Jump to content

Home Page & Search Bar HiJacked / Odd Windows Pop Up


TishB

Recommended Posts

Mr. C,

I couldn't find that [ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd\U [-] --> FOUND in registry tab. I did find it in the file folder and went ahead and deleted it. I then went back to registry and saw where it appears to have deleted the first entry of three: SUS PATH RUN HKEY_Current user ...software\microsoft\windows\current version\run once

as well as: SUS PATH TASK %windir%\tasks\avg-s AVG-Secure-SEARCH-UPDATE_June 2013_tb_rmv.job

 

Do I let these stand? Before I close out and run the adware program? Or have I made a mistake? I will wait until you reply before I move to your next step. Especially since my system had troubles waking up earlier. Thank you so much.

Link to post
Share on other sites

  • Replies 87
  • Created
  • Last Reply

Top Posters In This Topic

Got it. Looks like it's pretty empty. Only exceptions appear to be in the registry. I am not sure what is what so I'll post it before I take the next step.

 

# AdwCleaner v3.005 - Report created 30/09/2013 at 14:27:37
# Updated 22/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Shauna - LITTLEBIRD2
# Running from : C:\Documents and Settings\Shauna\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default\prefs.js ]

Line Found : user_pref("aol_toolbar.default.homepage.check", false);
Line Found : user_pref("aol_toolbar.default.search.check", false);
Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Line Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Line Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Line Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Line Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v29.0.1547.76

[ File : C:\Documents and Settings\Shauna\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [13047 octets] - [29/09/2013 23:34:02]
AdwCleaner[R1].txt - [2223 octets] - [30/09/2013 14:27:37]
AdwCleaner[s0].txt - [12672 octets] - [29/09/2013 23:43:19]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2344 octets] ##########
 

Link to post
Share on other sites

Hit the Clean button and then run MB:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

MB is now running, Mr. Charlie. Just as an fyi report...after I cleaned in AdwCleaner and the program notified me it would need to close down everything and reboot...it again did the same thing as earlier. It loaded the flying windows logo and proceeded on to a welcome screen, again it appeared to load normal...no lagging but the end results were simply my desktop without all the benefits of the items normally there such as clock, start, task bar that show what's running or anything that was on my actual desktop. Folders, progs, etc.

Again I had to shut it down cold and restart. I again selected the F9 feature it offered. Oddly enough, there was only one option, The bios one disappeared. The option available to me was: SATA: PM - WDC WD1600 BEVT 602CT1. I selected it and the rest of my windows loaded just fine...slow but everything was there.

It appears that that might be my only way on right now via using F9 for the moment. I'll let you know more once MB is finished and I can reboot properly and post the logs. Again, my deepest thanks.

Link to post
Share on other sites

Okay, if I read your instructions correctly, the scan is complete...and I'm to post the results first before selecting those boxes for removal. Here's the log, Mr. Charlie. I'll wait till I get you go-ahead for the removal, kind sir.

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.29.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Shauna :: LITTLEBIRD2 [administrator]

Protection: Enabled

9/30/2013 3:08:51 PM
MBAM-log-2013-09-30 (16-01-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 306141
Time elapsed: 51 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 9
HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{06C0EEBA-C97A-4B04-A9EF-8158DD23CC4C} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{21E7F410-F549-450F-A7E4-BD6BFA04D6E6} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3AF7FCA5-5F84-4DCF-AF24-17A6E114DE53} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{415EC2DB-DFD1-48B7-AA5C-97F39ABDE02D} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{47FB50CC-8FB6-469F-A474-C7949C18723A} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{201A253A-CAF2-07C1-53EE-EC2FBF5345B1} (PUP.Optional.Tarma.A) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B812400F-BD91-4662-A489-F5B363F162F9} (PUP.Optional.Tarma.A) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\Shauna\Local Settings\Temp\ct3291326 (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 31
C:\Documents and Settings\All Users\Application Data\InstallMate\{06C0EEBA-C97A-4B04-A9EF-8158DD23CC4C}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{06C0EEBA-C97A-4B04-A9EF-8158DD23CC4C}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{21E7F410-F549-450F-A7E4-BD6BFA04D6E6}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{21E7F410-F549-450F-A7E4-BD6BFA04D6E6}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{3AF7FCA5-5F84-4DCF-AF24-17A6E114DE53}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{3AF7FCA5-5F84-4DCF-AF24-17A6E114DE53}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{415EC2DB-DFD1-48B7-AA5C-97F39ABDE02D}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{415EC2DB-DFD1-48B7-AA5C-97F39ABDE02D}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{47FB50CC-8FB6-469F-A474-C7949C18723A}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{47FB50CC-8FB6-469F-A474-C7949C18723A}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{8D4E0CA3-D36D-4E58-ACB3-9B4F56AD2E55}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{8D4E0CA3-D36D-4E58-ACB3-9B4F56AD2E55}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{B812400F-BD91-4662-A489-F5B363F162F9}\Setup.exe (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\All Users\Application Data\InstallMate\{B812400F-BD91-4662-A489-F5B363F162F9}\TsuDll.dll (PUP.Optional.Tarma.A) -> No action taken.
C:\Documents and Settings\Shauna\My Documents\Downloads\smoboda.rar.exe (PUP.BundleInstaller.DW) -> No action taken.
C:\Documents and Settings\Shauna\My Documents\Downloads\zip.exe (PUP.Optional.InstallIQ.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\Aq+Zj8t8.exe.part (PUP.Optional.Installex) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\s2eU4MZY.exe.part (PUP.Optional.Installex) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\9A2A2F71-BAB0-7891-9B25-3B40DCB6E6F8\BabMaint.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\9A2A2F71-BAB0-7891-9B25-3B40DCB6E6F8\BUSolution.dll (PUP.Optional.BabSolution.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\9A2A2F71-BAB0-7891-9B25-3B40DCB6E6F8\ccp.exe (PUP.Babylon.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\9A2A2F71-BAB0-7891-9B25-3B40DCB6E6F8\CrxInstaller.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\9A2A2F71-BAB0-7891-9B25-3B40DCB6E6F8\NTRedirect.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\9A2A2F71-BAB0-7891-9B25-3B40DCB6E6F8\Setup.exe (PUP.Babylon.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\ct3291326\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\ct3291326\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\ct3291326\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\ct3291326\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Program Files\SaveShare\sprotector.dll (PUP.Optional.SaveShare.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\ct3291326\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Documents and Settings\Shauna\Local Settings\Temp\ct3291326\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.

(end)
 

Link to post
Share on other sites

Mr. Charlie, you rock! ;) I've deleted all as you requested. My system started right up this time. Normal. Flying windows to the welcome screen to desk top accompanied by my messy desktop and other sundries. Thank you.

When I pulled up firefox to find you it actually opened right up to my google. Sorta. It's a sorta firefox google now. I can live with that! I would dearly love to rid myself of anything to do with Yahoo too if possible. But I think there was an uninstall for that when I went looking for that delta program earlier. I think I'll do okay,

So what do I need to run now for an actual bill of clean health?

Link to post
Share on other sites

Yahoo is in your add/remove programs, so you can uninstall it:
Yahoo! Software Update
Yahoo! Toolbar

 

-----------------

 

You can set Firefox to what ever you want now.

 

---------------------

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

Went like a breeze, btw. Here's it's report.

 

 Results of screen317's Security Check version 0.99.73  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 ESET NOD32 Antivirus    
 McAfee Security Scan Plus   
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Out of date HijackThis  installed!
 SpywareBlaster 4.6    
 Spybot - Search & Destroy
 Sophos Anti-Rootkit 1.5.20   
 Malwarebytes Anti-Malware version 1.75.0.1300  
 HijackThis 1.99.1    
 Java 6 Update 11  
 Java version out of Date!
 Adobe Flash Player     11.7.700.224  
 Adobe Reader XI  
 Mozilla Firefox (24.0)
 Google Chrome 29.0.1547.66  
 Google Chrome 29.0.1547.76  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 33% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java™ 6 Update 11 <-----please update, should be Java™ 7 Update 40

Java version out of Date! <--------Go to control panel > Java > Update Tab > Update Now
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Started the process of cleaning up, Mr. C. Updated Java as per your request. At some point I was told the system would be rebooted. It somehow reverted back a couple of steps. Had to use the F9 key again and boot in that way like I mentioned earlier. Once in I ran the FRST and now have a log...then I ran RKiller. I hoped that was what you'd recommend I do. I'll post both below. That nasty recycler was active again. I went ahead and deleted it in RK file section.

I think we have both worked very hard on this today. If it's okay with you may I follow through with anything else you'd be willing to help me with in the morning? We're both on Eastern Standard...so I'll do whatever else necessary in the a.m. Think I just need to sit and read a bit and step away. Bless you and thank you for everything, Mr. Charlie. Here are those reports for you to look at. I'll wait in case you need me to run something else.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Shauna (administrator) on LITTLEBIRD2 on 30-09-2013 20:01:02
Running from C:\Documents and Settings\Shauna\Desktop\FRST
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sonic Solutions) C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
(IDT, Inc.) c:\program files\idt\wdm\STacSV.exe
(http://goforfiles.com/) C:\Program Files\GoforFiles\GFFUpdater.exe
() C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AESTFltr.exe
() C:\Program Files\HP\HPBTWD.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\Syncables.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Sun Microsystems, Inc.) C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(RealNetworks, Inc.) C:\program files\real\realplayer\update\realsched.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Safer Networking Limited) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
(syncables, LLC) C:\Program Files\syncables\syncables desktop\MigoMapi.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray.exe [483428 2009-03-30] (IDT, Inc.)
HKLM\...\Run: [AESTFltr] - C:\Windows\system32\AESTFltr.exe [737280 2009-02-18] (Andrea Electronics Corporation)
HKLM\...\Run: [HP BTW Detect Program] - C:\Program Files\HP\HPBTWD.exe [319488 2009-03-30] ()
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1418536 2009-01-15] (Synaptics, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [HP Mobile Broadband] - c:\SWsetup\HPQWWAN\HPMobileBroadband.exe [455224 2009-01-09] (Hewlett-Packard Company)
HKLM\...\Run: [syncables] - C:\Program Files\syncables\syncables desktop\Syncables.exe [173360 2009-04-02] (syncables, LLC)
HKLM\...\Run: [Microsoft Default Manager] - c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [224616 2009-02-06] (Microsoft Corp.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [PININST] - C:\SYSTEM.SAV\UTIL\PININST.EXE [94208 2006-02-25] ()
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [TkBellExe] - C:\program files\real\realplayer\update\realsched.exe [296096 2012-07-22] (RealNetworks, Inc.)
HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [3117344 2012-03-07] (ESET)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [vProt] - "C:\Program Files\AVG Secure Search\vprot.exe"
HKCU\...\Run: [spybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
HKCU\...\Run: [Xvid] - C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKCU\...\Runonce: [spUninstallDeleteDir] - rmdir /s /q "C:\Documents and Settings\Shauna\Application Data\SearchProtect"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {C44A8427-A5BA-4FA9-945A-7936B0D694F2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {F636501E-CE16-4CE0-9FB8-8B4C6B9E5574} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - {C44A8427-A5BA-4FA9-945A-7936B0D694F2} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF&src=IE-SearchBox
SearchScopes: HKCU - {D4F130FD-E0B8-4770-8AAD-BF28F263B5A0} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3291326&CUI=UN20604546432976931&UM=2
SearchScopes: HKCU - {F636501E-CE16-4CE0-9FB8-8B4C6B9E5574} URL =
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {95B7759C-8C7F-4BF1-B163-73684A933233} -  No File
BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll (Microsoft Corp.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -  No File
Toolbar: HKLM - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SearchEngineOrder.user_pref("browser.search.order.1", "");: user_pref("browser.search.order.1", "");
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "");: user_pref("browser.search.order.1,S", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Keyword.URL: user_pref("keyword.URL", "");
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=15.0.5.109 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: jid0-HVSBDzuc3UFGvmtex3x0IZzgCM8 - C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default\Extensions\jid0-HVSBDzuc3UFGvmtex3x0IZzgCM8@jetpack.xpi
FF Extension: personas - C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default\Extensions\personas@christopher.beard.xpi
FF Extension: trtv3 - C:\Documents and Settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default\Extensions\trtv3@trtv.com.xpi
FF HKLM\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Extension: (Docs) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0
CHR Extension: (Google Drive) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Chrome In-App Payments service) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\DOCUME~1\Shauna\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269; C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [125424 2008-12-12] ()
R2 BOTService; C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [203248 2009-03-19] (Sonic Solutions)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [913144 2012-03-07] (ESET)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 STacSV; c:\program files\idt\wdm\STacSV.exe [254042 2009-03-30] (IDT, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S2 vToolbarUpdater17.0.1; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

R3 AESTAud; C:\Windows\System32\drivers\AESTAud.sys [113664 2009-03-19] (Andrea Electronics Corporation)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-09-28] (AVG Technologies)
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1735040 2009-09-17] (Broadcom Corporation)
R1 eamon; C:\Windows\System32\DRIVERS\eamon.sys [160816 2012-03-14] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [120152 2012-03-14] (ESET)
R1 epfwtdir; C:\Windows\System32\DRIVERS\epfwtdir.sys [104160 2012-03-14] (ESET)
R3 L1c; C:\Windows\System32\DRIVERS\l1c51x86.sys [38912 2009-03-02] (Atheros Communications, Inc.)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [48728 2013-09-30] (MalwareBytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [40776 2013-09-30] (Malwarebytes Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1550891 2009-03-30] (IDT, Inc.)
R0 SysCow; C:\Windows\System32\drivers\syscow32x.sys [103792 2008-09-25] (Sonic Solutions)
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\1F86.tmp [x]
U4 RemoteRegistry;
S3 RSUSBSTOR; System32\Drivers\RTS5121.sys [x]
S3 Rts516xIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\Rts5161ccid.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-09-30 20:04 - 2013-09-30 20:04 - 00000000 ____D C:\Documents and Settings\Shauna\Local Settings\Application Data\Sun
2013-09-30 19:18 - 2013-09-30 19:44 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-09-30 18:03 - 2013-09-30 18:03 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Shauna\Desktop\SpyHunter-Installer.exe
2013-09-30 17:39 - 2013-09-30 17:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-30 17:39 - 2013-09-30 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun
2013-09-30 17:38 - 2013-09-30 17:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-09-30 17:38 - 2013-09-30 17:37 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-30 17:38 - 2013-09-30 17:37 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-30 17:38 - 2013-09-30 17:37 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-30 17:38 - 2013-09-30 17:37 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-30 17:38 - 2013-09-30 17:37 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-30 17:38 - 2013-09-30 17:37 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-30 17:04 - 2013-09-30 17:04 - 00201728 _____ (OldTimer Tools) C:\Documents and Settings\Shauna\Desktop\OTC.exe
2013-09-30 16:45 - 2013-09-30 16:45 - 00891144 _____ C:\Documents and Settings\Shauna\Desktop\SecurityCheck.exe
2013-09-30 14:05 - 2013-09-30 14:05 - 00003213 _____ C:\Documents and Settings\Shauna\Desktop\RKreport[0]_D_09302013_140547.txt
2013-09-30 14:00 - 2013-09-30 14:00 - 00003194 _____ C:\Documents and Settings\Shauna\Desktop\RKreport[0]_S_09302013_140044.txt
2013-09-30 13:35 - 2013-09-30 14:26 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\RK_Quarantine
2013-09-30 12:31 - 2013-09-30 16:47 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\RK
2013-09-30 12:29 - 2013-09-30 16:47 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\mware
2013-09-30 12:06 - 2013-09-30 12:06 - 00090112 _____ C:\WINDOWS\Minidump\Mini093013-01.dmp
2013-09-30 11:22 - 2013-09-30 20:01 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\FRST
2013-09-30 10:16 - 2013-09-30 20:00 - 00000000 ____D C:\FRST
2013-09-30 08:59 - 2013-09-30 11:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-30 08:58 - 2013-09-30 08:58 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-30 08:56 - 2013-09-30 11:31 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\mbar
2013-09-30 06:50 - 2013-09-30 06:50 - 01030305 _____ (Thisisu) C:\Documents and Settings\Shauna\Desktop\JRT.exe
2013-09-29 23:33 - 2013-09-30 14:43 - 00000000 ____D C:\AdwCleaner
2013-09-24 09:40 - 2013-09-24 09:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 09:40 - 2013-09-24 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-24 09:40 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-22 21:13 - 2013-09-30 11:33 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\round-up
2013-09-19 21:50 - 2013-09-29 21:37 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\Calibre Library
2013-09-18 12:30 - 2013-09-28 16:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-17 20:13 - 2013-09-17 20:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-09-07 16:40 - 2013-09-07 16:40 - 00000000 ____D C:\Documents and Settings\Shauna\Calibre Library

==================== One Month Modified Files and Folders =======

2013-09-30 20:04 - 2013-09-30 20:04 - 00000000 ____D C:\Documents and Settings\Shauna\Local Settings\Application Data\Sun
2013-09-30 20:04 - 2009-09-17 04:10 - 00000282 _____ C:\WINDOWS\Tasks\BackOnTrack Instant Restore Idle.job
2013-09-30 20:03 - 2008-06-24 21:26 - 00521766 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-09-30 20:01 - 2013-09-30 11:22 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\FRST
2013-09-30 20:00 - 2013-09-30 10:16 - 00000000 ____D C:\FRST
2013-09-30 19:59 - 2012-07-22 22:44 - 00000288 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1226193511-2892163551-3241378241-1006.job
2013-09-30 19:59 - 2012-07-22 22:44 - 00000280 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1226193511-2892163551-3241378241-1006.job
2013-09-30 19:58 - 2013-08-13 19:02 - 00000282 _____ C:\WINDOWS\Tasks\GoforFilesUpdate.job
2013-09-30 19:58 - 2012-07-22 22:40 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-30 19:58 - 2008-06-24 14:08 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-09-30 19:58 - 2008-06-24 14:08 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-09-30 19:57 - 2008-06-24 21:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-09-30 19:44 - 2013-09-30 19:18 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2013-09-30 19:33 - 2012-07-22 22:40 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-30 19:14 - 2012-07-25 13:36 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\Protection
2013-09-30 19:12 - 2013-06-10 18:03 - 00000424 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.job
2013-09-30 18:13 - 2008-06-24 21:48 - 01575429 _____ C:\WINDOWS\WindowsUpdate.log
2013-09-30 18:08 - 2013-08-13 19:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Yahoo!
2013-09-30 18:08 - 2013-08-13 19:04 - 00000000 ____D C:\Program Files\Yahoo!
2013-09-30 18:03 - 2013-09-30 18:03 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Documents and Settings\Shauna\Desktop\SpyHunter-Installer.exe
2013-09-30 17:57 - 2012-07-12 08:17 - 00000000 ____D C:\Games
2013-09-30 17:53 - 2012-11-05 17:35 - 00000000 ____D C:\Program Files\Detective Stories Hollywood
2013-09-30 17:39 - 2013-09-30 17:39 - 00000000 ____D C:\Program Files\Common Files\Java
2013-09-30 17:39 - 2013-09-30 17:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sun
2013-09-30 17:38 - 2013-09-30 17:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-09-30 17:37 - 2013-09-30 17:38 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\system32\npDeployJava1.dll
2013-09-30 17:37 - 2013-09-30 17:38 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\system32\deployJava1.dll
2013-09-30 17:37 - 2013-09-30 17:38 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-09-30 17:37 - 2013-09-30 17:38 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-09-30 17:37 - 2013-09-30 17:38 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-09-30 17:37 - 2013-09-30 17:38 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-09-30 17:37 - 2009-06-14 20:59 - 00144896 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-09-30 17:36 - 2009-06-14 20:58 - 00000000 ____D C:\Program Files\Java
2013-09-30 17:04 - 2013-09-30 17:04 - 00201728 _____ (OldTimer Tools) C:\Documents and Settings\Shauna\Desktop\OTC.exe
2013-09-30 16:47 - 2013-09-30 12:31 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\RK
2013-09-30 16:47 - 2013-09-30 12:29 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\mware
2013-09-30 16:45 - 2013-09-30 16:45 - 00891144 _____ C:\Documents and Settings\Shauna\Desktop\SecurityCheck.exe
2013-09-30 16:20 - 2009-09-17 04:08 - 00000178 ___SH C:\Documents and Settings\Shauna\ntuser.ini
2013-09-30 16:20 - 2008-06-24 21:48 - 00032514 _____ C:\WINDOWS\SchedLgU.Txt
2013-09-30 16:18 - 2013-08-12 21:06 - 00000000 ____D C:\Program Files\SaveShare
2013-09-30 16:18 - 2009-06-14 19:17 - 00000000 ____D C:\WINDOWS\twain_32
2013-09-30 14:43 - 2013-09-29 23:33 - 00000000 ____D C:\AdwCleaner
2013-09-30 14:26 - 2013-09-30 13:35 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\RK_Quarantine
2013-09-30 14:05 - 2013-09-30 14:05 - 00003213 _____ C:\Documents and Settings\Shauna\Desktop\RKreport[0]_D_09302013_140547.txt
2013-09-30 14:00 - 2013-09-30 14:00 - 00003194 _____ C:\Documents and Settings\Shauna\Desktop\RKreport[0]_S_09302013_140044.txt
2013-09-30 12:28 - 2013-04-21 11:16 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\New Books
2013-09-30 12:06 - 2013-09-30 12:06 - 00090112 _____ C:\WINDOWS\Minidump\Mini093013-01.dmp
2013-09-30 12:06 - 2012-07-22 19:10 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-30 11:45 - 2013-09-30 08:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-30 11:33 - 2013-09-22 21:13 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\round-up
2013-09-30 11:31 - 2013-09-30 08:56 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\mbar
2013-09-30 11:29 - 2009-09-17 04:08 - 00000000 ____D C:\Documents and Settings\Shauna
2013-09-30 08:58 - 2013-09-30 08:58 - 00048728 _____ (MalwareBytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-09-30 06:50 - 2013-09-30 06:50 - 01030305 _____ (Thisisu) C:\Documents and Settings\Shauna\Desktop\JRT.exe
2013-09-29 23:48 - 2012-07-26 21:55 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB952287$
2013-09-29 21:37 - 2013-09-19 21:50 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\Calibre Library
2013-09-28 16:42 - 2013-09-18 12:30 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-28 16:42 - 2013-05-20 18:34 - 00003727 _____ C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2013-09-28 16:41 - 2013-01-09 16:15 - 00000000 ____D C:\WINDOWS\system32\cache
2013-09-28 16:41 - 2013-01-03 19:32 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-09-25 20:30 - 2009-06-14 19:17 - 00000000 ____D C:\WINDOWS\Registration
2013-09-24 15:55 - 2013-06-15 11:59 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-09-24 09:40 - 2013-09-24 09:40 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-09-24 09:40 - 2013-09-24 09:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
2013-09-23 18:02 - 2013-01-03 19:37 - 00000000 ____D C:\Documents and Settings\Shauna\Application Data\mIRC
2013-09-23 04:49 - 2013-05-03 16:22 - 00000000 ____D C:\mIRCa
2013-09-20 13:04 - 2012-07-25 13:17 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-09-20 12:54 - 2008-06-24 21:48 - 00659104 _____ C:\WINDOWS\setupapi.log
2013-09-19 10:53 - 2008-06-24 21:48 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-09-19 10:50 - 2008-06-24 21:12 - 00001507 _____ C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2013-09-19 09:45 - 2012-07-22 20:58 - 00000000 ____D C:\Program Files\HijackThis
2013-09-19 06:29 - 2013-06-15 13:04 - 00000000 ____D C:\Documents and Settings\Shauna\Desktop\calibre & ebook progs
2013-09-17 20:17 - 2013-01-09 17:31 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-09-17 20:13 - 2013-09-17 20:13 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
2013-09-17 20:12 - 2012-07-22 22:35 - 00000000 ____D C:\Program Files\Google
2013-09-07 16:40 - 2013-09-07 16:40 - 00000000 ____D C:\Documents and Settings\Shauna\Calibre Library

Some content of TEMP:
====================
C:\Documents and Settings\Shauna\Local Settings\Temp\jre-7u40-windows-i586-iftw.exe
C:\Documents and Settings\Shauna\Local Settings\Temp\ntdll_dump.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

RogueKiller V8.7.0 [sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Shauna [Admin rights]
Mode : Scan -- Date : 09/30/2013 20:32:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\RunOnce : SpUninstallDeleteDir (rmdir /s /q "C:\Documents and Settings\Shauna\Application Data\SearchProtect" [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1226193511-2892163551-3241378241-1006\[...]\RunOnce : SpUninstallDeleteDir (rmdir /s /q "C:\Documents and Settings\Shauna\Application Data\SearchProtect" [x]) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] g7yufipz.default : user_pref("network.proxy.type", 4); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd\U [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[DriverStartIo] : atapi.sys -> HOOKED (Unknown @ 0x8685E2E2)
[inline] EAT @explorer.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)
[inline] EAT @explorer.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x4B7D2083)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ )  -  +++++
--- User ---
[MBR] 4d32227ea6f80138149a3e3352c3b752
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 001bae72239183c3812aa2f539227b2b
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo

Finished : << RKreport[0]_S_09302013_203247.txt >>
RKreport[0]_D_09302013_140547.txt;RKreport[0]_S_09302013_140044.txt


 

Link to post
Share on other sites

ZA is not active, it looks like this folder was never deleted:

[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd\U [-] --> FOUND

Run RogueKiller again and click Scan

When the scan completes > click on the Files tab

Put a check next to all of these and uncheck the rest: (if found)

[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd\U [-] --> FOUND

Now click Delete on the right hand column under Options

MrC

Link to post
Share on other sites

Oh no...I KNOW I deleted that file earlier. All files. I deleted it yet again just before I posted my last message. And I'm now sitting here looking at that bugger yet again.

 

Here's the report that just finished up AFTER I deleted that file before I reran RK. This little fellah is evil. It's hiding somewhere and I don't know where to look.

 

RogueKiller V8.7.0 [sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Shauna [Admin rights]
Mode : Scan -- Date : 09/30/2013 21:18:46
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] g7yufipz.default : user_pref("network.proxy.type", 4); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd\U [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @explorer.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)
[inline] EAT @explorer.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x4B7D2083)
[inline] EAT @firefox.exe (_wpgmptr) : MSVCR100.dll -> HOOKED (Unknown @ 0x692DEC70)
[inline] EAT @firefox.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ )  -  +++++
--- User ---
[MBR] 4d32227ea6f80138149a3e3352c3b752
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 001bae72239183c3812aa2f539227b2b
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo

Finished : << RKreport[0]_S_09302013_211845.txt >>
RKreport[0]_D_09302013_140547.txt;RKreport[0]_D_09302013_203517.txt;RKreport[0]_S_09302013_140044.txt
RKreport[0]_S_09302013_203247.txt


 

Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

 

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Good morning, Mr. Charlie, my friend. I've downloaded the fixlist in it's proper folder. And I'm ready to tackle this issue refreshed. I just want a team meeting for a moment before I start. Forgive me, kind sir, but coming from a medical background I can't help but feel like we're a temporary team of sorts...and another day of rerunning programs with results playing out like yesterday makes me want to grind my teeth. This is in no way any reflection of your brave and learned attempt to help me out here...but I'd like to approach this proactively rather than reactively.

I've done a little research on this recycler bug I have. Just a little. It likes flashdrives and appears to like hiding in my garbage can. Apparently that's where it seems to go to regenerate itself. Maybe not the only place but 'a' place. So, I've concluded I have to make other arrangements for it to simply NOT go to the garbage. I pulled up my garbage and checked it's properties...in there there is an option to delete automatically. Considering I'm not worried about anything but this recycler bug...it's reasonable to simply delete automatically right away. Do you concur? Theoretically, if I delete this recycler file folder via my RKiller...does it go to garbage and if I have it set to autodelete...it shouldn't come back, theoretically. Right? I'm a long time mac user and not certain if I'm just blowing bubbles here. I'm also uncertain as to how RKiller actually works but it does allow me access to this folder...and apparently to registry entries created by this bug. I'm wondering if it can be as simple as that. What do you think?

I know you want me to use this combofix...and I swear I will but I just wanted to see what you thought of what I thought before I try one little thing like autodelete from garbage can. Will it do any harm? I'm posting the RK report I just ran. Please don't be annoyed with me...you have no idea how much I respect and treasure all you give to help me. I just want to see if I tried this would it work or would I be damaging this little system even further.

 

RogueKiller V8.7.0 [sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Shauna [Admin rights]
Mode : Scan -- Date : 10/01/2013 08:50:31
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] g7yufipz.default : user_pref("network.proxy.type", 4); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] U : C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd\U [-] --> FOUND

¤¤¤ Driver : [LOADED] ¤¤¤
[inline] EAT @explorer.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)
[inline] EAT @explorer.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x4B7D2083)
[inline] EAT @firefox.exe (_wpgmptr) : MSVCR100.dll -> HOOKED (Unknown @ 0x692DEC70)
[inline] EAT @firefox.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ )  -  +++++
--- User ---
[MBR] 4d32227ea6f80138149a3e3352c3b752
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 001bae72239183c3812aa2f539227b2b
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo

Finished : << RKreport[0]_S_10012013_085030.txt >>
RKreport[0]_D_09302013_140547.txt;RKreport[0]_D_09302013_203517.txt;RKreport[0]_D_09302013_215643.txt
RKreport[0]_D_09302013_224724.txt;RKreport[0]_S_09302013_140044.txt;RKreport[0]_S_09302013_203247.txt
RKreport[0]_S_09302013_211845.txt;RKreport[0]_S_09302013_220703.txt


 

Link to post
Share on other sites

Here's the FRST report. Downloading combo and will run after I read how to disable stuff.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-09-2013 01
Ran by Shauna at 2013-10-01 09:49:47 Run:3
Running from C:\Documents and Settings\Shauna\Desktop\FRST
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd\U
C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd
*****************

C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd\U => Moved successfully.
C:\RECYCLER\S-1-5-18\$f82827fb0426f2f4879495aa9a387cdd => Deleted successfully.

==== End of Fixlog ====

Link to post
Share on other sites

Okay, Mr. C...it's all ready to go. I've disabled my antivirus, spybot S&D, and malwarebyte. I'm not certain about this firewall portion. I haven't installed anything. I tried to pull up the windows firewall in the control panel and it said it couldn't do so due to an unexplained problem. Shall I continue?

Link to post
Share on other sites

Just a quick check in with you, Mr. C. I've had the combofixer stall out on me 3 times now. I'll be going back again in a sec. For the sheer fun of it I did a quick RK scan to see what was happening...and I'll show you it's report. I"ll be back soon if the fixer doesn't quit on me again.

 

 

RogueKiller V8.7.0 [sep 30 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Shauna [Admin rights]
Mode : Scan -- Date : 10/01/2013 12:20:26
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\RunOnce : SpUninstallDeleteDir (rmdir /s /q "C:\Documents and Settings\Shauna\Application Data\SearchProtect" [x]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1226193511-2892163551-3241378241-1006\[...]\RunOnce : SpUninstallDeleteDir (rmdir /s /q "C:\Documents and Settings\Shauna\Application Data\SearchProtect" [x]) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[FF][PROXY] g7yufipz.default : user_pref("network.proxy.type", 4); -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
[Address] IRP[DriverStartIo] : atapi.sys -> HOOKED (Unknown @ 0x869692E2)
[inline] EAT @explorer.exe (??_7?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@6B@) : MSVCP60.dll -> HOOKED (Unknown @ 0x768381A1)
[inline] EAT @explorer.exe (??_7?$basic_streambuf@GU?$char_traits@G@std@@@std@@6B@) : MSVCP100.dll -> HOOKED (Unknown @ 0x4B7D2083)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100888290cs.com
127.0.0.1    100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ )  -  +++++
--- User ---
[MBR] 4d32227ea6f80138149a3e3352c3b752
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 001bae72239183c3812aa2f539227b2b
[bSP] 44af34bf80aacd4065657a6dc8994ac4 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152616 Mo

Finished : << RKreport[0]_S_10012013_122025.txt >>
RKreport[0]_D_09302013_140547.txt;RKreport[0]_D_09302013_203517.txt;RKreport[0]_D_09302013_215643.txt
RKreport[0]_D_09302013_224724.txt;RKreport[0]_D_10012013_100103.txt;RKreport[0]_S_09302013_140044.txt
RKreport[0]_S_09302013_203247.txt;RKreport[0]_S_09302013_211845.txt;RKreport[0]_S_09302013_220703.txt
RKreport[0]_S_10012013_085030.txt;RKreport[0]_S_10012013_101619.txt


 

Link to post
Share on other sites

Fourth time's a charm, Mr. C. Here's the log. Although it appears I've lost my google home page. Won't even load. Also somehow Amazon.com seems to now be my preferred search bar. What's the matter with those guys? I had respect for them till now. That's a pretty stupid advertizing gimmick if I may say so. Wait till I write those guys!

But we seem to be making progress.

 

ComboFix 13-10-01.03 - Shauna 10/01/2013  12:54:02.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1015.634 [GMT -4:00]
Running from: c:\documents and settings\Shauna\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-01 to 2013-10-01  )))))))))))))))))))))))))))))))
.
.
2013-10-01 16:26 . 2013-10-01 16:26    --------    d-----w-    c:\windows\LastGood
2013-10-01 00:04 . 2013-10-01 00:04    --------    d-----w-    c:\documents and settings\Shauna\Local Settings\Application Data\Sun
2013-09-30 21:39 . 2013-09-30 21:39    --------    d-----w-    c:\program files\Common Files\Java
2013-09-30 21:38 . 2013-09-30 21:37    790440    ----a-w-    c:\windows\system32\deployJava1.dll
2013-09-30 21:38 . 2013-09-30 21:37    868264    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-09-30 21:38 . 2013-09-30 21:37    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-09-30 14:16 . 2013-10-01 00:00    --------    d-----w-    C:\FRST
2013-09-30 12:59 . 2013-09-30 15:45    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-09-30 12:58 . 2013-09-30 12:58    48728    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-09-30 03:33 . 2013-09-30 18:43    --------    d-----w-    C:\AdwCleaner
2013-09-24 13:40 . 2013-04-04 18:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-09-24 13:40 . 2013-09-24 13:40    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-09-07 20:40 . 2013-09-07 20:40    --------    d-----w-    c:\documents and settings\Shauna\Calibre Library
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-30 21:37 . 2009-06-15 00:59    144896    ----a-w-    c:\windows\system32\javacpl.cpl
2013-09-28 20:41 . 2013-01-03 23:32    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-30 483428]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-15 136600]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
"Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"PININST"="c:\system.sav\UTIL\PININST.EXE" [2006-02-25 94208]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-07-23 296096]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [6/14/2009 8:57 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [6/14/2009 8:57 PM 15856]
R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/25/2008 1:09 AM 103792]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [1/3/2013 7:32 PM 37664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 8:40 AM 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 8:40 AM 104160]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [6/14/2009 8:57 PM 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/12/2008 1:46 AM 125424]
R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 3:04 PM 203248]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/7/2012 3:40 PM 913144]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [9/24/2013 9:40 AM 418376]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/14/2009 8:47 PM 113664]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/2/2009 5:03 PM 38912]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [9/24/2013 9:40 AM 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [9/24/2013 9:40 AM 701512]
S2 vToolbarUpdater17.0.1;vToolbarUpdater17.0.1;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.1\ToolbarUpdater.exe [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [9/30/2013 8:58 AM 48728]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/5/2013 11:48 AM 235216]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1F86.tmp --> c:\windows\system32\1F86.tmp [?]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - BITS
*NewlyCreated* - WS2IFSL
*NewlyCreated* - WUAUSERV
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 03:22    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-10-01 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
- c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 19:05]
.
2013-10-01 c:\windows\Tasks\GoforFilesUpdate.job
- c:\program files\GoforFiles\GFFUpdater.exe [2013-08-13 23:02]
.
2013-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 02:39]
.
2013-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-07-23 02:39]
.
2013-10-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1226193511-2892163551-3241378241-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2013-10-01 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1226193511-2892163551-3241378241-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-06-21 16:00]
.
2013-10-01 c:\windows\Tasks\User_Feed_Synchronization-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.



IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: google.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Shauna\Application Data\Mozilla\Firefox\Profiles\g7yufipz.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: keyword.URL -
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-{3764E0E0-6AAE-11DE-6784-0C73653918BE} - c:\mirc\Uninst_Invision.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-01 13:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
.
c:\docume~1\Shauna\LOCALS~1\Temp\RGI52.tmp 7075 bytes
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD1600BEVT-60ZCT1 rev.13.01A13 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
.
device: opened successfully
user: MBR read successfully
error: Read  A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x869692E2
user & kernel MBR OK
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\1F86.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-10-01  13:18:39
ComboFix-quarantined-files.txt  2013-10-01 17:18
.
Pre-Run: 75,099,598,848 bytes free
Post-Run: 75,465,641,984 bytes free
.
- - End Of File - - 94C02CC2D008CDCE75D407099162BD2E
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

(p.s. also...Mr. C. I've restored my protection to come back online. I have a warning now from my system that the microsoft restore it wanted is in conflict with the Roxio restore program that was on this system when I got it. What should I do?)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.