | -H-- | C] () -- C:\WINDOWS\CS_SETUP.ini

[2006/11/25 18:38:40 | 000,001,827 | -H-- | C] () -- C:\WINDOWS\cdPlayer.ini

[2006/10/01 19:24:21 | 000,000,037 | -H-- | C] () -- C:\WINDOWS\Viewer.ini

[2006/05/21 09:25:51 | 000,000,024 | -H-- | C] () -- C:\WINDOWS\qfnonl.ini

[2006/05/21 08:02:13 | 000,000,696 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI

[2006/05/21 08:02:12 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\intuprof.ini

[2006/05/21 08:02:10 | 000,006,838 | -H-- | C] () -- C:\WINDOWS\ICOADB32.DAT

[2005/11/03 15:34:18 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI

[2005/10/05 18:40:34 | 000,001,786 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2005/10/05 18:40:34 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\86307A10A8.sys

[2005/09/21 07:41:46 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Local Settings\Application Data\fusioncache.dat

[2005/09/20 19:12:22 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JPR.{PB

[2005/09/20 19:12:22 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Ekenbarger's\Application Data\PFP120JCM.{PB

[2005/09/16 00:58:59 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini

[2005/09/16 00:50:31 | 000,000,335 | -H-- | C] () -- C:\WINDOWS\nsreg.dat

[2005/09/16 00:46:43 | 001,048,576 | -H-- | C] () -- C:\WINDOWS\System32\SFMAN.DAT

[2005/09/16 00:46:43 | 000,000,231 | -H-- | C] () -- C:\WINDOWS\AC3API.INI

[2005/09/16 00:46:34 | 000,003,278 | -H-- | C] () -- C:\WINDOWS\System32\LudaP17.ini

[2005/09/16 00:46:34 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini

[2005/09/16 00:46:29 | 000,000,072 | -H-- | C] () -- C:\WINDOWS\SBWIN.INI

[2005/09/16 00:27:14 | 000,060,928 | -H-- | C] () -- C:\WINDOWS\System32\P17.dll

[2005/09/16 00:27:14 | 000,053,248 | -H-- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2005/09/16 00:27:04 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\setpwrcg.exe

[2005/09/16 00:27:00 | 000,087,540 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2005/09/16 00:26:34 | 000,000,394 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/01/28 08:08:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini

[2004/08/10 13:12:05 | 000,000,780 | -H-- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004/08/10 13:02:15 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004/08/10 13:01:18 | 000,001,793 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2004/08/10 12:57:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/08/10 12:57:15 | 000,351,384 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2004/08/10 12:51:21 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/10 12:51:20 | 000,442,466 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/10 12:51:20 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/10 12:51:20 | 000,071,732 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/10 12:51:20 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/10 12:51:18 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/10 12:51:17 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/10 12:51:16 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat

[2004/08/10 12:51:12 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/10 12:51:11 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/10 12:51:05 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/10 12:50:56 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2012/02/17 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask

[2009/06/24 20:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA Logs

[2011/02/03 14:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2011/12/26 15:42:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro

[2008/01/05 19:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster

[2007/04/14 10:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995

[2008/12/19 21:23:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard

[2009/06/24 20:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPORE

[2008/12/20 00:12:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!

[2007/03/11 23:07:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2011/12/26 15:55:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipEC

[2011/12/26 18:46:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2009/10/04 08:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2009/06/04 14:58:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

[2011/12/26 12:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\ElevatedDiagnostics

[2011/04/10 12:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\gtk-2.0

[2007/01/29 18:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Leadertech

[2011/07/31 17:31:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Nikon

[2012/02/17 19:58:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\QuickScan

[2012/02/18 14:25:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Sammsoft

[2007/05/13 06:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SmartDraw

[2010/06/16 17:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\SPORE

[2007/03/11 23:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ekenbarger's\Application Data\Viewpoint

[2012/02/19 09:56:01 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

[2012/02/19 10:36:46 | 000,000,436 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{873B1363-0F14-410A-AFDF-0559EB90EA7E}.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

You appear to have gotten Sammsoft's Advanced Registry Optimizer. Please STOP using any sort of registry cleaners !!! You do not need them and further, you could well do more damage to your system.

Please do NOT get or run any other tools on your own. I need for you to follow my guidance and only that, whilst I am helping you.

Will you be online later? I need to get some work done but this is a huge priority for me. Any idea what the time line for resolution might be? Thanks. CAE

Yes I will be monitoring your thread and will have new response once I have reviewed this last log.

I would not advise you to use 'this system' while it is in a state of "insecurity". I highly urge you to find another system, a clean one, if you have urgent work.

There's no telling how long it will take to try to clean this system.

If you have a complete mirror-image backup of this system from before the infection, then a restore from that image is the fastest recovery.

Let me know if you have that. Let me know if you have access to a clean system.

Link to post
Share on other sites

Hi,

Not sure how that happened!!!! I am very appreciative of your efforts and I have followed your directions exactly as you have stated. I have only used internet explorer to go to this forum or download from the links you have provided. I never knowingly downloaded anything from Sammsoft! I did click on the Avira link you provided and downloaded their antivirus software and ran the scan. Please let me assure you that I do not even know what a registry cleaners is. I have opened a couple of old word documents because I needed some information but that is all I have done on this computer. My son accesses the WiFi for his IPOD. Should I tell him to stop? I was not planning to do my work on this computer just wondering if I should hang out here rather than go work. Also I do not have a back up of this system but at this point if I could just recover some of my word documents I would be happy. I can access another system but not in the house. I am living by smartphone alone. Again thank you for your help. CAE

Link to post
Share on other sites

Step 1

Save and close any work documents, close any apps that you started.

Download the Microsoft® Windows® Malicious Software Removal Tool from the Microsoft Download Center, and SAVE it, only then run it.

http://support.microsoft.com/?kbid=890830"]http://support.micro...om/?kbid=890830

If no infections were found, you will see in your log

Results Summary:

----------------

No infection found.

Step 2

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.co...ls/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On XP, double-click to start it.

The GUI interface will look like this

stinger2.png

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Report only

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Step 3

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy & Paste the contents of last MBAM scan log into reply, plus the Stinger log, and MS MSRT log.

RE-Enable your anti-virus program.

Tell me about Avira Anti-virus: I do not see it setup (in last OTL report). Did you indeed download it ?

Did you save the setup program, and then run the Avira setup program?

Link to post
Share on other sites

Hi,

I thought I downloaded Avira but at this point I realize I did not. I used the link you provided and clicked on download (for the Avira free version) which I think brought me to download.com. Honestly I wasn't paying close attention just sort of followed the prompts as I thought it was all safe. I must have been redirected at some point. It did ask if I wanted ASK to be my default search which I did think was odd. I answered no but it did change my toolbar. It downloaded a file to my desktop (ARO2012_tbt.exe) which I thought was an acronym for Avira. I installed it and ran the scan. Apparently I am a rogueware magnet.

I did everything in your previous post. Ran the full scan from Microsoft. It did not detect any infections but I could not find a log nor did it prompt me to save the information. Nothing found by McAfee either. MBAM cannot be updated. I get an error message stating Access denied check firewall and internet connection. My firewall allows Malwarebytes.org. Before I contacted you I tried to download and update MBAM from the website but got the same message Access denied. I know my version is old there are no sub tabs in settings. I ran it anyway but nothing was found.

Please advise on whether I should try the other links you provided for anti-virus as I have none currently.

Here are the logs. Thanks. CAE

McAfee® Labs Stinger Version 10.2.0.512 built on Feb 17 2012

Copyright © 2011 McAfee, Inc. All Rights Reserved.

Virus data file v1000.0000 created on Feb 17 2012.

Ready to scan for 4070 viruses, trojans and variants.

Scan initiated on Sun Feb 19 17:44:57 2012

Rootkit scan result : Not Scanned

Master Boot Record(s):....2

Possibly Infected:.............0

Boot Sector(s):.................2

Possibly Infected: ............0

Number of clean files: 41305

Malwarebytes' Anti-Malware 1.18

Database version: 870

9:41:13 AM 2/20/2012

mbam-log-2-20-2012 (09-41-13).txt

Scan type: Full Scan (C:\|E:\|F:\|)

Objects scanned: 148348

Time elapsed: 30 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Tell me if you have access to a clean computer nearby. If yes, disconnect this pc from the internet and you can use the clean pc to do downloads, use CD/DVD burns or new-clean USB flash-drive to transport/copy tools to the infected machine. Please tell me if possible.

The version of MBAM you show is very sadly out-dated.

Link to post
Share on other sites

Download and SAVE mbam-clean.exe from >> here <<

Please download & save Malwarebytes Anti-Malware from

http://www.malwarebytes.org/mbam-download.php

Transport these 2 to your infected pc & copy them onto the Windows DESKTOP.

Make very sure now you have disconnected the infected machine from the internet.

RUN mbam-clean.exe

It will ask to restart your computer, please allow it to do so very important

After the computer restarts, temporarily disable your Anti-Virus

If you need how-to guidance, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Malwarebytes Anti-Malware

Run the setup and do a FULL scan. It will usually take about an hour or more, but worth it.

Double Click mbam-setup.exe to install the application.

  • Make sure to UN-Check next to Update Malwarebytes' Anti-Malware and check Launch Malwarebytes Anti-Malware, then click Finish.
  • Once the program has loaded, select Perform FULL Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Copy & Paste the contents of the last MBAM scan into a new reply.

Edited by Maurice Naggar
edited twice
Link to post
Share on other sites

We can cover that in next round. I am pretty sure I gave you the correct links for the free antivirus programs.

If you can find the reply of mine, and do a new download (make sure you are on correct site) and save the setup program.

I will need to guide you once more on the de-install & new setup of antivirus.

Meantime, do the MBAM process, monitor it from time to time, and report.

Link to post
Share on other sites

Hi,

MBAM detected and removed 36 Files. My desktop is back. Here is the log.

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org

Database version: v2012.01.13.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Ekenbarger's :: JAM1 [administrator]

2/20/2012 2:09:27 PM

mbam-log-2012-02-20 (14-09-27).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 297822

Time elapsed: 45 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 36

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397180.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397198.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397175.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397176.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397177.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397178.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397179.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397181.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397182.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397183.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397184.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397185.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397186.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397187.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397188.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397189.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397190.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397191.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397192.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397193.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397194.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397195.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397196.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397222.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397223.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397224.exe (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397225.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397226.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397227.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397228.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1104\A0397229.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1110\A0397482.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1140\A0404570.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141\A0405734.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141\A0405769.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1141\A0405781.exe (Rogue.FakeAlert) -> Quarantined and deleted successfully.

(end)

Link to post
Share on other sites

Allright. This pc already has several tools.

Locate the Fixpolicies tool, and run it one more time.

Locate RSIT.exe and run it. When it finishes, copy & paste the LOG.txt & Info.txt for my review.

MBAM really (just now) got a hidden desktop setting. All the rest were in Windows restore points (which are not active). Not a big issue.

We will do more after I review your new logs.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.