Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Need help - internet redirects, crashes, slow computer

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Sun Nov 27, 2011 11:52 am    Post subject: Need help - internet redirects, crashes, slow computer Reply with quote
my computer suffers from repeated internet redirects and pop ups using IE8. I tried to download Firefox and it just would not complete and install. the computer often locks up and crashes. Also other programs from anti spyware products try to load and asked to be purchased.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.5.0_17
Run by Judy Neufeld at 14:50:24 on 2011-11-26
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.730 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\cisvc.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\ping.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AuthBHO.cBHO: {a4d90779-6cb2-4752-83c2-a2ab4d9a672d} - c:\program files\cox\applications\app\AuthBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Shop to Win: {d071359c-30ad-4645-9b78-7a3283571f25} - c:\program files\shop to win 13\Shop to Win 13.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Cox Popup Blocker: {64634180-b0ea-48b6-82b7-9620d33362c1} - c:\program files\cox\applications\app\AuthBHO.dll
TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_5_7_0.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [MCAgentExe] c:\program files\mcafee.com\agent\mcagent.exe
mRun: [MCUpdateExe] c:\progra~1\mcafee.com\agent\McUpdate.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [VirusScan Online] c:\progra~1\mcafee.com\vso\mcvsshld.exe
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [QAGENT] c:\program files\quickenw\QAGENT.EXE
mRun: [AuthConsoleStart] c:\program files\cox\applications\app\cox.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [<NO NAME>]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\docume~1\judyne~1\startm~1\programs\startup\produc~1.lnk - c:\documents and settings\judy neufeld\local settings\temp\{f2988a32-2e75-4f65-a13d-102fb2524b8c}\{99ed6d18-af6b-4443-31c2-aac299d5d048}\ATR1.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102581063375
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab
DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} - hxxp://www.imgag.com/cp/install/AxCtp2.cab
DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/6712/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} - hxxp://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{212A100E-3695-4F0C-AFBE-344DE8667FEC} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: lbxfile - {56831180-F115-11d2-B6AA-00104B2B9943} - c:\program files\libronix dls\system\FileProt.dll
Handler: lbxres - {24508F1B-9E94-40EE-9759-9AF5795ADF52} - c:\program files\libronix dls\system\ResProt.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
.
============= SERVICES / DRIVERS ===============
.
R2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe [2003-3-14 94208]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2003-3-14 23296]
S2 gupdate1c9a39ce8cb6daf;Google Update Service (gupdate1c9a39ce8cb6daf);c:\program files\google\update\GoogleUpdate.exe [2009-3-12 133104]
S2 mrtRate;mrtRate; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2005-7-27 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-12 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 McShield;McAfee.com McShield;c:\progra~1\mcafee.com\vso\mcshield.exe [2003-3-14 225375]
S3 NPF;WinPcap Packet Driver (NPF);c:\windows\system32\drivers\npf.sys [2011-11-20 50704]
S3 SQTECH913D;913D Camera;c:\windows\system32\drivers\Capt913d.sys [2007-7-20 29522]
.
=============== Created Last 30 ================
.
2011-11-26 22:16:38 -------- d-----w- c:\program files\common files\xing shared
2011-11-26 16:04:12 -------- d-----w- c:\program files\EuroTalk Interactive
2011-11-26 11:11:16 110592 ----a-w- c:\windows\system32\4R1tC105s.com
2011-11-20 19:31:17 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-20 19:31:17 281104 ----a-w- c:\windows\system32\wpcap.dll
2011-11-20 19:31:17 100880 ----a-w- c:\windows\system32\Packet.dll
2011-11-20 06:44:30 -------- d-----w- c:\program files\Ask.com
2011-11-20 06:44:28 -------- d-----w- c:\documents and settings\judy neufeld\local settings\application data\AskToolbar
2011-11-20 06:34:19 -------- d-----w- c:\documents and settings\all users\application data\Ask
2011-11-20 06:26:26 -------- d-----w- c:\documents and settings\judy neufeld\application data\HpUpdate
2011-11-19 19:25:17 110592 ----a-w- c:\windows\system32\4R1tC105s.com_
2011-11-19 04:52:33 -------- d-----w- c:\documents and settings\judy neufeld\application data\Malwarebytes
2011-11-19 04:52:20 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-11-19 04:52:15 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-19 04:52:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-19 04:32:45 -------- d-----w- c:\documents and settings\judy neufeld\application data\mPP00yc1b3naHsK
2011-11-19 04:32:45 -------- d-----w- c:\documents and settings\judy neufeld\application data\ivFHQdLgZwUrO
2011-11-18 18:37:08 -------- d-----w- c:\program files\387BB
2011-11-18 18:36:02 -------- d-----w- c:\documents and settings\judy neufeld\application data\GwwwkUVVlONxPui
2011-11-18 18:36:01 -------- d-----w- c:\documents and settings\judy neufeld\application data\NxuvDD2o4msd8Z
2011-11-18 18:35:11 -------- d-----w- c:\documents and settings\judy neufeld\application data\10C38
2011-11-18 18:35:10 -------- d-----w- c:\program files\LP
2011-11-18 18:34:53 -------- d-----w- c:\documents and settings\judy neufeld\application data\KaQQ6Wf9TXwjCeI
2011-11-18 18:34:51 -------- d-----w- c:\documents and settings\judy neufeld\application data\B11iibDD3oG4aHs
2011-11-15 18:36:54 6668624 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{de61e1d3-e6d1-4700-a6bc-90f6e5e07765}\mpengine.dll
2011-11-12 03:16:32 -------- d-----w- c:\documents and settings\judy neufeld\local settings\application data\WeatherBug
2011-11-12 03:06:48 -------- d-----w- c:\documents and settings\all users\application data\Oberon Media
2011-11-12 03:02:34 -------- d-----w- c:\program files\common files\Oberon Media
2011-11-12 02:35:53 -------- d-----w- c:\documents and settings\judy neufeld\application data\WeatherBug
2011-11-12 02:34:29 18944 ----a-r- c:\documents and settings\judy neufeld\application data\microsoft\installer\{8f018a9e-56de-4a79-a5ef-25f413f1d538}\IconBB6A16301.exe
2011-11-11 03:25:04 86960 ----a-w- c:\program files\common files\installshield\updateservice\issch.exe
2011-11-11 03:25:04 393216 ----a-w- c:\program files\common files\installshield\updateservice\_isusres.dll
2011-11-11 03:25:04 283568 ----a-w- c:\program files\common files\installshield\updateservice\ISDM.exe
2011-11-11 03:25:03 865200 ----a-w- c:\program files\common files\installshield\updateservice\agent.exe
2011-11-10 05:44:46 -------- d-----w- c:\documents and settings\all users\application data\Trymedia
2011-11-10 02:41:29 -------- d-----w- c:\documents and settings\judy neufeld\application data\Fighters
2011-11-10 02:27:34 -------- d-----w- c:\documents and settings\all users\application data\Fighters
2011-11-10 02:16:14 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-11-10 02:09:36 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2011-11-10 02:09:32 -------- d-----w- c:\documents and settings\judy neufeld\application data\FCSB000063441
2011-11-10 02:09:03 -------- d-----w- c:\program files\Shop to Win 13
2011-11-10 02:09:00 -------- d-----w- c:\program files\Shop To Win
.
==================== Find3M ====================
.
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-03 13:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41:20 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 04:21:00 1409 ----a-w- c:\windows\QTFont.for
.
============= FINISH: 14:51:56.89 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/3/2003 7:30:35 PM
System Uptime: 11/26/2011 2:21:11 PM (0 hours ago)
.
Motherboard: Dell Computer Corporation | | 07W080
Processor: Intel(R) Celeron(R) CPU 1.80GHz | Socket 478 | 1794/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 56 GiB total, 21.298 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2300: 10/1/2011 8:55:57 AM - System Checkpoint
RP2301: 10/2/2011 9:56:01 AM - System Checkpoint
RP2302: 10/3/2011 11:07:57 AM - System Checkpoint
RP2303: 10/4/2011 11:07:12 AM - Software Distribution Service 3.0
RP2304: 10/5/2011 11:49:42 AM - System Checkpoint
RP2305: 10/6/2011 11:55:55 AM - System Checkpoint
RP2306: 10/7/2011 1:48:57 AM - Software Distribution Service 3.0
RP2307: 10/8/2011 1:55:56 AM - System Checkpoint
RP2308: 10/9/2011 2:55:58 AM - System Checkpoint
RP2309: 10/10/2011 3:55:55 AM - System Checkpoint
RP2310: 10/11/2011 4:57:01 AM - System Checkpoint
RP2311: 10/11/2011 5:05:51 AM - Software Distribution Service 3.0
RP2312: 10/12/2011 5:55:56 AM - System Checkpoint
RP2313: 10/13/2011 6:06:31 AM - System Checkpoint
RP2314: 10/13/2011 11:33:50 AM - Software Distribution Service 3.0
RP2315: 10/14/2011 3:00:20 AM - Software Distribution Service 3.0
RP2316: 10/14/2011 11:40:03 AM - Software Distribution Service 3.0
RP2317: 10/15/2011 3:00:19 AM - Software Distribution Service 3.0
RP2318: 10/16/2011 3:25:08 AM - System Checkpoint
RP2319: 10/17/2011 4:25:06 AM - System Checkpoint
RP2320: 10/18/2011 5:25:06 AM - System Checkpoint
RP2321: 10/18/2011 2:54:50 PM - Software Distribution Service 3.0
RP2322: 10/19/2011 3:32:19 PM - System Checkpoint
RP2323: 10/20/2011 5:07:01 PM - System Checkpoint
RP2324: 10/21/2011 2:04:54 AM - Software Distribution Service 3.0
RP2325: 10/22/2011 2:26:40 AM - System Checkpoint
RP2326: 10/23/2011 3:06:42 AM - System Checkpoint
RP2327: 10/24/2011 4:06:40 AM - System Checkpoint
RP2328: 10/25/2011 5:06:40 AM - System Checkpoint
RP2329: 10/25/2011 8:55:41 AM - Software Distribution Service 3.0
RP2330: 10/26/2011 9:06:40 AM - System Checkpoint
RP2331: 10/27/2011 9:22:37 AM - System Checkpoint
RP2332: 10/28/2011 9:57:39 AM - System Checkpoint
RP2333: 10/28/2011 5:23:48 PM - Software Distribution Service 3.0
RP2334: 10/29/2011 6:17:05 PM - System Checkpoint
RP2335: 10/30/2011 7:15:50 PM - System Checkpoint
RP2336: 10/31/2011 7:34:09 PM - System Checkpoint
RP2337: 11/1/2011 5:05:46 AM - Software Distribution Service 3.0
RP2338: 11/2/2011 8:55:12 AM - System Checkpoint
RP2339: 11/3/2011 9:19:05 AM - System Checkpoint
RP2340: 11/3/2011 11:22:56 PM - Software Distribution Service 3.0
RP2341: 11/5/2011 12:21:15 AM - System Checkpoint
RP2342: 11/6/2011 12:20:06 AM - System Checkpoint
RP2343: 11/7/2011 1:20:05 AM - System Checkpoint
RP2344: 11/8/2011 2:20:05 AM - System Checkpoint
RP2345: 11/8/2011 5:03:38 AM - Software Distribution Service 3.0
RP2346: 11/9/2011 3:00:18 AM - Software Distribution Service 3.0
RP2347: 11/10/2011 3:00:28 AM - Software Distribution Service 3.0
RP2348: 11/10/2011 7:25:03 PM - Installed RollerCoaster Tycoon 3 Platinum
RP2349: 11/11/2011 10:49:52 AM - Software Distribution Service 3.0
RP2350: 11/11/2011 6:32:10 PM - Installed WeatherBug
RP2351: 11/12/2011 6:52:41 PM - System Checkpoint
RP2352: 11/13/2011 3:00:35 AM - Software Distribution Service 3.0
RP2353: 11/14/2011 3:21:37 AM - System Checkpoint
RP2354: 11/15/2011 4:21:42 AM - System Checkpoint
RP2355: 11/15/2011 10:36:41 AM - Software Distribution Service 3.0
RP2356: 11/16/2011 10:57:09 AM - System Checkpoint
RP2357: 11/17/2011 10:58:11 AM - System Checkpoint
RP2358: 11/18/2011 2:51:50 PM - System Checkpoint
RP2359: 11/18/2011 5:20:49 PM - Software Distribution Service 3.0
RP2360: 11/19/2011 6:20:27 PM - System Checkpoint
RP2361: 11/19/2011 8:37:00 PM - Removed EuroTalk Talk Now!
RP2362: 11/19/2011 8:48:16 PM - Removed WeatherBug
RP2363: 11/19/2011 9:19:07 PM - Removed 3DVIA Player 4.1
RP2364: 11/19/2011 9:36:03 PM - Removed Napster
RP2365: 11/19/2011 9:36:27 PM - Removed Napster Burn Engine
RP2366: 11/19/2011 9:46:48 PM - Removed RollerCoaster Tycoon 3 Platinum
RP2367: 11/19/2011 9:57:55 PM - Removed SLOW-PCfighter.
RP2368: 11/19/2011 10:29:48 PM - Installed HP Product Assistant
RP2369: 11/19/2011 10:33:06 PM - Installed Java(TM) 6 Update 29
RP2370: 11/19/2011 10:34:10 PM - Installed Java Runtime Environment
RP2371: 11/20/2011 8:13:42 AM - Removed MSXML 4.0 SP2 (KB936181)
RP2372: 11/20/2011 8:15:26 AM - Removed MSXML 4.0 SP2 (KB954430)
RP2373: 11/20/2011 8:17:32 AM - Removed MSXML 4.0 SP2 (KB973688)
RP2374: 11/21/2011 9:18:20 AM - System Checkpoint
RP2375: 11/22/2011 10:04:23 AM - System Checkpoint
RP2376: 11/23/2011 10:08:29 AM - System Checkpoint
RP2377: 11/24/2011 11:01:50 AM - System Checkpoint
RP2378: 11/25/2011 11:03:42 AM - System Checkpoint
RP2379: 11/26/2011 8:04:05 AM - Installed EuroTalk Talk Now!
.
==== Installed Programs ======================
.
Adobe Acrobat 5.0
Adobe AIR
Adobe Download Manager (Remove Only)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.6
Amazon MP3 Downloader 1.0.3
Ask Toolbar
BACS
Banctec Service Agreement
Batch Update
BCM V.92 56K Modem
Bible Data Type System Files
Britannica Ready Reference
Broadcom Advanced Control Suite
BufferChm
Common System Files
Costco Photo Organizer
Cox Anti-Spyware and Pop-Up Blocker
Dell Digital Jukebox Driver
Dell Picture Studio - Dell Image Expert
Dell Solution Center
DellSupport
Destinations
DeviceManagementQFolder
Digital Line Detect
dj_taplugin
dj6940
Easy CD Creator 5 Basic
eMusic Download Manager
eMusic Download Manager 4.0.0.2
eSupportQFolder
EuroTalk Talk Now!
GdiplusUpgrade
Google Chrome
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Graphical Query Editor
Help and Support Customization
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 6500
HP Deskjet 6900 series
HP Imaging Device Functions 6.0
HP Photo and Imaging 1.0 - Scanjet 2300c Series
HP Photosmart Essential
HP Product Assistant
HP Solution Center and Imaging Support Tools 6.0
HP Update
hpf_ProductContext
HPProductAssistant
Hunting Unlimited 2011
Inbox Toolbar
Intel(R) Extreme Graphics Driver
Internet Explorer Q903235
ItsDeductible Express
J2SE Runtime Environment 5.0 Update 17
Java Auto Updater
Java(TM) 6 Update 29
LEGO Universe
Libronix Digital Library System
Libronix DLS Application
Libronix DLS Shortcuts
LibronixUpdate
LLS Resource Driver
LP6940_Help
LP6940Trb
Macromedia Shockwave Player
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
McAfee.com SecurityCenter
McAfee.com VirusScan Online
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Modem Helper
MSXML 4.0 SP2 (KB927978)
OEB Resource Driver
PDF Resource Driver
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scholastic's Animal Genius
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sentence Diagramming
Shockwave
Shop To Win
SolutionCenter
SpongeBob SquarePants Typing
Status
TrayApp
Unity Web Player
Unload
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player (Remove Only)
WebFldrs XP
WebReg
WexTech AnswerWorks
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Toolbar
Zoo Tycoon 2 - Ultimate Collection
.
==== Event Viewer Messages From Past Week ========
.
11/26/2011 3:11:00 AM, error: Schedule [7901] - The At7.job command failed to start due to the following error: %%2147942402
11/26/2011 2:26:16 PM, error: Service Control Manager [7034] - The McAfee.com McShield service terminated unexpectedly. It has done this 1 time(s).
11/26/2011 2:14:47 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
11/26/2011 2:14:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\JUDYNE~1\LOCALS~1\Temp\~rnsetup\pngu3267.dll. Reference error message: The operation completed successfully. .
11/26/2011 2:14:47 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
11/26/2011 1:49:38 PM, error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
11/25/2011 10:11:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402
11/24/2011 8:11:00 AM, error: Schedule [7901] - The At17.job command failed to start due to the following error: %%2147942402
11/24/2011 6:11:00 AM, error: Schedule [7901] - The At13.job command failed to start due to the following error: %%2147942402
11/24/2011 2:18:03 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
11/24/2011 12:53:44 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found.
11/24/2011 12:11:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402
11/23/2011 11:11:00 AM, error: Schedule [7901] - The At23.job command failed to start due to the following error: %%2147942402
11/23/2011 1:11:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Mon Nov 28, 2011 12:30 am    Post subject: Reply with quote
Looking over your log, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Mon Nov 28, 2011 12:33 am    Post subject: Reply with quote
Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.

Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator

Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Looks like you have a "Zero Access" infection ....

Download ComboFix from one of these locations and save it to your Desktop: (if you already have a copy of Combofix, delete it and use this version)

Link 1
Link 2

IMPORTANT !!! ComboFix.exe must be run from your Desktop


  • Disable your AntiVirus and AntiSpyware applications, they may otherwise interfere with Combofix. There are details for disabling many programmes here.

  • Double click on ComboFix.exe and follow the prompts.

  • As part of it's process, ComboFix will check to see if Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install Microsoft Windows Recovery Console.


**Please note: If Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you.

Please include this log in your next reply. ......... (it can also be found at C:\ComboFix.txt)

IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • If you've lost your Internet connection when Combofix has completely finished, re-start your computer to restore it.

If you have any problems with these instructions, a detailed Tutorial for how to use Combofix is available here.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Mon Nov 28, 2011 7:01 pm    Post subject: Reply with quote
here's the combofix log...thanks

ComboFix 11-11-28.02 - Judy Neufeld 11/28/2011 18:27:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.936 [GMT -8:00]
Running from: c:\documents and settings\Judy Neufeld\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Judy Neufeld\Start Menu\Programs\AV Protection 2011
c:\documents and settings\Judy Neufeld\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
c:\documents and settings\Judy Neufeld\WINDOWS
c:\documents and settings\Rafael Fernandez\WINDOWS
c:\program files\LP
c:\program files\LP\F051\161.tmp
c:\program files\LP\F051\162.tmp
c:\program files\LP\F051\269.tmp
c:\program files\LP\F051\26A.tmp
c:\program files\Shop to Win
c:\program files\Shop to Win\IEDetector.exe
c:\program files\Shop to Win\InstallNotifier.exe
c:\program files\Shop to Win\STWSetup-IE.exe
c:\program files\Shop to Win\unins000.dat
c:\program files\Shop to Win\unins000.exe
c:\windows\$NtUninstallKB36811$
c:\windows\$NtUninstallKB36811$\3146658885\@
c:\windows\$NtUninstallKB36811$\3146658885\bckfg.tmp
c:\windows\$NtUninstallKB36811$\3146658885\cfg.ini
c:\windows\$NtUninstallKB36811$\3146658885\Desktop.ini
c:\windows\$NtUninstallKB36811$\3146658885\keywords
c:\windows\$NtUninstallKB36811$\3146658885\kwrd.dll
c:\windows\$NtUninstallKB36811$\3146658885\L\asobptkf
c:\windows\$NtUninstallKB36811$\3146658885\lsflt7.ver
c:\windows\$NtUninstallKB36811$\3146658885\U\00000001.@
c:\windows\$NtUninstallKB36811$\3146658885\U\00000002.@
c:\windows\$NtUninstallKB36811$\3146658885\U\00000004.@
c:\windows\$NtUninstallKB36811$\3146658885\U\80000000.@
c:\windows\$NtUninstallKB36811$\3146658885\U\80000004.@
c:\windows\$NtUninstallKB36811$\3146658885\U\80000032.@
c:\windows\$NtUninstallKB36811$\41878237
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\TSOC.LOG
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it Smile
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 02:23 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-26 22:16 . 2011-11-26 22:16 -------- d-----w- c:\program files\Common Files\xing shared
2011-11-26 22:06 . 2011-11-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-26 16:04 . 2011-11-26 16:04 -------- d-----w- c:\program files\EuroTalk Interactive
2011-11-26 11:11 . 2011-11-19 22:41 110592 ----a-w- c:\windows\system32\4R1tC105s.com
2011-11-20 19:31 . 2011-11-20 19:31 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-20 06:44 . 2011-11-20 06:44 -------- d-----w- c:\program files\Ask.com
2011-11-20 06:44 . 2011-11-21 03:48 -------- d-----w- c:\documents and settings\Judy Neufeld\Local Settings\Application Data\AskToolbar
2011-11-20 06:34 . 2011-11-20 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2011-11-20 06:29 . 2011-11-20 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-11-20 06:26 . 2011-11-20 06:31 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\HpUpdate
2011-11-19 07:21 . 2011-11-19 07:21 -------- d-----w- c:\documents and settings\NetworkService\ContentWatch
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Malwarebytes
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-19 04:52 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-19 04:32 . 2011-11-19 04:32 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\ivFHQdLgZwUrO
2011-11-19 04:32 . 2011-11-19 04:32 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\mPP00yc1b3naHsK
2011-11-18 18:37 . 2011-11-19 07:18 -------- d-----w- c:\program files\387BB
2011-11-18 18:36 . 2011-11-18 18:36 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\GwwwkUVVlONxPui
2011-11-18 18:36 . 2011-11-18 18:36 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\NxuvDD2o4msd8Z
2011-11-18 18:35 . 2011-11-18 18:36 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\10C38
2011-11-18 18:34 . 2011-11-18 18:34 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\KaQQ6Wf9TXwjCeI
2011-11-18 18:34 . 2011-11-18 18:34 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\B11iibDD3oG4aHs
2011-11-15 18:36 . 2011-10-07 03:48 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DE61E1D3-E6D1-4700-A6BC-90F6E5E07765}\mpengine.dll
2011-11-12 03:16 . 2011-11-16 16:59 -------- d-----w- c:\documents and settings\Judy Neufeld\Local Settings\Application Data\WeatherBug
2011-11-12 03:06 . 2011-11-12 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2011-11-12 03:02 . 2011-11-12 03:02 -------- d-----w- c:\program files\Common Files\Oberon Media
2011-11-12 02:35 . 2011-11-12 02:35 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\WeatherBug
2011-11-12 02:34 . 2011-11-12 02:34 18944 ----a-r- c:\documents and settings\Judy Neufeld\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-11-11 04:10 . 2011-11-11 04:10 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Leadertech
2011-11-11 03:41 . 2011-11-11 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2011-11-11 03:25 . 2006-03-21 01:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2011-11-11 03:25 . 2006-03-21 01:34 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-11 03:25 . 2006-03-21 01:34 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2011-11-11 03:25 . 2006-03-21 01:34 865200 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-11-10 05:44 . 2011-11-10 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-11-10 02:41 . 2011-11-10 02:41 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Fighters
2011-11-10 02:27 . 2011-11-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2011-11-10 02:16 . 2011-11-12 02:28 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-11-10 02:09 . 2011-11-10 02:09 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441
2011-11-10 02:09 . 2011-11-10 02:09 -------- d-----w- c:\program files\Shop to Win 13
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2002-08-29 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2007-07-03 21:12 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-03 13:06 . 2010-06-11 21:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37 . 2010-04-02 00:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 21:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2011-09-26 18:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2002-08-29 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2002-08-29 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2002-08-29 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 04:21 . 2011-09-02 04:21 1409 ----a-w- c:\windows\QTFont.for
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D071359C-30AD-4645-9B78-7A3283571F25}]
2010-12-29 18:20 14432 ----a-w- c:\program files\Shop to Win 13\Shop to Win 13.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 05:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MCAgentExe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2002-09-07 192512]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2002-09-04 151552]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2002-10-04 139264]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"AuthConsoleStart"="c:\program files\Cox\Applications\app\cox.exe" [2004-10-01 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-22 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-26 296056]
.
c:\documents and settings\Judy Neufeld\Start Menu\Programs\Startup\
Product Registration.lnk - c:\documents and settings\Judy Neufeld\Local Settings\Temp\{F2988A32-2E75-4F65-A13D-102FB2524B8C}\{99ED6D18-AF6B-4443-31C2-AAC299D5D048}\ATR1.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-14 45056]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-9-23 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
.
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [3/14/2003 6:53 AM 23296]
S2 gupdate1c9a39ce8cb6daf;Google Update Service (gupdate1c9a39ce8cb6daf);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 9:31 PM 133104]
S2 mrtRate;mrtRate; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/27/2005 5:16 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 9:31 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 SQTECH913D;913D Camera;c:\windows\SYSTEM32\DRIVERS\Capt913d.sys [7/20/2007 12:39 PM 29522]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\At1.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At10.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At11.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At12.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At13.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At14.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At15.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At16.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At17.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At18.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At19.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At2.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At20.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At21.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At22.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At23.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At24.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At25.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At26.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At27.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At28.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At29.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At3.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At30.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At31.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At32.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-27 c:\windows\Tasks\At33.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-27 c:\windows\Tasks\At34.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At35.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At36.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At37.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-29 c:\windows\Tasks\At38.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-28 c:\windows\Tasks\At39.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At4.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-28 c:\windows\Tasks\At40.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At41.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At42.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At43.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At44.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At45.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At46.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At47.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At48.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At5.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At6.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At7.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At8.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At9.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 02:50]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8d703733f10a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:30]
.
2003-04-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2011-11-29 c:\windows\Tasks\McAfee.com Update Check (D3K23L21-Judy Neufeld).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2003-03-14 16:28]
.
2011-11-29 c:\windows\Tasks\McAfee.com Update Check (D3K23L21-Owner).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-03-14 16:28]
.
2011-11-29 c:\windows\Tasks\McAfee.com Update Check (D3K23L21-Rafael Fernandez).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-03-14 16:28]
.
2011-11-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2011-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-671576729-1098419401-3236593448-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-671576729-1098419401-3236593448-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-671576729-1098419401-3236593448-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-671576729-1098419401-3236593448-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 05:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QAGENT - c:\program files\QUICKENW\QAGENT.EXE
SafeBoot-WinDefend
AddRemove-{F25146ED-8C9C-4D92-B26D-7B40AE34EA66}_is1 - c:\program files\Shop To Win\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 18:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee.com\vso\mcvsrte.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-11-28 18:58:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 02:58
.
Pre-Run: 22,572,195,840 bytes free
Post-Run: 24,090,423,296 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BBA1457A08DD5BE578B3599495116A2C
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Mon Nov 28, 2011 7:01 pm    Post subject: Reply with quote
here's the combofix log...thanks

ComboFix 11-11-28.02 - Judy Neufeld 11/28/2011 18:27:47.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.936 [GMT -8:00]
Running from: c:\documents and settings\Judy Neufeld\Desktop\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\Setup.ico
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\Judy Neufeld\Start Menu\Programs\AV Protection 2011
c:\documents and settings\Judy Neufeld\Start Menu\Programs\AV Protection 2011\AV Protection 2011.lnk
c:\documents and settings\Judy Neufeld\WINDOWS
c:\documents and settings\Rafael Fernandez\WINDOWS
c:\program files\LP
c:\program files\LP\F051\161.tmp
c:\program files\LP\F051\162.tmp
c:\program files\LP\F051\269.tmp
c:\program files\LP\F051\26A.tmp
c:\program files\Shop to Win
c:\program files\Shop to Win\IEDetector.exe
c:\program files\Shop to Win\InstallNotifier.exe
c:\program files\Shop to Win\STWSetup-IE.exe
c:\program files\Shop to Win\unins000.dat
c:\program files\Shop to Win\unins000.exe
c:\windows\$NtUninstallKB36811$
c:\windows\$NtUninstallKB36811$\3146658885\@
c:\windows\$NtUninstallKB36811$\3146658885\bckfg.tmp
c:\windows\$NtUninstallKB36811$\3146658885\cfg.ini
c:\windows\$NtUninstallKB36811$\3146658885\Desktop.ini
c:\windows\$NtUninstallKB36811$\3146658885\keywords
c:\windows\$NtUninstallKB36811$\3146658885\kwrd.dll
c:\windows\$NtUninstallKB36811$\3146658885\L\asobptkf
c:\windows\$NtUninstallKB36811$\3146658885\lsflt7.ver
c:\windows\$NtUninstallKB36811$\3146658885\U\00000001.@
c:\windows\$NtUninstallKB36811$\3146658885\U\00000002.@
c:\windows\$NtUninstallKB36811$\3146658885\U\00000004.@
c:\windows\$NtUninstallKB36811$\3146658885\U\80000000.@
c:\windows\$NtUninstallKB36811$\3146658885\U\80000004.@
c:\windows\$NtUninstallKB36811$\3146658885\U\80000032.@
c:\windows\$NtUninstallKB36811$\41878237
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\TSOC.LOG
.
Infected copy of c:\windows\system32\drivers\netbt.sys was found and disinfected
Restored copy from - The cat found it Smile
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-10-28 to 2011-11-29 )))))))))))))))))))))))))))))))
.
.
2011-11-29 02:23 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-26 22:16 . 2011-11-26 22:16 -------- d-----w- c:\program files\Common Files\xing shared
2011-11-26 22:06 . 2011-11-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-26 16:04 . 2011-11-26 16:04 -------- d-----w- c:\program files\EuroTalk Interactive
2011-11-26 11:11 . 2011-11-19 22:41 110592 ----a-w- c:\windows\system32\4R1tC105s.com
2011-11-20 19:31 . 2011-11-20 19:31 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-20 06:44 . 2011-11-20 06:44 -------- d-----w- c:\program files\Ask.com
2011-11-20 06:44 . 2011-11-21 03:48 -------- d-----w- c:\documents and settings\Judy Neufeld\Local Settings\Application Data\AskToolbar
2011-11-20 06:34 . 2011-11-20 06:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Ask
2011-11-20 06:29 . 2011-11-20 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-11-20 06:26 . 2011-11-20 06:31 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\HpUpdate
2011-11-19 07:21 . 2011-11-19 07:21 -------- d-----w- c:\documents and settings\NetworkService\ContentWatch
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Malwarebytes
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-19 04:52 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-19 04:32 . 2011-11-19 04:32 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\ivFHQdLgZwUrO
2011-11-19 04:32 . 2011-11-19 04:32 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\mPP00yc1b3naHsK
2011-11-18 18:37 . 2011-11-19 07:18 -------- d-----w- c:\program files\387BB
2011-11-18 18:36 . 2011-11-18 18:36 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\GwwwkUVVlONxPui
2011-11-18 18:36 . 2011-11-18 18:36 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\NxuvDD2o4msd8Z
2011-11-18 18:35 . 2011-11-18 18:36 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\10C38
2011-11-18 18:34 . 2011-11-18 18:34 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\KaQQ6Wf9TXwjCeI
2011-11-18 18:34 . 2011-11-18 18:34 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\B11iibDD3oG4aHs
2011-11-15 18:36 . 2011-10-07 03:48 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DE61E1D3-E6D1-4700-A6BC-90F6E5E07765}\mpengine.dll
2011-11-12 03:16 . 2011-11-16 16:59 -------- d-----w- c:\documents and settings\Judy Neufeld\Local Settings\Application Data\WeatherBug
2011-11-12 03:06 . 2011-11-12 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2011-11-12 03:02 . 2011-11-12 03:02 -------- d-----w- c:\program files\Common Files\Oberon Media
2011-11-12 02:35 . 2011-11-12 02:35 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\WeatherBug
2011-11-12 02:34 . 2011-11-12 02:34 18944 ----a-r- c:\documents and settings\Judy Neufeld\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-11-11 04:10 . 2011-11-11 04:10 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Leadertech
2011-11-11 03:41 . 2011-11-11 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2011-11-11 03:25 . 2006-03-21 01:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2011-11-11 03:25 . 2006-03-21 01:34 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-11 03:25 . 2006-03-21 01:34 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2011-11-11 03:25 . 2006-03-21 01:34 865200 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-11-10 05:44 . 2011-11-10 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-11-10 02:41 . 2011-11-10 02:41 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Fighters
2011-11-10 02:27 . 2011-11-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2011-11-10 02:16 . 2011-11-12 02:28 -------- d-----w- c:\program files\Free Offers from Freeze.com
2011-11-10 02:09 . 2011-11-10 02:09 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441
2011-11-10 02:09 . 2011-11-10 02:09 -------- d-----w- c:\program files\Shop to Win 13
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-10 14:22 . 2002-08-29 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2007-07-03 21:12 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-03 13:06 . 2010-06-11 21:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37 . 2010-04-02 00:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 21:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2011-09-26 18:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2002-08-29 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2002-08-29 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2002-08-29 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 04:21 . 2011-09-02 04:21 1409 ----a-w- c:\windows\QTFont.for
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D071359C-30AD-4645-9B78-7A3283571F25}]
2010-12-29 18:20 14432 ----a-w- c:\program files\Shop to Win 13\Shop to Win 13.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-24 05:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-24 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MCAgentExe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2002-09-07 192512]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2002-09-04 151552]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2002-10-04 139264]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"AuthConsoleStart"="c:\program files\Cox\Applications\app\cox.exe" [2004-10-01 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-22 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-24 887976]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-26 296056]
.
c:\documents and settings\Judy Neufeld\Start Menu\Programs\Startup\
Product Registration.lnk - c:\documents and settings\Judy Neufeld\Local Settings\Temp\{F2988A32-2E75-4F65-A13D-102FB2524B8C}\{99ED6D18-AF6B-4443-31C2-AAC299D5D048}\ATR1.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-14 45056]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-9-23 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
.
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [3/14/2003 6:53 AM 23296]
S2 gupdate1c9a39ce8cb6daf;Google Update Service (gupdate1c9a39ce8cb6daf);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 9:31 PM 133104]
S2 mrtRate;mrtRate; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/27/2005 5:16 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 9:31 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 SQTECH913D;913D Camera;c:\windows\SYSTEM32\DRIVERS\Capt913d.sys [7/20/2007 12:39 PM 29522]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-26 c:\windows\Tasks\At1.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At10.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At11.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At12.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At13.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At14.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At15.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At16.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At17.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At18.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At19.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At2.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At20.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At21.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At22.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At23.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At24.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At25.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At26.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At27.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At28.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At29.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At3.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At30.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At31.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At32.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-27 c:\windows\Tasks\At33.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-27 c:\windows\Tasks\At34.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At35.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At36.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At37.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-29 c:\windows\Tasks\At38.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-28 c:\windows\Tasks\At39.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At4.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-28 c:\windows\Tasks\At40.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At41.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At42.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At43.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At44.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At45.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At46.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At47.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At48.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At5.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At6.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At7.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-26 c:\windows\Tasks\At8.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At9.job
- c:\windows\system32\4R1tC105s.com [2011-11-26 22:41]
.
2011-11-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 02:50]
.
2011-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8d703733f10a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:30]
.
2003-04-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2011-11-29 c:\windows\Tasks\McAfee.com Update Check (D3K23L21-Judy Neufeld).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2003-03-14 16:28]
.
2011-11-29 c:\windows\Tasks\McAfee.com Update Check (D3K23L21-Owner).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-03-14 16:28]
.
2011-11-29 c:\windows\Tasks\McAfee.com Update Check (D3K23L21-Rafael Fernandez).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2003-03-14 16:28]
.
2011-11-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2011-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-671576729-1098419401-3236593448-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-671576729-1098419401-3236593448-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-671576729-1098419401-3236593448-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-671576729-1098419401-3236593448-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-24 05:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-QAGENT - c:\program files\QUICKENW\QAGENT.EXE
SafeBoot-WinDefend
AddRemove-{F25146ED-8C9C-4D92-B26D-7B40AE34EA66}_is1 - c:\program files\Shop To Win\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-28 18:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3052)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\mcafee.com\vso\mcvsrte.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\progra~1\mcafee.com\vso\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\windows\BCMSMMSG.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-11-28 18:58:30 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-29 02:58
.
Pre-Run: 22,572,195,840 bytes free
Post-Run: 24,090,423,296 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - BBA1457A08DD5BE578B3599495116A2C
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Mon Nov 28, 2011 11:14 pm    Post subject: Reply with quote
Looking better but still things to do.

Before we go any further with the fix I need to first run some extra scans, that way we can deal with any remnants all in one go, which should save time.

First

Download TDSSKiller.zip and extract it to your Desktop.

  • Double click on TDSSKiller.exe to launch it.

    • If using Vista or Windows7, when prompted by UAC allow the prompt.

  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Next

Please download Junction.zip and save it to your desktop.

  • Right click Junction.zip and choose extract all...
  • When the Compressed Folders Extraction wizard opens, click Next
  • Click Browse
  • When the "select a destination" box opens, click My Computer > Local Disk (CSmile > Windows > OK
  • Back at the Extraction Wizard, click Next.
  • Untick "Show Extracted Files" and click Finish

    • Click Start > Run. Copy and paste the contents of the codebox below into the run box.
    • (Do Not include Code:) Then click OK:



Code:
cmd /c junction -s c:\ >log.txt&log.txt&del log.txt



  • A command window will open and the system will be scanned. (Click Agree to the prompt)
  • Please be patient & wait untill a log file opens in notepad.
  • Copy and paste the contents of that file in your next reply please.


Summary of the logs I need from you in your next post:

  • TDSSKiller log
  • Junction log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Tue Nov 29, 2011 8:37 pm    Post subject: Reply with quote
here is the TDSSKiller report...thanks again!

20:32:29.0390 2888 TDSS rootkit removing tool 2.6.21.0 Nov 24 2011 12:32:44
20:32:29.0750 2888 ============================================================
20:32:29.0750 2888 Current date / time: 2011/11/29 20:32:29.0750
20:32:29.0750 2888 SystemInfo:
20:32:29.0750 2888
20:32:29.0750 2888 OS Version: 5.1.2600 ServicePack: 3.0
20:32:29.0750 2888 Product type: Workstation
20:32:29.0750 2888 ComputerName: D3K23L21
20:32:29.0750 2888 UserName: Judy Neufeld
20:32:29.0750 2888 Windows directory: C:\WINDOWS
20:32:29.0750 2888 System windows directory: C:\WINDOWS
20:32:29.0750 2888 Processor architecture: Intel x86
20:32:29.0750 2888 Number of processors: 1
20:32:29.0750 2888 Page size: 0x1000
20:32:29.0750 2888 Boot type: Normal boot
20:32:29.0750 2888 ============================================================
20:32:32.0375 2888 Initialize success
20:32:36.0500 1052 ============================================================
20:32:36.0500 1052 Scan started
20:32:36.0500 1052 Mode: Manual;
20:32:36.0500 1052 ============================================================
20:32:38.0796 1052 Abiosdsk - ok
20:32:39.0000 1052 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS
20:32:39.0000 1052 abp480n5 - ok
20:32:39.0203 1052 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:32:39.0218 1052 ACPI - ok
20:32:39.0390 1052 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:32:39.0406 1052 ACPIEC - ok
20:32:39.0656 1052 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys
20:32:39.0671 1052 adpu160m - ok
20:32:39.0875 1052 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
20:32:39.0875 1052 aeaudio - ok
20:32:40.0078 1052 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:32:40.0093 1052 aec - ok
20:32:40.0265 1052 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:32:40.0281 1052 AFD - ok
20:32:40.0484 1052 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
20:32:40.0500 1052 AFS2K - ok
20:32:40.0703 1052 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\System32\DRIVERS\agp440.sys
20:32:40.0718 1052 agp440 - ok
20:32:40.0906 1052 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys
20:32:40.0921 1052 agpCPQ - ok
20:32:41.0062 1052 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys
20:32:41.0062 1052 Aha154x - ok
20:32:41.0250 1052 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys
20:32:41.0250 1052 aic78u2 - ok
20:32:41.0421 1052 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys
20:32:41.0421 1052 aic78xx - ok
20:32:41.0609 1052 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys
20:32:41.0609 1052 AliIde - ok
20:32:41.0765 1052 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys
20:32:41.0781 1052 alim1541 - ok
20:32:41.0937 1052 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys
20:32:41.0937 1052 amdagp - ok
20:32:42.0078 1052 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys
20:32:42.0093 1052 amsint - ok
20:32:42.0281 1052 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys
20:32:42.0296 1052 asc - ok
20:32:42.0437 1052 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys
20:32:42.0453 1052 asc3350p - ok
20:32:42.0593 1052 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys
20:32:42.0609 1052 asc3550 - ok
20:32:42.0765 1052 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:32:42.0781 1052 AsyncMac - ok
20:32:42.0921 1052 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:32:42.0937 1052 atapi - ok
20:32:43.0046 1052 Atdisk - ok
20:32:43.0187 1052 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:32:43.0187 1052 Atmarpc - ok
20:32:43.0375 1052 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:32:43.0390 1052 audstub - ok
20:32:43.0609 1052 bcm4sbxp (f5c0d3c93235a455cdd13c954adf1a80) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
20:32:43.0609 1052 bcm4sbxp - ok
20:32:43.0812 1052 BCMModem (41347688046d49cde0f6d138a534f73d) C:\WINDOWS\system32\DRIVERS\BCMSM.sys
20:32:43.0875 1052 BCMModem - ok
20:32:44.0046 1052 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:32:44.0062 1052 Beep - ok
20:32:44.0187 1052 bvrp_pci - ok
20:32:44.0203 1052 catchme - ok
20:32:44.0343 1052 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys
20:32:44.0359 1052 cbidf - ok
20:32:44.0546 1052 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:32:44.0562 1052 cbidf2k - ok
20:32:44.0718 1052 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:32:44.0718 1052 CCDECODE - ok
20:32:44.0875 1052 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys
20:32:44.0875 1052 cd20xrnt - ok
20:32:44.0984 1052 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:32:45.0000 1052 Cdaudio - ok
20:32:45.0140 1052 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:32:45.0156 1052 Cdfs - ok
20:32:45.0281 1052 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
20:32:45.0296 1052 Cdr4_xp - ok
20:32:45.0453 1052 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys
20:32:45.0453 1052 Cdralw2k - ok
20:32:45.0609 1052 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:32:45.0625 1052 Cdrom - ok
20:32:45.0781 1052 cdudf_xp (072070a498d5fad70c3a99a5f0b1331b) C:\WINDOWS\system32\drivers\cdudf_xp.sys
20:32:45.0796 1052 cdudf_xp - ok
20:32:45.0906 1052 Changer - ok
20:32:46.0109 1052 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys
20:32:46.0125 1052 CmdIde - ok
20:32:46.0343 1052 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys
20:32:46.0343 1052 Cpqarray - ok
20:32:46.0578 1052 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys
20:32:46.0593 1052 dac2w2k - ok
20:32:46.0734 1052 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys
20:32:46.0750 1052 dac960nt - ok
20:32:46.0937 1052 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:32:46.0953 1052 Disk - ok
20:32:47.0156 1052 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:32:47.0234 1052 dmboot - ok
20:32:47.0390 1052 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:32:47.0406 1052 dmio - ok
20:32:47.0562 1052 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:32:47.0562 1052 dmload - ok
20:32:47.0718 1052 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:32:47.0734 1052 DMusic - ok
20:32:47.0921 1052 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys
20:32:47.0937 1052 dpti2o - ok
20:32:48.0078 1052 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:32:48.0093 1052 drmkaud - ok
20:32:48.0250 1052 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
20:32:48.0250 1052 DSproct - ok
20:32:48.0421 1052 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
20:32:48.0437 1052 dsunidrv - ok
20:32:48.0609 1052 dvd_2K (a3997baab606caa92f27e07bc4f070f0) C:\WINDOWS\system32\drivers\dvd_2K.sys
20:32:48.0609 1052 dvd_2K - ok
20:32:48.0796 1052 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys
20:32:48.0796 1052 EL90XBC - ok
20:32:48.0984 1052 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:32:48.0984 1052 Fastfat - ok
20:32:49.0156 1052 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
20:32:49.0156 1052 Fdc - ok
20:32:49.0312 1052 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:32:49.0328 1052 Fips - ok
20:32:49.0468 1052 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20:32:49.0484 1052 Flpydisk - ok
20:32:49.0656 1052 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:32:49.0671 1052 FltMgr - ok
20:32:49.0812 1052 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:32:49.0828 1052 Fs_Rec - ok
20:32:49.0984 1052 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:32:50.0000 1052 Ftdisk - ok
20:32:50.0156 1052 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:32:50.0156 1052 Gpc - ok
20:32:50.0343 1052 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:32:50.0359 1052 HidUsb - ok
20:32:50.0593 1052 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys
20:32:50.0593 1052 hpn - ok
20:32:50.0750 1052 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:32:50.0765 1052 HPZid412 - ok
20:32:50.0906 1052 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:32:50.0906 1052 HPZipr12 - ok
20:32:51.0062 1052 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:32:51.0062 1052 HPZius12 - ok
20:32:51.0234 1052 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:32:51.0250 1052 HTTP - ok
20:32:51.0421 1052 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
20:32:51.0421 1052 i2omgmt - ok
20:32:51.0640 1052 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys
20:32:51.0656 1052 i2omp - ok
20:32:51.0812 1052 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
20:32:51.0828 1052 i8042prt - ok
20:32:51.0984 1052 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
20:32:51.0984 1052 i81x - ok
20:32:52.0234 1052 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
20:32:52.0234 1052 iAimFP0 - ok
20:32:52.0421 1052 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
20:32:52.0421 1052 iAimFP1 - ok
20:32:52.0578 1052 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
20:32:52.0593 1052 iAimFP2 - ok
20:32:52.0750 1052 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
20:32:52.0750 1052 iAimFP3 - ok
20:32:52.0906 1052 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
20:32:52.0921 1052 iAimFP4 - ok
20:32:53.0062 1052 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
20:32:53.0078 1052 iAimTV0 - ok
20:32:53.0218 1052 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
20:32:53.0218 1052 iAimTV1 - ok
20:32:53.0343 1052 iAimTV2 - ok
20:32:53.0578 1052 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
20:32:53.0593 1052 iAimTV3 - ok
20:32:53.0718 1052 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
20:32:53.0734 1052 iAimTV4 - ok
20:32:53.0937 1052 ialm (44b7d5a4f2bd9fe21aea0bb0bace38c4) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
20:32:53.0984 1052 ialm - ok
20:32:54.0218 1052 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:32:54.0234 1052 Imapi - ok
20:32:54.0468 1052 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys
20:32:54.0468 1052 ini910u - ok
20:32:54.0671 1052 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys
20:32:54.0687 1052 IntelIde - ok
20:32:54.0906 1052 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:32:54.0921 1052 ip6fw - ok
20:32:55.0093 1052 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:32:55.0109 1052 IpFilterDriver - ok
20:32:55.0296 1052 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:32:55.0312 1052 IpInIp - ok
20:32:55.0515 1052 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:32:55.0531 1052 IpNat - ok
20:32:55.0750 1052 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:32:55.0765 1052 IPSec - ok
20:32:55.0937 1052 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:32:55.0937 1052 IRENUM - ok
20:32:56.0109 1052 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:32:56.0109 1052 isapnp - ok
20:32:56.0265 1052 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:32:56.0281 1052 Kbdclass - ok
20:32:56.0453 1052 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:32:56.0453 1052 kmixer - ok
20:32:56.0781 1052 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:32:56.0781 1052 KSecDD - ok
20:32:57.0015 1052 lbrtfdc - ok
20:32:57.0203 1052 mmc_2K (e97e3fe03b6f271336cb2fbb24734989) C:\WINDOWS\system32\drivers\mmc_2K.sys
20:32:57.0218 1052 mmc_2K - ok
20:32:57.0390 1052 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:32:57.0390 1052 mnmdd - ok
20:32:57.0593 1052 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:32:57.0609 1052 Modem - ok
20:32:57.0750 1052 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
20:32:57.0765 1052 MODEMCSA - ok
20:32:57.0906 1052 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:32:57.0906 1052 Mouclass - ok
20:32:58.0046 1052 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:32:58.0062 1052 mouhid - ok
20:32:58.0218 1052 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:32:58.0234 1052 MountMgr - ok
20:32:58.0375 1052 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys
20:32:58.0390 1052 mraid35x - ok
20:32:58.0531 1052 mrtRate - ok
20:32:58.0687 1052 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:32:58.0703 1052 MRxDAV - ok
20:32:58.0859 1052 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:32:58.0890 1052 MRxSmb - ok
20:32:59.0062 1052 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:32:59.0062 1052 Msfs - ok
20:32:59.0218 1052 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:32:59.0218 1052 MSKSSRV - ok
20:32:59.0375 1052 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:32:59.0375 1052 MSPCLOCK - ok
20:32:59.0562 1052 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:32:59.0578 1052 MSPQM - ok
20:32:59.0734 1052 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:32:59.0734 1052 mssmbios - ok
20:32:59.0875 1052 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:32:59.0875 1052 MSTEE - ok
20:33:00.0046 1052 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:33:00.0046 1052 Mup - ok
20:33:00.0203 1052 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:33:00.0218 1052 NABTSFEC - ok
20:33:00.0359 1052 NaiFiltr (102de6d24087fb53ad47ca059a32fb66) C:\WINDOWS\system32\DRIVERS\NaiFiltr.sys
20:33:00.0375 1052 NaiFiltr - ok
20:33:00.0625 1052 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:33:00.0640 1052 NDIS - ok
20:33:00.0796 1052 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:33:00.0796 1052 NdisIP - ok
20:33:00.0968 1052 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:33:00.0968 1052 NdisTapi - ok
20:33:01.0125 1052 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:33:01.0125 1052 Ndisuio - ok
20:33:01.0281 1052 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:33:01.0281 1052 NdisWan - ok
20:33:01.0421 1052 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:33:01.0437 1052 NDProxy - ok
20:33:01.0609 1052 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:33:01.0625 1052 NetBIOS - ok
20:33:01.0765 1052 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:33:01.0781 1052 NetBT - ok
20:33:01.0968 1052 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:33:01.0984 1052 Npfs - ok
20:33:02.0187 1052 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:33:02.0218 1052 Ntfs - ok
20:33:02.0390 1052 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:33:02.0390 1052 Null - ok
20:33:02.0640 1052 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:33:02.0750 1052 nv - ok
20:33:02.0984 1052 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:33:02.0984 1052 NwlnkFlt - ok
20:33:03.0218 1052 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:33:03.0218 1052 NwlnkFwd - ok
20:33:03.0421 1052 omci (1d98907d80461371437a7c898c58c8ae) C:\WINDOWS\system32\DRIVERS\omci.sys
20:33:03.0421 1052 omci - ok
20:33:03.0640 1052 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys
20:33:03.0656 1052 P3 - ok
20:33:03.0843 1052 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
20:33:03.0859 1052 Parport - ok
20:33:04.0093 1052 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:33:04.0093 1052 PartMgr - ok
20:33:04.0250 1052 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:33:04.0265 1052 ParVdm - ok
20:33:04.0453 1052 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:33:04.0468 1052 PCI - ok
20:33:04.0656 1052 PCIDump - ok
20:33:04.0828 1052 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:33:04.0843 1052 PCIIde - ok
20:33:05.0062 1052 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:33:05.0078 1052 Pcmcia - ok
20:33:05.0234 1052 PDCOMP - ok
20:33:05.0390 1052 PDFRAME - ok
20:33:05.0593 1052 PDRELI - ok
20:33:05.0734 1052 PDRFRAME - ok
20:33:05.0906 1052 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys
20:33:05.0921 1052 perc2 - ok
20:33:06.0109 1052 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys
20:33:06.0125 1052 perc2hib - ok
20:33:06.0406 1052 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:33:06.0406 1052 PptpMiniport - ok
20:33:06.0593 1052 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:33:06.0593 1052 Processor - ok
20:33:06.0812 1052 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:33:06.0828 1052 PSched - ok
20:33:07.0031 1052 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:33:07.0046 1052 Ptilink - ok
20:33:07.0312 1052 pwd_2k (070eddd0e4a5be55dd590d8b30dbff22) C:\WINDOWS\system32\drivers\pwd_2k.sys
20:33:07.0328 1052 pwd_2k - ok
20:33:07.0578 1052 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\WINDOWS\system32\Drivers\PxHelp20.sys
20:33:07.0578 1052 PxHelp20 - ok
20:33:07.0843 1052 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys
20:33:07.0859 1052 ql1080 - ok
20:33:08.0046 1052 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys
20:33:08.0062 1052 Ql10wnt - ok
20:33:08.0296 1052 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys
20:33:08.0312 1052 ql12160 - ok
20:33:08.0546 1052 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys
20:33:08.0562 1052 ql1240 - ok
20:33:08.0765 1052 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys
20:33:08.0765 1052 ql1280 - ok
20:33:08.0937 1052 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:33:08.0953 1052 RasAcd - ok
20:33:09.0156 1052 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:33:09.0156 1052 Rasl2tp - ok
20:33:09.0375 1052 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:33:09.0375 1052 RasPppoe - ok
20:33:09.0562 1052 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:33:09.0562 1052 Raspti - ok
20:33:09.0765 1052 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:33:09.0781 1052 Rdbss - ok
20:33:09.0984 1052 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:33:09.0984 1052 RDPCDD - ok
20:33:10.0187 1052 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:33:10.0203 1052 rdpdr - ok
20:33:10.0421 1052 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
20:33:10.0421 1052 RDPWD - ok
20:33:10.0734 1052 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:33:10.0734 1052 redbook - ok
20:33:10.0984 1052 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:33:11.0000 1052 Secdrv - ok
20:33:11.0218 1052 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
20:33:11.0234 1052 serenum - ok
20:33:11.0421 1052 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
20:33:11.0437 1052 Serial - ok
20:33:11.0656 1052 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:33:11.0656 1052 Sfloppy - ok
20:33:11.0812 1052 Simbad - ok
20:33:12.0015 1052 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys
20:33:12.0015 1052 sisagp - ok
20:33:12.0312 1052 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:33:12.0312 1052 SLIP - ok
20:33:12.0593 1052 smwdm (8583e3dc5285eb3ddfb74fb646cdf295) C:\WINDOWS\system32\drivers\smwdm.sys
20:33:12.0625 1052 smwdm - ok
20:33:12.0843 1052 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:33:12.0843 1052 SONYPVU1 - ok
20:33:13.0093 1052 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys
20:33:13.0093 1052 Sparrow - ok
20:33:13.0296 1052 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:33:13.0312 1052 splitter - ok
20:33:13.0500 1052 SQTECH913D (c48495c76a551c1acc0e5ffab0958476) C:\WINDOWS\system32\Drivers\Capt913D.sys
20:33:13.0500 1052 SQTECH913D - ok
20:33:13.0703 1052 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:33:13.0718 1052 sr - ok
20:33:13.0953 1052 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:33:13.0968 1052 Srv - ok
20:33:14.0218 1052 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:33:14.0218 1052 streamip - ok
20:33:14.0421 1052 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:33:14.0421 1052 swenum - ok
20:33:14.0671 1052 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:33:14.0671 1052 swmidi - ok
20:33:14.0875 1052 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys
20:33:14.0890 1052 symc810 - ok
20:33:15.0109 1052 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys
20:33:15.0109 1052 symc8xx - ok
20:33:15.0343 1052 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys
20:33:15.0359 1052 sym_hi - ok
20:33:15.0609 1052 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys
20:33:15.0609 1052 sym_u3 - ok
20:33:15.0828 1052 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:33:15.0828 1052 sysaudio - ok
20:33:16.0093 1052 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:33:16.0125 1052 Tcpip - ok
20:33:16.0359 1052 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:33:16.0359 1052 TDPIPE - ok
20:33:16.0640 1052 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:33:16.0640 1052 TDTCP - ok
20:33:16.0906 1052 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:33:16.0906 1052 TermDD - ok
20:33:17.0218 1052 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys
20:33:17.0234 1052 TosIde - ok
20:33:17.0500 1052 UdfReadr_xp (27e66e79fd742c107fdb23280e17d869) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
20:33:17.0515 1052 UdfReadr_xp - ok
20:33:17.0781 1052 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:33:17.0781 1052 Udfs - ok
20:33:17.0968 1052 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys
20:33:17.0984 1052 ultra - ok
20:33:18.0218 1052 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:33:18.0250 1052 Update - ok
20:33:18.0468 1052 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:33:18.0468 1052 usbccgp - ok
20:33:18.0687 1052 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:33:18.0687 1052 usbehci - ok
20:33:18.0843 1052 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:33:18.0843 1052 usbhub - ok
20:33:18.0984 1052 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:33:19.0000 1052 usbprint - ok
20:33:19.0156 1052 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:33:19.0156 1052 usbscan - ok
20:33:19.0312 1052 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:33:19.0312 1052 USBSTOR - ok
20:33:19.0515 1052 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:33:19.0531 1052 usbuhci - ok
20:33:19.0687 1052 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:33:19.0687 1052 VgaSave - ok
20:33:19.0859 1052 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys
20:33:19.0859 1052 viaagp - ok
20:33:20.0015 1052 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys
20:33:20.0015 1052 ViaIde - ok
20:33:20.0171 1052 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:33:20.0187 1052 VolSnap - ok
20:33:20.0359 1052 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:33:20.0375 1052 Wanarp - ok
20:33:20.0515 1052 WDICA - ok
20:33:20.0671 1052 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:33:20.0671 1052 wdmaud - ok
20:33:20.0984 1052 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
20:33:21.0000 1052 WS2IFSL - ok
20:33:21.0171 1052 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:33:21.0171 1052 WSTCODEC - ok
20:33:21.0343 1052 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:33:21.0359 1052 WudfPf - ok
20:33:21.0546 1052 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:33:21.0562 1052 WudfRd - ok
20:33:21.0781 1052 {6080A529-897E-4629-A488-ABA0C29B635E} (afeffe0f8805fcd47b05cf1fbde08092) C:\WINDOWS\system32\drivers\ialmsbw.sys
20:33:21.0796 1052 {6080A529-897E-4629-A488-ABA0C29B635E} - ok
20:33:21.0968 1052 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (85a36991a5ceaf9e65c4b743210e759b) C:\WINDOWS\system32\drivers\ialmkchw.sys
20:33:21.0984 1052 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} - ok
20:33:22.0015 1052 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:33:22.0218 1052 \Device\Harddisk0\DR0 - ok
20:33:22.0234 1052 Boot (0x1200) (32e7ed2aa6f20ccaf83012da6ed74a7d) \Device\Harddisk0\DR0\Partition0
20:33:22.0234 1052 \Device\Harddisk0\DR0\Partition0 - ok
20:33:22.0250 1052 ============================================================
20:33:22.0250 1052 Scan finished
20:33:22.0250 1052 ============================================================
20:33:22.0281 3020 Detected object count: 0
20:33:22.0281 3020 Actual detected object count: 0
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Tue Nov 29, 2011 8:54 pm    Post subject: Reply with quote
this is the Junction log...


Junction v1.06 - Windows junction creator and reparse point viewer
Copyright (C) 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\c:\\hiberfil.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\pagefile.sys: The process cannot access the file because it is being used by another process.



Failed to open \\?\c:\\System Volume Information: Access is denied.


...

.
Failed to open \\?\c:\\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\7fa2d791425163832819800c9bc256ff_1dce0e75-1303-433a-bfc1-6b582bd25551: Access is denied.


..

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

...

..
Failed to open \\?\c:\\Qoobox\BackEnv: Access is denied.


.

...

...

...

...

...


Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\callcont.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\gdi32.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\h323.tsp: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\h323msp.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\helpctr.exe: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\lsasrv.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\mf3216.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\msasn1.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\msgina.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\mst120.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\netapi32.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\nmcom.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\rtcdll.dll: Access is denied.



Failed to open \\?\c:\\WINDOWS\$NtUninstallKB835732$\schannel.dll: Access is denied.


...

...

...

...

...

...

...

...

...

...

...

No reparse points found.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Wed Nov 30, 2011 1:55 am    Post subject: Reply with quote
Please go to Control Panel > Add/Remove Programs and Uninstall the following:

Quote:
Ask Toolbar


Reboot your computer when finished.

Next


  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.

Code:
Folder::
c:\windows\system32\4R1tC105s.com
c:\program files\Ask.com
c:\documents and settings\Judy Neufeld\Local Settings\Application Data\AskToolbar
c:\documents and settings\All Users\Application Data\Ask
c:\documents and settings\Judy Neufeld\Application Data\ivFHQdLgZwUrO
c:\documents and settings\Judy Neufeld\Application Data\mPP00yc1b3naHsK
c:\program files\387BB
c:\documents and settings\Judy Neufeld\Application Data\GwwwkUVVlONxPui
c:\documents and settings\Judy Neufeld\Application Data\NxuvDD2o4msd8Z
c:\documents and settings\Judy Neufeld\Application Data\10C38
c:\documents and settings\Judy Neufeld\Application Data\KaQQ6Wf9TXwjCeI
c:\documents and settings\Judy Neufeld\Application Data\B11iibDD3oG4aHs
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441
c:\program files\Shop to Win 13

File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
c:\windows\system32\4R1tC105s.com

AtJob::

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D071359C-30AD-4645-9B78-7A3283571F25}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApnUpdater"=-


  • Click Format and ensure Wordwrap is unchecked.
  • Save as CFScript.txt to your Desktop.




Refering to the picture above, drag CFScript.txt into ComboFix.exe

Combofix will now process that file.

When finished, it will produce a log for you. Post that log in your next reply please. (it can also be found at C:\Combofix.txt)

Next

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


Summary of the logs I need from you in your next post:

  • Latest Combofix log
  • E-Set log
  • Let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Wed Nov 30, 2011 6:46 pm    Post subject: Reply with quote
ComboFix log below...thanks!

ComboFix 11-11-28.02 - Judy Neufeld 11/30/2011 18:25:18.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.876 [GMT -8:00]
Running from: c:\documents and settings\Judy Neufeld\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Judy Neufeld\Desktop\CFScript.txt
.
FILE ::
"c:\windows\system32\4R1tC105s.com"
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Ask
c:\documents and settings\Judy Neufeld\Application Data\10C38
c:\documents and settings\Judy Neufeld\Application Data\10C38\87BB.0C3
c:\documents and settings\Judy Neufeld\Application Data\B11iibDD3oG4aHs
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441\Toolbar\patch.bat
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441\Toolbar\settings.xml
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441\Toolbar\Shop to Win 13.dll
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441\Toolbar\ShoppingBHO.dll
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441\Toolbar\ShopToWin.ico
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441\Toolbar\Uninst.exe
c:\documents and settings\Judy Neufeld\Application Data\FCSB000063441\Toolbar\version.txt
c:\documents and settings\Judy Neufeld\Application Data\GwwwkUVVlONxPui
c:\documents and settings\Judy Neufeld\Application Data\GwwwkUVVlONxPui\AV Protection 2011.ico
c:\documents and settings\Judy Neufeld\Application Data\ivFHQdLgZwUrO
c:\documents and settings\Judy Neufeld\Application Data\ivFHQdLgZwUrO\AV Protection 2011.ico
c:\documents and settings\Judy Neufeld\Application Data\KaQQ6Wf9TXwjCeI
c:\documents and settings\Judy Neufeld\Application Data\mPP00yc1b3naHsK
c:\documents and settings\Judy Neufeld\Application Data\NxuvDD2o4msd8Z
c:\program files\387BB
c:\program files\Shop to Win 13
c:\program files\Shop to Win 13\patch.bat
c:\program files\Shop to Win 13\settings.xml
c:\program files\Shop to Win 13\Shop to Win 13.dll
c:\program files\Shop to Win 13\ShoppingBHO.dll
c:\program files\Shop to Win 13\ShopToWin.ico
c:\program files\Shop to Win 13\Uninst.exe
c:\program files\Shop to Win 13\version.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-11-01 to 2011-12-01 )))))))))))))))))))))))))))))))
.
.
2011-11-29 07:11 . 2011-11-19 22:41 110592 ----a-w- c:\windows\system32\4R1tC105s.com
2011-11-29 02:23 . 2008-04-13 19:21 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-11-26 22:16 . 2011-11-26 22:16 -------- d-----w- c:\program files\Common Files\xing shared
2011-11-26 22:06 . 2011-11-26 22:08 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-11-26 16:04 . 2011-11-26 16:04 -------- d-----w- c:\program files\EuroTalk Interactive
2011-11-20 19:31 . 2011-11-20 19:31 50704 ----a-w- c:\windows\system32\drivers\npf.sys
2011-11-20 06:29 . 2011-11-20 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2011-11-20 06:26 . 2011-11-20 06:31 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\HpUpdate
2011-11-19 07:21 . 2011-11-19 07:21 -------- d-----w- c:\documents and settings\NetworkService\ContentWatch
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Malwarebytes
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-11-19 04:52 . 2011-11-19 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-19 04:52 . 2011-09-01 01:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-15 18:36 . 2011-10-07 03:48 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{DE61E1D3-E6D1-4700-A6BC-90F6E5E07765}\mpengine.dll
2011-11-12 03:16 . 2011-11-16 16:59 -------- d-----w- c:\documents and settings\Judy Neufeld\Local Settings\Application Data\WeatherBug
2011-11-12 03:06 . 2011-11-12 03:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Oberon Media
2011-11-12 03:02 . 2011-11-12 03:02 -------- d-----w- c:\program files\Common Files\Oberon Media
2011-11-12 02:35 . 2011-11-12 02:35 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\WeatherBug
2011-11-12 02:34 . 2011-11-12 02:34 18944 ----a-r- c:\documents and settings\Judy Neufeld\Application Data\Microsoft\Installer\{8F018A9E-56DE-4A79-A5EF-25F413F1D538}\IconBB6A16301.exe
2011-11-11 04:10 . 2011-11-11 04:10 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Leadertech
2011-11-11 03:41 . 2011-11-11 03:41 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2011-11-11 03:25 . 2006-03-21 01:34 86960 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2011-11-11 03:25 . 2006-03-21 01:34 283568 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2011-11-11 03:25 . 2006-03-21 01:34 393216 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\_isusres.dll
2011-11-11 03:25 . 2006-03-21 01:34 865200 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2011-11-10 05:44 . 2011-11-10 05:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2011-11-10 02:41 . 2011-11-10 02:41 -------- d-----w- c:\documents and settings\Judy Neufeld\Application Data\Fighters
2011-11-10 02:27 . 2011-11-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2011-11-10 02:16 . 2011-11-12 02:28 -------- d-----w- c:\program files\Free Offers from Freeze.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-30 04:46 . 2010-09-07 23:39 150392 ----a-w- c:\windows\junction.exe
2011-10-10 14:22 . 2002-08-29 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-10-07 03:48 . 2007-07-03 21:12 6668624 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-10-03 13:06 . 2010-06-11 21:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-03 10:37 . 2010-04-02 00:38 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-09-28 07:06 . 2002-09-23 21:10 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-26 18:41 . 2011-09-26 18:41 611328 ------w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2002-08-29 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2002-08-29 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-09-06 13:20 . 2002-08-29 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-09-02 04:21 . 2011-09-02 04:21 1409 ----a-w- c:\windows\QTFont.for
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-29_02.49.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-01 02:14 . 2011-12-01 02:14 16384 c:\windows\Temp\Perflib_Perfdata_570.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]
"MCAgentExe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2002-09-07 192512]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\mcupdate.exe" [2002-09-04 151552]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-04-10 679936]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2002-10-04 139264]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-11 69632]
"AuthConsoleStart"="c:\program files\Cox\Applications\app\cox.exe" [2004-10-01 163840]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2006-01-14 172032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-22 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-11-26 296056]
.
c:\documents and settings\Judy Neufeld\Start Menu\Programs\Startup\
Product Registration.lnk - c:\documents and settings\Judy Neufeld\Local Settings\Temp\{F2988A32-2E75-4F65-A13D-102FB2524B8C}\{99ED6D18-AF6B-4443-31C2-AAC299D5D048}\ATR1.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-3-14 45056]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2005-9-23 282624]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Endangered Species Trial Version\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
.
R3 NaiFiltr;NaiFiltr;c:\windows\SYSTEM32\DRIVERS\NaiFiltr.sys [3/14/2003 6:53 AM 23296]
S2 gupdate1c9a39ce8cb6daf;Google Update Service (gupdate1c9a39ce8cb6daf);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 9:31 PM 133104]
S2 mrtRate;mrtRate; [x]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/27/2005 5:16 PM 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/12/2009 9:31 PM 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 4:49 AM 227232]
S3 SQTECH913D;913D Camera;c:\windows\SYSTEM32\DRIVERS\Capt913d.sys [7/20/2007 12:39 PM 29522]
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-29 c:\windows\Tasks\At1.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At10.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At11.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At12.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At13.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At14.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At15.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At16.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At17.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-26 c:\windows\Tasks\At18.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At19.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At2.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At20.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At21.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-26 c:\windows\Tasks\At22.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At23.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-26 c:\windows\Tasks\At24.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At25.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-26 c:\windows\Tasks\At26.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At27.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-26 c:\windows\Tasks\At28.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At29.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At3.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-26 c:\windows\Tasks\At30.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At31.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-26 c:\windows\Tasks\At32.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-27 c:\windows\Tasks\At33.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-27 c:\windows\Tasks\At34.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-26 c:\windows\Tasks\At35.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-26 c:\windows\Tasks\At36.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-12-01 c:\windows\Tasks\At37.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-12-01 c:\windows\Tasks\At38.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At39.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At4.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At40.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At41.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At42.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At43.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At44.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At45.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At46.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At47.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At48.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At5.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At6.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At7.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-11-29 c:\windows\Tasks\At8.job
- c:\windows\system32\4R1tC105s.com_ [2011-11-19 22:41]
.
2011-11-29 c:\windows\Tasks\At9.job
- c:\windows\system32\4R1tC105s.com [2011-11-29 22:41]
.
2011-12-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-06 02:50]
.
2011-12-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc8d703733f10a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 05:30]
.
2003-04-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
.
2011-12-01 c:\windows\Tasks\McAfee.com Update Check (D3K23L21-Judy Neufeld).job
- c:\progra~1\mcafee.com\agent\mcupdate.exe [2003-03-14 16:28]
.
2011-11-29 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
2011-12-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-671576729-1098419401-3236593448-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-12-01 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-671576729-1098419401-3236593448-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-671576729-1098419401-3236593448-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
2011-11-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-671576729-1098419401-3236593448-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-09 00:14]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/
uInternet Settings,ProxyOverride = hxxp://localhost;
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {26B2A5DA-BFD6-422F-A89A-28A54C74B12B} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_4/PhotoCenter_ActiveX_Control.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-30 18:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-11-30 18:44:26
ComboFix-quarantined-files.txt 2011-12-01 02:44
ComboFix2.txt 2011-11-29 02:58
.
Pre-Run: 24,080,781,312 bytes free
Post-Run: 24,121,970,688 bytes free
.
- - End Of File - - E602A1A00E6BD25107CEFFCA419F2BD5
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Wed Nov 30, 2011 8:58 pm    Post subject: Reply with quote
ESET log below...thanks!

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ad2594450dc05241947505ed936ff29d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-01 04:56:05
# local_time=2011-11-30 08:56:05 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5889 16768382 80 100 139121505 162521945 0 139204799
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=103945
# found=51
# cleaned=0
# scan_time=6968
C:\Documents and Settings\All Users\Application Data\Fighters\SLOW-PCfighter\InstallCache\{7269CBA7-2A83-4CA4-9014-EC7FB0104CE1}\SLOW-PCfighter.msi a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\23\1c073dd7-201a9ff1 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\42\460df92a-35a401d8 a variant of Java/Exploit.CVE-2010-4452.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\5\40cd8d85-6f525459 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-4279bff3-18c9aa13.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-4b5800b8-71292200.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-5df287db-5233daa4.zip multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\netbt.sys.vir a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2359\A0199246.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2359\A0199305.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2359\A0199306.SCR Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2359\A0199307.DLL Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2359\A0199308.EXE Win32/Adware.FunWeb application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2359\A0199312.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2359\A0199332.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2362\A0200513.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2365\A0201026.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2366\A0201164.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2367\A0201313.rbf a variant of Win32/SlowPCfighter application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2367\A0201327.dll a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2367\A0201328.exe a variant of Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2367\A0201689.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2367\A0202689.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2367\A0202751.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2370\A0202895.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2370\A0202907.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2373\A0203179.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2373\A0203182.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2373\A0203197.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2374\A0203324.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2375\A0203341.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2375\A0203345.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2376\A0203360.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2377\A0203364.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2377\A0203368.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2377\A0203379.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2378\A0203404.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2379\A0203414.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2379\A0203426.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2379\A0203432.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2379\A0203980.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2379\A0204042.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2379\A0204062.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2380\A0204139.sys a variant of Win32/Rootkit.Kryptik.FF trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2380\A0204171.dll a variant of Win32/Adware.Yontoo.B application (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2380\A0204259.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP2382\A0204437.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\SYSTEM32\4R1tC105s.com a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\SYSTEM32\4R1tC105s.com_ a variant of Win32/Kryptik.VRX trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} multiple threats 00000000000000000000000000000000 I
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Wed Nov 30, 2011 9:00 pm    Post subject: Reply with quote
Forgot to mention the computer is working much,much better than before! It's quicker with no redirects, pop ups, or crashes...
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Thu Dec 01, 2011 2:04 am    Post subject: Reply with quote
Still a few things to do ....

Download OTM by Old Timer and save it to your Desktop.

Alternative Download

  • Double-click OTM.exe to run it.
  • Copy the lines in the codebox below.

Code:
:Processes
killallprocesses

:Files
C:\Documents and Settings\All Users\Application Data\Fighters\SLOW-PCfighter\InstallCache\{7269CBA7-2A83-4CA4-9014-EC7FB0104CE1}\SLOW-PCfighter.msi
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\23\1c073dd7-201a9ff1
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\42\460df92a-35a401d8
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\5\40cd8d85-6f525459
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-4279bff3-18c9aa13.zip
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-4b5800b8-71292200.zip
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-5df287db-5233daa4.zip
C:\WINDOWS\SYSTEM32\4R1tC105s.com
c:\windows\Tasks\At*.job

:Commands
[ClearAllRestorePoints]
[EmptyTemp]
[ResetHosts]


  • Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.


  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Thu Dec 01, 2011 6:49 pm    Post subject: Reply with quote
OTM Log...please note that it asked to reboot during the process.

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Fighters\SLOW-PCfighter\InstallCache\{7269CBA7-2A83-4CA4-9014-EC7FB0104CE1}\SLOW-PCfighter.msi moved successfully.
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\23\1c073dd7-201a9ff1 moved successfully.
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\42\460df92a-35a401d8 moved successfully.
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\6.0\5\40cd8d85-6f525459 moved successfully.
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-4279bff3-18c9aa13.zip moved successfully.
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-4b5800b8-71292200.zip moved successfully.
C:\Documents and Settings\Judy Neufeld\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\data.gif-5df287db-5233daa4.zip moved successfully.
C:\WINDOWS\SYSTEM32\4R1tC105s.com moved successfully.
c:\windows\Tasks\At1.job moved successfully.
c:\windows\Tasks\At10.job moved successfully.
c:\windows\Tasks\At11.job moved successfully.
c:\windows\Tasks\At12.job moved successfully.
c:\windows\Tasks\At13.job moved successfully.
c:\windows\Tasks\At14.job moved successfully.
c:\windows\Tasks\At15.job moved successfully.
c:\windows\Tasks\At16.job moved successfully.
c:\windows\Tasks\At17.job moved successfully.
c:\windows\Tasks\At18.job moved successfully.
c:\windows\Tasks\At19.job moved successfully.
c:\windows\Tasks\At2.job moved successfully.
c:\windows\Tasks\At20.job moved successfully.
c:\windows\Tasks\At21.job moved successfully.
c:\windows\Tasks\At22.job moved successfully.
c:\windows\Tasks\At23.job moved successfully.
c:\windows\Tasks\At24.job moved successfully.
c:\windows\Tasks\At25.job moved successfully.
c:\windows\Tasks\At26.job moved successfully.
c:\windows\Tasks\At27.job moved successfully.
c:\windows\Tasks\At28.job moved successfully.
c:\windows\Tasks\At29.job moved successfully.
c:\windows\Tasks\At3.job moved successfully.
c:\windows\Tasks\At30.job moved successfully.
c:\windows\Tasks\At31.job moved successfully.
c:\windows\Tasks\At32.job moved successfully.
c:\windows\Tasks\At33.job moved successfully.
c:\windows\Tasks\At34.job moved successfully.
c:\windows\Tasks\At35.job moved successfully.
c:\windows\Tasks\At36.job moved successfully.
c:\windows\Tasks\At37.job moved successfully.
c:\windows\Tasks\At38.job moved successfully.
c:\windows\Tasks\At39.job moved successfully.
c:\windows\Tasks\At4.job moved successfully.
c:\windows\Tasks\At40.job moved successfully.
c:\windows\Tasks\At41.job moved successfully.
c:\windows\Tasks\At42.job moved successfully.
c:\windows\Tasks\At43.job moved successfully.
c:\windows\Tasks\At44.job moved successfully.
c:\windows\Tasks\At45.job moved successfully.
c:\windows\Tasks\At46.job moved successfully.
c:\windows\Tasks\At47.job moved successfully.
c:\windows\Tasks\At48.job moved successfully.
c:\windows\Tasks\At5.job moved successfully.
c:\windows\Tasks\At6.job moved successfully.
c:\windows\Tasks\At7.job moved successfully.
c:\windows\Tasks\At8.job moved successfully.
c:\windows\Tasks\At9.job moved successfully.
========== COMMANDS ==========

Restore points cleared and new OTM Restore Point set!

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
->Flash cache emptied: 56545 bytes

User: Judy Neufeld
->Temp folder emptied: 222886 bytes
->Temporary Internet Files folder emptied: 74147394 bytes
->Java cache emptied: 8757201 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 1610064 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 42689 bytes

User: Owner

User: Rafael Fernandez
->Temp folder emptied: 248651593 bytes
->Temporary Internet Files folder emptied: 34617614 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 49894 bytes

%systemdrive% .tmp files removed: 14648 bytes
%systemroot% .tmp files removed: 19528 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 738 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 75218 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 352.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTM by OldTimer - Version 3.1.19.0 log created on 12012011_183814

Files moved on Reboot...
File C:\Documents and Settings\Rafael Fernandez\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3CR0NEF\activity;src=1389575;met=1;v=1;pid=17257993;aid=111521165;ko=0;cid=21003050;rid=21020943;rv=2;&timestamp=1182468306562;eid1=2;ecn1=1;etm1=10;eid2=1006;ecn2=1;etm2=10;eid[1].gif not found!
File C:\Documents and Settings\Rafael Fernandez\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y3CR0NEF\activity;src=1389575;met=1;v=1;pid=17257993;aid=111521165;ko=0;cid=21003050;rid=21020943;rv=2;&timestamp=1182468379578;eid1=2;ecn1=0;etm1=10;eid2=1006;ecn2=0;etm2=10;eid[1].gif not found!
File C:\Documents and Settings\Rafael Fernandez\Local Settings\Temp\Temporary Internet Files\Content.IE5\4PQR4LEZ\activity;src=1389575;met=1;v=1;pid=17257993;aid=111521165;ko=0;cid=21003050;rid=21020943;rv=2;&timestamp=1182468369578;eid1=2;ecn1=1;etm1=10;eid2=1006;ecn2=1;etm2=9;eid3[1].gif not found!

Registry entries deleted on Reboot...
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Fri Dec 02, 2011 8:27 am    Post subject: Reply with quote
Sorry to be so late getting back to you, I didn't get the usual e-mail reminder that you'd replied. Sorry, should have told you that OTM might want to reboot your machine, it needs to do that in order to remove files that might be locked by an active process.

Looks like we've got everything now, time for a little tidying up then I'll make a few suggestions about security.

First

Let's clear out Combofix and the files/folders it created

  • Click Start > Run
  • Copy/Paste ComboFix /Uninstall into the Run box.
  • Click OK
  • Combofix will now delete its files and folders and also perform the following function.

    • Clears System Restore cache and creates a new Restore point. This will remove any "malicious" System Restore files, which may have been created whilst your computer was infected.


IMPORTANT

  • Do not use your computer while Combofix is running.
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


Next

Let's clear out OTM and the files and folders it created. This will also remove TDSSKiller.

  • Double click OTM.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTM will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTM
  • Now delete OTM.exe (if still present).


Next

Please delete Junction and any associated log files.

As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?

  • If you are let me know about them.
  • If not it's time to make your computer more secure.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If your computer is running slowly after your clean up, please read.

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
ERF
Junior Member


Joined: 17 Nov 2010
Last Visit: 03 Nov 2012
Posts: 36
PostPosted: Sun Dec 04, 2011 1:31 pm    Post subject: Reply with quote
thank you very much...the computer is working wonderfully.
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 10 Jun 2013
Posts: 9708
Location: Yorkshire
PostPosted: Mon Dec 05, 2011 12:54 am    Post subject: Reply with quote
You're welcome, glad we could help. Very Happy

Keep safe,

Gary


Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group