Jump to content

PUM.Disabled and MS File Protection Boxes


rplusr

Recommended Posts

I try to keep up with virus and malware protection and be cautious when thinking about clicking on anything. This request is for my wife's computer where she may not be as diligent. Back in November, MalwareBytes quarantined PUM.Disabled.SecurityCenter and now the computer is displaying the Windows File Protection boxes that say:

Files that are required for Windows to run properly must be copied to the DLL Cache.

or

Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files.

Insert your Windows XP Professional CD 2 (or 3) now.

Since PCs haven't actually come with CDs for some time, I'm not sure if I am infected or how to get good copies of files back where they need to be. I did run sfc /scannow and it popped up the windows above about a dozen times.

I could use some your expert assistance.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Linda at 20:32:52 on 2012-12-27

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.524 [GMT -5:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\PCPitstop\PCPitstopScheduleService.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\PCPitstop\Info Center\InfoCenter.exe

C:\Program Files\Kodak\KODAK Share Button App\Listener.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\Password Tracker Deluxe\PwTrkr.exe

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Microsoft\BingBar\7.1.355.0\SeaPort.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

c:\PROGRA~1\mcafee.com\agent\mcupdate.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.google.com/

uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us

mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} -

BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120623061009.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

BHO: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.355.0\BingExt.dll

TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll

uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe

uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN28SBWG2P05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [MSKDetectorExe] c:\program files\mcafee\spamkiller\MSKDetct.exe /uninstall

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [info Center] c:\program files\pcpitstop\info center\InfoCenter.exe

mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe

mRun: [ArcSoft MediaImpression Monitor] c:\program files\kodak\mediaimpression\ArcMonitor.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\linda\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\docume~1\linda\startm~1\programs\startup\passwo~1.lnk - c:\program files\password tracker deluxe\PwTrkr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - LocalServer32 - <no file>

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

Trusted Zone: internet

Trusted Zone: mcafee.com

Trusted Zone: mcafee.com

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354470757578

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{58A0798F-DCCE-4467-A2D1-F53E3C5AD3FE} : DHCPNameServer = 192.168.0.1

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor\McIEPlg.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 192.168.0.104 HP0018715CA82C

.

============= SERVICES / DRIVERS ===============

.

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-10-13 565352]

R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [2011-5-9 69656]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2011-3-26 91168]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 167784]

R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 167784]

R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 167784]

R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2011-3-26 167784]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2011-3-26 203400]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2011-3-26 168880]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2011-3-26 167344]

R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\pcpitstop\PCPitstopScheduleService.exe [2011-11-24 91816]

R3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [2012-4-18 36224]

R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.355.0\SeaPort.EXE [2012-1-25 240408]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2011-3-26 60480]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2011-3-26 234824]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2011-3-26 65488]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2011-3-26 362640]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2012-12-12 84432]

S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.355.0\BBSvc.EXE [2012-1-25 192792]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-11-17 146872]

S3 iWinTrusted;iWinTrusted;c:\program files\iwin games\iWinTrusted.exe [2011-4-8 176848]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2012-12-12 84432]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2011-3-26 92192]

S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\splashtop\splashtop remote\server\SRService.exe [2011-6-7 1775432]

S3 SSUService;Splashtop Software Updater Service;c:\program files\splashtop\splashtop software updater\SSUService.exe [2011-3-7 341832]

S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [2012-4-18 134912]

.

=============== Created Last 30 ================

.

2012-12-28 01:17:37 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2012-12-28 01:17:34 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2012-12-28 01:17:33 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2012-12-28 01:17:29 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2012-12-28 01:17:25 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2012-12-28 01:16:59 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2012-12-28 01:16:55 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2012-12-28 01:16:53 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2012-12-28 01:16:49 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2012-12-28 01:16:48 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2012-12-28 01:16:01 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2012-12-28 01:14:40 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys

2012-12-28 01:14:39 5632 ----a-w- c:\windows\system32\dllcache\w3svapi.dll

2012-12-28 01:14:28 73728 ----a-w- c:\windows\system32\dllcache\w3ext.dll

2012-12-28 01:14:28 4608 ----a-w- c:\windows\system32\dllcache\w3ctrs51.dll

2012-12-28 01:14:26 48256 ----a-w- c:\windows\system32\dllcache\w32.dll

2012-12-28 01:14:22 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys

2012-12-28 01:14:17 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys

2012-12-28 01:14:13 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys

2012-12-28 01:14:09 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys

2012-12-28 01:14:05 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys

2012-12-28 01:12:57 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll

2012-12-28 01:11:56 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys

2012-12-28 01:10:59 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys

2012-12-28 01:09:58 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys

2012-12-28 01:08:57 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys

2012-12-28 01:07:59 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2012-12-28 01:06:59 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll

2012-12-28 01:05:57 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2012-12-28 01:04:57 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys

2012-12-28 01:03:57 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys

2012-12-28 01:00:50 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys

2012-12-28 00:59:57 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys

2012-12-28 00:58:54 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2012-12-28 00:57:59 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys

2012-12-28 00:56:55 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

2012-12-28 00:55:57 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys

2012-12-28 00:54:59 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys

2012-12-28 00:53:58 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys

2012-12-28 00:52:59 24618 ----a-w- c:\windows\system32\dllcache\OLD77D.tmp

2012-12-28 00:51:59 25159 ----a-w- c:\windows\system32\dllcache\OLD6E8.tmp

2012-12-28 00:50:59 6729 ----a-w- c:\windows\system32\dllcache\OLD65D.tmp

2012-12-28 00:49:59 249856 ----a-w- c:\windows\system32\dllcache\OLD5A3.tmp

2012-12-28 00:48:40 13824 ----a-w- c:\windows\system32\dllcache\OLD408.tmp

2012-12-28 00:47:59 75136 ----a-w- c:\windows\system32\dllcache\OLD330.tmp

2012-12-28 00:44:41 7168 ----a-w- c:\windows\system32\dllcache\OLD266.tmp

2012-12-28 00:43:58 76288 ----a-w- c:\windows\system32\dllcache\OLD1F0.tmp

2012-12-28 00:43:58 46592 ----a-w- c:\windows\system32\dllcache\OLD1F3.tmp

2012-12-28 00:43:57 275968 ----a-w- c:\windows\system32\dllcache\OLD1EA.tmp

2012-12-28 00:43:57 188480 ----a-w- c:\windows\system32\dllcache\OLD1ED.tmp

2012-12-28 00:43:56 94720 ----a-w- c:\windows\system32\dllcache\OLD1E7.tmp

2012-12-28 00:43:55 16439 ----a-w- c:\windows\system32\dllcache\OLD1E4.tmp

2012-12-28 00:43:54 20540 ----a-w- c:\windows\system32\dllcache\OLD1E1.tmp

2012-12-28 00:43:52 43520 ----a-w- c:\windows\system32\dllcache\OLD1DB.tmp

2012-12-28 00:43:52 290816 ----a-w- c:\windows\system32\dllcache\OLD1DE.tmp

2012-12-28 00:43:51 20540 ----a-w- c:\windows\system32\dllcache\OLD1D5.tmp

2012-12-28 00:43:51 16439 ----a-w- c:\windows\system32\dllcache\OLD1D8.tmp

2012-12-26 16:08:37 -------- d-----w- c:\program files\OverDrive Media Console

2012-12-19 13:36:34 -------- d-----w- c:\program files\iPod

2012-12-19 13:36:22 -------- d-----w- c:\program files\iTunes

2012-12-19 13:36:22 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-13 03:09:02 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2012-12-11 19:50:29 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-12-02 18:27:59 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys

2012-12-02 18:26:53 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2012-12-02 18:25:56 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll

2012-12-02 18:24:59 56320 ----a-w- c:\windows\system32\dllcache\convlog.exe

2012-12-02 18:23:39 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2012-12-02 18:22:59 9216 ----a-w- c:\windows\system32\dllcache\authfilt.dll

2012-12-02 18:21:58 61440 ----a-w- c:\windows\system32\dllcache\acerscad.dll

2012-12-02 18:13:40 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2012-12-02 18:13:29 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2012-12-02 18:13:17 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe

2012-12-02 18:13:17 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll

2012-12-02 18:13:17 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll

2012-12-02 18:13:16 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll

2012-12-02 18:13:16 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe

2012-12-02 18:13:14 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2012-12-02 15:32:20 -------- d-----w- c:\program files\Microsoft

2012-12-02 15:32:07 45056 ----a-r- c:\documents and settings\linda\application data\microsoft\installer\{6f1c00d2-25c2-4cba-8126-ae9a6e2e9cd5}\ARPPRODUCTICON.exe

2012-12-02 15:32:07 102400 ----a-r- c:\documents and settings\linda\application data\microsoft\installer\{6f1c00d2-25c2-4cba-8126-ae9a6e2e9cd5}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe

2012-12-02 15:31:35 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll

2012-12-02 15:31:29 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll

2012-12-02 15:31:29 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll

2012-12-02 15:31:26 529808 ----a-w- c:\windows\system32\hpinksts5912.dll

2012-12-02 15:31:26 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll

2012-12-02 15:31:26 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe

2012-12-02 15:31:26 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll

.

==================== Find3M ====================

.

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 19:50:40 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 19:50:40 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-09 11:56:16 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 11:53:22 167344 ----a-w- c:\windows\system32\mfevtps.exe

2012-11-09 11:53:02 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-11-09 11:52:22 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-11-09 11:52:12 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-11-09 11:51:12 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 11:50:20 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 11:50:00 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-11-09 11:49:40 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 11:49:10 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17:54 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35:34 385024 ------w- c:\windows\system32\html.iec

2012-10-31 20:10:14 773968 ----a-w- c:\windows\system32\msvcr100.dll

2012-10-31 20:10:14 138056 ----a-w- c:\windows\system32\atl100.dll

2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll

.

============= FINISH: 20:35:06.01 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 3/26/2011 7:03:34 PM

System Uptime: 12/25/2012 10:17:00 AM (58 hours ago)

.

Motherboard: Dell Inc. | | 0HJ054

Processor: Intel® Pentium® D CPU 2.80GHz | Microprocessor | 2793/800mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 144 GiB total, 49.069 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP651: 12/27/2012 11:45:17 AM - System Checkpoint

.

==== Installed Programs ======================

.

7300

7300_Help

7300Trb

Adobe AIR

Adobe Digital Editions

Adobe Flash Player 11 ActiveX

Adobe Reader X (10.1.4)

AiO_Scan

AiOSoftware

Ancient Mysteries

Ancient Secrets

AOLIcon

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft MediaImpression for Kodak

ATI Control Panel

ATI Display Driver

Azada: In Libro

Banctec Service Agreement

Big Fish Games: Game Manager

Bing Bar

BloodTies

Bonjour

BufferChm

Conexant D850 56K V.9x DFVc Modem

Copy

CP_AtenaShokunin1Config

cp_dwShrek2Albums1

cp_dwShrek2Cards1

CreativeProjects

CreativeProjectsTemplates

Crystal Reports Basic Runtime for Visual Studio 2008

CueTour

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell CinePlayer

Dell Digital Jukebox Driver

Dell Driver Download Manager

Dell Driver Reset Tool

Dell Game Console

Dell Support 3.1

Dell System Restore

Destinations

Digital Content Portal

Digital Line Detect

Director

DocProc

Documentation & Support Launcher

DocumentViewer

Drawn ®: Dark Flight Collector's Edition

EducateU

ELIcon

Enchanted Cavern

Evernote v. 4.4.2

Fax

Games, Music, & Photos Launcher

GemMaster Mystic

Ghost Chronicles - Phantom of the Faire

Google Toolbar for Internet Explorer

Hidden Expedition ® - Devil's Triangle

Hidden Expedition: The Uncharted Islands

Hidden Mysteries - White House

Hotel

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB954550-v5)

HP FWUpdateEDO2

HP Image Zone 4.7

HP Officejet Pro 8600 Basic Device Software

HP Officejet Pro 8600 Help

HP Officejet Pro 8600 Product Improvement Study

HP Product Assistant

HP PSC & OfficeJet 4.7

HP Software Update

HP Update

HPSystemDiagnostics

Info Center 1.0.0.7

InstantShare

InstantShareAlert

Intel® PRO Network Connections Drivers

Intel® PROSet for Wired Connections

Internet Service Offers Launcher

Interpol

ISO Recorder

iTunes

iWin Games (remove only)

Java 2 Runtime Environment, SE v1.4.2_03

Joan Jade and the Gates of Xibalba

KODAK Share Button App

Learn2 Player (Uninstall Only)

Malwarebytes Anti-Malware version 1.70.0.1100

McAfee Security Scan Plus

McAfee SecurityCenter

McAfee Virtual Technician

MCU

Microsoft .NET Framework 1.0 Security Update (KB2698035)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Business 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 14

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Midnight Mysteries The Edgar Allan Poe Conspiracy

MobileMe Control Panel

Modem Helper

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Mystery Case Files: Escape from Ravenhearst

Mysteryville 2 (remove only)

NetWaiting

NetZero For Cosmi

OpenAL

Otto

OverDrive Media Console

PanoStandAlone

Password Tracker Deluxe 3.62

PC Matic 1.1.0.44

PDFCreator

PhotoGallery

Pirateville (remove only)

PrintScreen

ProductContext

QFolder

Quicken WillMaker Plus 2011

QuickProjects

QuickTime

Readme

RealPlayer Basic

Reincarnations: Awakening

Roxio DLA

Roxio MyDVD LE

Roxio RecordNow Audio

Roxio RecordNow Copy

Roxio RecordNow Data

Safari

Scan

ScannerCopy

Search Assist

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2779030)

Shared C Run-time for x86

SkinsHP1

Skype Toolbars

Skype™ 5.10

Sonic Activation Module

Sonic Encoders

Sonic Update Manager

Spirits of Mystery: Amber Maiden

Splashtop Remote

Strange Cases - The Lighthouse Mystery

Strange Cases: The Tarot Card Mystery

TaxWise 2010

The Dracula Files

The Legend of Crystal Valley

The Lost Cases of Sherlock Holmes 2

The Treasures Of Mystery Island

The Treasures of Mystery Island: The Gates of Fate

The Treasures of Mystery Island: The Ghost Ship

TrayApp

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Windows Media Player 10 (KB910393)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2749655)

URL Assistant

Vacation Quest - The Hawaiian Islands

Viewpoint Media Player

WebCyberCoach 3.2 Dell

WebFldrs XP

WebReg

WildTangent Web Driver

Windows Driver Package - Intel USB (08/05/2009 9.1.1.1016)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer 3.1 (KB893803)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 12

.

==== Event Viewer Messages From Past Week ========

.

12/27/2012 8:24:17 PM, information: Windows File Protection [64017] - Windows File Protection file scan completed successfully.

12/27/2012 8:24:16 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\snchk.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:24:11 PM, information: Windows File Protection [64005] - The protected system file c:\windows\ehome\ehtray.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Linda. The file version of the bad file is 5.1.2715.2765.

12/27/2012 8:22:07 PM, information: Windows File Protection [64020] - Windows File Protection scan found that the system file c:\windows\ehome\ehtray.exe has a bad signature. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2715.2765.

12/27/2012 8:22:04 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehituner.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:22:01 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehiepg.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:21:58 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ko\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:21:56 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ja\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:21:50 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\fr\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:21:46 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\de\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:21:41 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\zh-chs\ehepgdat.resources.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:21:31 PM, information: Windows File Protection [64021] - The system file c:\windows\ehome\ehcircl.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:16:43 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\wmpns.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 8:03:03 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdrmv2.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 7:47:14 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npwmsdrm.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 7:47:07 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\npdsplay.dll could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 7:46:19 PM, information: Windows File Protection [64021] - The system file c:\program files\windows media player\mplayer2.exe could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.

12/27/2012 7:43:49 PM, information: Windows File Protection [64016] - Windows File Protection file scan was started.

12/22/2012 3:16:59 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\ehome\ehtray.exe could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.

12/21/2012 2:12:17 PM, information: Windows File Protection [64005] - The protected system file ehtray.exe was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is Linda. The file version of the bad file is 5.1.2715.2765.

12/20/2012 8:06:55 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\kbdus.dll could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.

12/20/2012 8:06:55 PM, warning: Windows File Protection [64008] - The protected system file c:\windows\resources\themes\luna\luna.msstyles could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 48 hours, please send me a PM)

Link to post
Share on other sites

Followed directions above, Log follows.

RogueKiller V8.4.1 [Dec 28 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Linda [Admin rights]

Mode : Scan -- Date : 12/28/2012 15:48:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

192.168.0.104 HP0018715CA82C

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3160812AS +++++

--- User ---

[MBR] e15bce8557cbf995bf3c9d5391779857

[bSP] eb56c44a5e637616a189ce643b9b2203 : Dell MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 54 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 112455 | Size: 147769 Mo

2 - [XXXXXX] UNKNOWN (0xdb) [VISIBLE] Offset (sectors): 302760990 | Size: 4753 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_12282012_02d1548.txt >>

RKreport[1]_S_12282012_02d1548.txt

Link to post
Share on other sites

Looks like you have a Dell restore partition on the system.

The actual disk is available from Dell or other sites.

~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

*** BLUE SCREEN OF DEATH ***

I followed directions for download and running of ComboFix. Around Stage 20, I received the infamous Windows Blue Screen. Not sure if you need it, but I wrote down the error:

STOP: 0x0000000CA (0x000000004, 0x8512CE70, 0x00000000, 0x00000000)

I re-booted the PC (I hope that was OK?) and Windows seems to have come up normally (with the Windows box that said an error had occured).

Before I proceed, I want to know if I should initiate ComboFix again? Waiting for your next instructions.

Link to post
Share on other sites

Yes, delete your copy and download a fresh one.

Try it like this........

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

Link to post
Share on other sites

Okay. This time ComboFix ran without problem in Safe Mode. Log follows:

ComboFix 12-12-29.02 - Linda 12/29/2012 8:35.2.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.637 [GMT -5:00]

Running from: c:\documents and settings\Linda\desktop\Combo-Fix.exe

Command switches used :: /nombr

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Linda\My Documents\R119568.zip

c:\windows\system32\logs

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\wt

c:\windows\wt\data.wts

c:\windows\wt\updater\wt.ini

c:\windows\wt\webdriver.dll

c:\windows\wt\webdriver\4.1.1\actorobject.dll

c:\windows\wt\webdriver\4.1.1\dx5drv.dll

c:\windows\wt\webdriver\4.1.1\dx7drv.dll

c:\windows\wt\webdriver\4.1.1\objectbundle.dll

c:\windows\wt\webdriver\4.1.1\sound.dll

c:\windows\wt\webdriver\4.1.1\wdcaps.ded

c:\windows\wt\webdriver\4.1.1\wdengine.dll

c:\windows\wt\webdriver\4.1.1\webdriver.dll

c:\windows\wt\webdriver\4.1.1\wthost.exe

c:\windows\wt\webdriver\4.1.1\wthostctl.dll

c:\windows\wt\webdriver\4.1.1\wtmulti.dll

c:\windows\wt\webdriver\4.1.1\wtmulti.jar

c:\windows\wt\webdriver\4.1.1\wtwmplug.ax

c:\windows\wt\webdriver\4.1.1\wtwmplug.ini

c:\windows\wt\webdriver\jdriver.dll

c:\windows\wt\webdriver\rdriver.dll

c:\windows\wt\webdriver\wildtangent.jar

c:\windows\wt\wt3d.dll

c:\windows\wt\wt3d.ini

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlpanel\index.html

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo

c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\actorobject.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\controlpanel\index.html

c:\windows\wt\wtupdates\webd\4.1.1\files\dx5drv.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\dx7drv.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\jdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\data.wts

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\webdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\legacy\wt3d.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\npWTHost.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\nsIWTHostPlugin.xpt

c:\windows\wt\wtupdates\webd\4.1.1\files\ObjectBundle.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\rdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\Sound.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\update_info\data.wts

c:\windows\wt\wtupdates\webd\4.1.1\files\wdcaps.ded

c:\windows\wt\wtupdates\webd\4.1.1\files\wdengine.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331.cdanfo

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_fileList.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\Webd331_Uninstall.cdas

c:\windows\wt\wtupdates\webd\4.1.1\files\webdriver.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wildtangent.jar

c:\windows\wt\wtupdates\webd\4.1.1\files\wt3d.ini

c:\windows\wt\wtupdates\webd\4.1.1\files\WTHost.exe

c:\windows\wt\wtupdates\webd\4.1.1\files\WTHostCtl.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtmulti.jar

c:\windows\wt\wtupdates\webd\4.1.1\files\wtvh.dll

c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ax

c:\windows\wt\wtupdates\webd\4.1.1\files\wtwmplug.ini

c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1.cdanfo

c:\windows\wt\wtupdates\webd\4.1.1\install\Webd4_1_1_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas

c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll

c:\windows\wt\wtupdates\wtupdater\appinfo.dat

c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts

c:\windows\wt\wtvh.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-29 )))))))))))))))))))))))))))))))

.

.

2012-12-28 01:17 . 2008-04-14 10:42 116224 ----a-w- c:\windows\system32\dllcache\xrxwiadr.dll

2012-12-28 01:17 . 2001-08-18 03:36 23040 ----a-w- c:\windows\system32\dllcache\xrxwbtmp.dll

2012-12-28 01:17 . 2008-04-14 10:42 18944 ----a-w- c:\windows\system32\dllcache\xrxscnui.dll

2012-12-28 01:17 . 2001-08-18 03:37 27648 ----a-w- c:\windows\system32\dllcache\xrxftplt.exe

2012-12-28 01:17 . 2001-08-18 03:37 4608 ----a-w- c:\windows\system32\dllcache\xrxflnch.exe

2012-12-28 01:16 . 2001-08-18 03:37 99865 ----a-w- c:\windows\system32\dllcache\xlog.exe

2012-12-28 01:16 . 2001-08-17 17:11 16970 ----a-w- c:\windows\system32\dllcache\xem336n5.sys

2012-12-28 01:16 . 2008-04-14 03:04 19455 ----a-w- c:\windows\system32\dllcache\wvchntxx.sys

2012-12-28 01:16 . 2008-04-14 03:04 12063 ----a-w- c:\windows\system32\dllcache\wsiintxx.sys

2012-12-28 01:16 . 2008-04-14 10:42 8192 ----a-w- c:\windows\system32\dllcache\wshirda.dll

2012-12-28 01:16 . 2008-04-14 05:06 8832 ----a-w- c:\windows\system32\dllcache\wmiacpi.sys

2012-12-28 01:14 . 2001-08-17 17:13 19528 ----a-w- c:\windows\system32\dllcache\w840nd.sys

2012-12-28 01:14 . 2004-08-10 09:00 5632 ----a-w- c:\windows\system32\dllcache\w3svapi.dll

2012-12-28 01:14 . 2004-08-10 09:00 73728 ----a-w- c:\windows\system32\dllcache\w3ext.dll

2012-12-28 01:14 . 2004-08-10 09:00 4608 ----a-w- c:\windows\system32\dllcache\w3ctrs51.dll

2012-12-28 01:14 . 2004-08-10 09:00 48256 ----a-w- c:\windows\system32\dllcache\w32.dll

2012-12-28 01:14 . 2001-08-17 18:28 64605 ----a-w- c:\windows\system32\dllcache\vvoice.sys

2012-12-28 01:14 . 2001-08-17 18:28 397502 ----a-w- c:\windows\system32\dllcache\vpctcom.sys

2012-12-28 01:14 . 2001-08-17 18:28 604253 ----a-w- c:\windows\system32\dllcache\vmodem.sys

2012-12-28 01:14 . 2001-08-17 17:14 249402 ----a-w- c:\windows\system32\dllcache\vinwm.sys

2012-12-28 01:14 . 2001-08-17 18:49 24576 ----a-w- c:\windows\system32\dllcache\viairda.sys

2012-12-28 01:12 . 2001-08-18 03:36 50176 ----a-w- c:\windows\system32\dllcache\umaxp60.dll

2012-12-28 01:11 . 2001-08-17 19:01 241664 ----a-w- c:\windows\system32\dllcache\tosdvd02.sys

2012-12-28 01:10 . 2001-08-17 19:02 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys

2012-12-28 01:09 . 2001-08-17 17:51 37040 ----a-w- c:\windows\system32\dllcache\sonypi.sys

2012-12-28 01:08 . 2001-08-17 17:12 91294 ----a-w- c:\windows\system32\dllcache\skfpwin.sys

2012-12-28 01:07 . 2001-08-18 03:36 26112 ----a-w- c:\windows\system32\dllcache\EXCH_seos.dll

2012-12-28 01:06 . 2001-08-17 19:56 182272 ----a-w- c:\windows\system32\dllcache\s3mt3d.dll

2012-12-28 01:05 . 2001-08-17 18:28 899146 ----a-w- c:\windows\system32\dllcache\r2mdkxga.sys

2012-12-28 01:04 . 2001-08-17 19:04 173696 ----a-w- c:\windows\system32\dllcache\philcam2.sys

2012-12-28 01:03 . 2001-08-17 19:05 31872 ----a-w- c:\windows\system32\dllcache\ovce.sys

2012-12-28 01:00 . 2001-08-17 17:20 87040 ----a-w- c:\windows\system32\dllcache\nm6wdm.sys

2012-12-28 00:59 . 2001-08-17 18:50 75520 ----a-w- c:\windows\system32\dllcache\mxport.sys

2012-12-28 00:58 . 2008-04-14 05:16 15232 ----a-w- c:\windows\system32\dllcache\mpe.sys

2012-12-28 00:57 . 2008-04-14 04:53 420992 ----a-w- c:\windows\system32\dllcache\ltmdmntt.sys

2012-12-28 00:56 . 2008-04-14 10:39 6144 ----a-w- c:\windows\system32\dllcache\kbd106.dll

2012-12-28 00:55 . 2001-08-17 19:06 100992 ----a-w- c:\windows\system32\dllcache\icam5usb.sys

2012-12-28 00:54 . 2001-08-17 18:28 542879 ----a-w- c:\windows\system32\dllcache\hsf_msft.sys

2012-12-28 00:53 . 2001-08-17 19:02 8576 ----a-w- c:\windows\system32\dllcache\hidgame.sys

2012-12-26 16:08 . 2012-12-26 16:08 -------- d-----w- c:\program files\OverDrive Media Console

2012-12-19 13:36 . 2012-12-19 13:36 -------- d-----w- c:\program files\iPod

2012-12-19 13:36 . 2012-12-19 13:37 -------- d-----w- c:\program files\iTunes

2012-12-19 13:36 . 2012-12-19 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-13 03:09 . 2012-11-09 11:50 84432 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2012-12-11 19:50 . 2012-12-11 19:50 15728568 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-12-02 18:27 . 2001-08-17 18:28 595647 ----a-w- c:\windows\system32\dllcache\es56cvmp.sys

2012-12-02 18:26 . 2001-08-17 17:20 334208 ----a-w- c:\windows\system32\dllcache\ds1wdm.sys

2012-12-02 18:25 . 2001-08-18 03:36 419357 ----a-w- c:\windows\system32\dllcache\dgconfig.dll

2012-12-02 18:24 . 2004-08-10 09:00 56320 ----a-w- c:\windows\system32\dllcache\convlog.exe

2012-12-02 18:23 . 2001-08-17 18:51 13824 ----a-w- c:\windows\system32\dllcache\bulltlp3.sys

2012-12-02 18:22 . 2004-08-10 09:00 9216 ----a-w- c:\windows\system32\dllcache\authfilt.dll

2012-12-02 18:21 . 2001-08-18 03:36 61440 ----a-w- c:\windows\system32\dllcache\acerscad.dll

2012-12-02 18:13 . 2004-08-10 09:00 7168 ----a-w- c:\windows\system32\dllcache\wamregps.dll

2012-12-02 18:13 . 2001-08-17 19:56 66048 ----a-w- c:\windows\system32\dllcache\s3legacy.dll

2012-12-02 18:13 . 2004-08-10 09:00 7680 ----a-w- c:\windows\system32\dllcache\inetmgr.exe

2012-12-02 18:13 . 2004-08-10 09:00 19968 ----a-w- c:\windows\system32\dllcache\inetsloc.dll

2012-12-02 18:13 . 2004-08-10 09:00 169984 ----a-w- c:\windows\system32\dllcache\iisui.dll

2012-12-02 18:13 . 2004-08-10 09:00 5632 ----a-w- c:\windows\system32\dllcache\iisrstap.dll

2012-12-02 18:13 . 2004-08-10 09:00 14336 ----a-w- c:\windows\system32\dllcache\iisreset.exe

2012-12-02 18:13 . 2004-08-10 09:00 6144 ----a-w- c:\windows\system32\dllcache\ftpsapi2.dll

2012-12-02 15:32 . 2012-12-02 15:32 -------- d-----w- c:\program files\Microsoft

2012-12-02 15:32 . 2012-12-02 15:32 45056 ----a-r- c:\documents and settings\Linda\Application Data\Microsoft\Installer\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}\ARPPRODUCTICON.exe

2012-12-02 15:32 . 2012-12-02 15:32 102400 ----a-r- c:\documents and settings\Linda\Application Data\Microsoft\Installer\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe

2012-12-02 15:31 . 2012-10-17 09:04 580712 ------w- c:\windows\system32\HPDiscoPM5912.dll

2012-12-02 15:31 . 2012-06-18 15:54 495504 ----a-w- c:\windows\system32\HPWia1_OJ8600.dll

2012-12-02 15:31 . 2012-06-18 15:54 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ8600.dll

2012-12-02 15:31 . 2012-06-18 15:54 529808 ----a-w- c:\windows\system32\hpinksts5912.dll

2012-12-02 15:31 . 2012-06-18 15:54 268688 ----a-w- c:\windows\system32\hpinksts5912LM.dll

2012-12-02 15:31 . 2012-06-18 15:54 220560 ----a-w- c:\windows\system32\hpinkcoi5912.dll

2012-12-02 15:31 . 2012-06-18 15:21 2216336 ----a-w- c:\windows\system32\hpinkins5912.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-16 12:23 . 2005-08-16 08:18 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 21:49 . 2012-11-25 15:14 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-11 19:50 . 2012-05-26 11:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-11 19:50 . 2011-05-21 11:25 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-13 01:25 . 2012-10-22 08:37 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-09 11:56 . 2011-03-27 01:08 60480 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-11-09 11:53 . 2011-03-27 01:02 167344 ----a-w- c:\windows\system32\mfevtps.exe

2012-11-09 11:53 . 2011-03-27 01:08 91168 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2012-11-09 11:52 . 2011-03-27 01:08 9648 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-11-09 11:52 . 2011-03-27 01:08 92192 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-11-09 11:51 . 2010-10-14 02:28 565352 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-11-09 11:50 . 2011-03-27 01:08 362640 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-11-09 11:50 . 2011-03-27 01:08 65488 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-11-09 11:49 . 2011-03-27 01:08 234824 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-11-09 11:49 . 2010-10-14 02:28 132912 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-11-02 02:02 . 2005-08-16 08:18 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2012-06-13 08:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 12:17 . 2005-08-16 08:18 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2005-08-16 08:18 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 00:35 . 2005-08-16 08:18 385024 ------w- c:\windows\system32\html.iec

2012-10-31 20:10 . 2012-10-31 20:10 773968 ----a-w- c:\windows\system32\msvcr100.dll

2012-10-31 20:10 . 2012-10-31 20:10 138056 ----a-w- c:\windows\system32\atl100.dll

2012-10-25 08:12 . 2012-10-25 08:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 08:12 . 2012-10-25 08:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-02 18:04 . 2005-08-16 08:18 58368 ----a-w- c:\windows\system32\synceng.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"KGShareApp"="c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe" [2012-02-03 394752]

"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-09-12 1278648]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"Info Center"="c:\program files\PCPitstop\Info Center\InfoCenter.exe" [2011-09-26 24216]

"KodakShareButtonApp"="c:\program files\Kodak\KODAK Share Button App\Listener.exe" [2012-02-03 108032]

"ArcSoft MediaImpression Monitor"="c:\program files\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

.

c:\documents and settings\Linda\Start Menu\Programs\Startup\

EvernoteClipper.lnk - c:\program files\Evernote\Evernote\EvernoteClipper.exe [2011-6-28 974848]

Password Tracker Deluxe.lnk - c:\program files\Password Tracker Deluxe\PwTrkr.exe [2011-3-27 823296]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-6-1 24576]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\iWin Games\\iWinGames.exe"=

"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour Port 5353

.

R0 nlem32nt;NLEM32NT;c:\windows\system32\drivers\nlem32nt.sys [5/9/2011 9:59 PM 69656]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [3/26/2011 8:08 PM 91168]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 8:07 PM 167784]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [3/26/2011 8:08 PM 168880]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [3/26/2011 8:02 PM 167344]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [3/26/2011 8:08 PM 60480]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [3/26/2011 8:08 PM 362640]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/12/2012 10:09 PM 84432]

S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.355.0\BBSvc.EXE [1/25/2012 3:23 PM 192792]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 8:07 PM 167784]

S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [3/26/2011 8:07 PM 167784]

S2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [11/24/2011 9:48 AM 91816]

S3 ArcCD;ArcCD Filter Driver Service;c:\windows\system32\drivers\ArcCD.sys [4/18/2012 10:04 PM 36224]

S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.355.0\SeaPort.EXE [1/25/2012 3:23 PM 240408]

S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [11/17/2012 1:50 PM 146872]

S3 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [4/8/2011 10:17 AM 176848]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/12/2012 10:09 PM 84432]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [3/26/2011 8:08 PM 92192]

S3 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]

S3 SplashtopRemoteService;Splashtop® Remote Service;c:\program files\Splashtop\Splashtop Remote\Server\SRService.exe [6/7/2011 5:35 PM 1775432]

S3 SSUService;Splashtop Software Updater Service;c:\program files\Splashtop\Splashtop Software Updater\SSUService.exe [3/7/2011 9:39 PM 341832]

S4 ArcUdfs;ArcUdfs FileSystem Driver Service;c:\windows\system32\drivers\ArcUdfs.sys [4/18/2012 10:04 PM 134912]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ArcRec

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 19:50]

.

2012-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]

.

2012-12-28 c:\windows\Tasks\At1.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2012-12-29 c:\windows\Tasks\At2.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2012-12-29 c:\windows\Tasks\At3.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

2012-12-28 c:\windows\Tasks\At4.job

- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-09-09 19:53]

.

.

------- Supplementary Scan -------

.

uStart Page = https://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html

IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html

IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204

IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html

IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html

IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html

Trusted Zone: internet

Trusted Zone: mcafee.com

TCP: DhcpNameServer = 192.168.0.1

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\UnfriendApp\IE\common.dll

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-12-29 08:44

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(920)

c:\windows\system32\l3codeca.acm

.

Completion time: 2012-12-29 08:46:49

ComboFix-quarantined-files.txt 2012-12-29 13:46

.

Pre-Run: 57,406,951,424 bytes free

Post-Run: 57,824,940,032 bytes free

.

- - End Of File - - C227E21D4D6537ED5EFD4088E1D38F64

Link to post
Share on other sites

The good news:

I updated and ran Malwarebytes Anti-Malware and no objects were found so there was nothing to check or remove.

The bad news:

I am still getting the Windows File Protection boxes that say:

Files that are required for Windows to run properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files.

Insert your Windows XP Professional CD 2 (or 3) now.
Link to post
Share on other sites

I ran sfc /scannow and tried to use the Reinstallation CD but it said:

(2 times)

The CD you provided is the wrong CD.

Please insert the Windows XP Professional
Service Pack 3
CD into your CD-ROM drive.

(10 times)

The CD you provided is the wrong CD.

Please insert the Windows XP Professional
CD 2
into your CD-ROM drive.

If I need to find a set of CDs, do they have to be ones that are at the Service Pack 3 level or will any Windows XP Professional CD set do?

I guess this also provides a lesson to be learned: If given a choice of downloading or getting "hard media" for a major service pack upgrade, choose the hard media, even if you have to pay extra to get it.

Link to post
Share on other sites

Well of course, my version of Windows is the "special" version and the CD creation is NOT supported using the link you provided. I have Windows XP Media Center Edition 2005. I did contact Dell and they said they would send me the set of CDs for my version of Windows. They did make a point to say that since my PC was out of warranty that any additional help would be on a fee basis.

As a review, did I actually have any active viruses, trojans, or malware that you found in any of the logs?

Would you say that my main problem is really with the Windows File Protection and some files being corrupted or the wrong versions? How do they normally get that way since I understand there there should be "backup" copies in a hidden cache?

Since I use McAfee for vrius, MalwareBytes for malware and trojans, and PC Pitstop for keeping the system up (drivers, registry, disk defrag), do you have any additional recommendations?

Link to post
Share on other sites

ComboFix found this:

http://forums.cnet.c...ent-web-driver/

and some other malware > just look at the ComboFix log "Other Deletions"

-----------------------------------------

Would you say that my main problem is really with the Windows File Protection and some files being corrupted or the wrong versions? How do they normally get that way since I understand there there should be "backup" copies in a hidden cache?

I'm not sure what happened, could have been from a Windows update or some program you installed.

Since I use McAfee for vrius, MalwareBytes for malware and trojans, and PC Pitstop for keeping the system up (drivers, registry, disk defrag), do you have any additional recommendations?

Yes, I have a whole tutorial on that, give it to you when we're done.

--------------------------------------------

Lets check for any adware on the system:

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Please look over what was found, we're going to delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

MrC

Link to post
Share on other sites

Ran AdwCleaner. Nothing I could see that I would want to keep. Log follows:

Note: This is my wife's PC and she likes to play games. She does not however download games from the web. She buys them retail on CD and installs them that way. They are all single player (or if they can be multi-palyer, she never goes to the web site to play).

# AdwCleaner v2.104 - Logfile created 12/29/2012 at 13:08:14

# Updated 29/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Linda - DCYDR2B1

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Found : HKLM\Software\MetaStream

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Found : HKLM\Software\TENCENT

Key Found : HKLM\Software\Viewpoint

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1753 octets] - [29/12/2012 13:08:14]

########## EOF - C:\AdwCleaner[R1].txt - [1813 octets] ##########

Link to post
Share on other sites

Note: This is my wife's PC and she likes to play games. She does not however download games from the web. She buys them retail on CD and installs them that way. They are all single player (or if they can be multi-palyer, she never goes to the web site to play).

That's OK and cleaning out the adware found won't interfere with that.

Some adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~~

Then..............

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Ran AdwCleaner with Delete option

Ran SecurityCheck

Logs follow:

# AdwCleaner v2.104 - Logfile created 12/29/2012 at 13:45:03

# Updated 29/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Linda - DCYDR2B1

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Linda\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Deleted : HKLM\Software\TENCENT

Key Deleted : HKLM\Software\Viewpoint

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [1882 octets] - [29/12/2012 13:08:14]

AdwCleaner[s1].txt - [1847 octets] - [29/12/2012 13:45:03]

########## EOF - C:\AdwCleaner[s1].txt - [1907 octets] ##########

Results of screen317's Security Check version 0.99.56

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Disabled!

Please wait while WMIC is being installed.d

i

s

p

l

a

y

N

a

m

e

ECHO is off.

M

c

A

f

e

ECHO is off.

A

n

t

i

V

i

r

u

s

ECHO is off.

a

n

d

ECHO is off.

A

n

t

i

S

p

y

w

a

r

e

ECHO is off.

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Java 2 Runtime Environment, SE v1.4.2_03

Java version out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Java 2 Runtime Environment, SE v1.4.2_03 <----uninstall from add/remove programs

Java version out of Date! <-------Download and install the latest version from Here

Adobe Reader 10.1.4 Adobe Reader out of Date! <----please check for an update

You have out dated programs on the system which are vulnerable to malware.

Please update or uninstall them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.