TechSpot

Followed 7-step Removal Process, here are logs

By bbanks72
Jul 12, 2011
  1. Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 7093

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/12/2011 9:07:59 PM
    mbam-log-2011-07-12 (21-07-59).txt

    Scan type: Quick scan
    Objects scanned: 258767
    Time elapsed: 37 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-07-12 22:23:35
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-17 WDC_WD1600JD-75HBB0 rev.08.02D08
    Running: wvbgr6ux.exe; Driver: C:\DOCUME~1\Bryan\LOCALS~1\Temp\pwtdapod.sys


    ---- System - GMER 1.0.15 ----

    Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
    Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

    AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Run by Bryan at 22:29:38 on 2011-07-12
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.387 [GMT -5:00]
    .
    AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
    AV: Charter Security Suite 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Charter Security Suite 9.01 *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
    C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Secunia\PSI\PSIA.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Secunia\PSI\sua.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\System32\DSentry.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\WildTangent\Apps\CDA\GameDrvr.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
    C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Charter Security Suite\Common\FSM32.EXE
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Documents and Settings\Bryan\Application Data\Dropbox\bin\Dropbox.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\dlbucoms.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.charter.net/
    uDefault_Page_URL = hxxp://www.dell4me.com/myway
    uSearch Bar = hxxp://www.google.com/ie
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    uURLSearchHooks: N/A: {d73f49b6-b51b-4d32-a3b7-bd04b8342f53} - c:\program files\morpheusbar\srchastt\2.bin\MBSRCAS.DLL
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
    BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
    BHO: {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: Morpheus Toolbar: {3f3714a9-89a4-46be-8af3-d0c9d1fb03f9} - c:\program files\morpheusbar\bar\2.bin\MORPHBAR.DLL
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
    TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [Sonic RecordNow!]
    uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
    uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"
    uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
    mRun: [DVDSentry] c:\windows\system32\DSentry.exe
    mRun: [PCMService] "c:\program files\dell\media experience\PCMService.exe"
    mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
    mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
    mRun: [ZingSpooler] c:\program files\easy upload tools\drivers\spooler\ZingSpooler.exe
    mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe
    mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
    mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.0\apps\apdproxy.exe"
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Dell Photo AIO Printer 942] "c:\program files\dell photo aio printer 942\dlbubmgr.exe"
    mRun: [DellMCM]
    mRun: [DLBUCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLBUtime.dll,_RunDLLEntry@16
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
    mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    dRunOnce: [RunNarrator] Narrator.exe
    StartupFolder: c:\docume~1\bryan\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\bryan\application data\dropbox\bin\Dropbox.exe
    StartupFolder: c:\documents and settings\bryan\start menu\programs\startup\PowerReg Scheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4.5\transfer utility\CameraMonitor.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\PowerReg Scheduler.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quicke~1.lnk - c:\program files\quicken\bagent.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    LSP: c:\program files\charter security suite\fsps\program\FSLSP.DLL
    Trusted Zone: musicmatch.com\online
    DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
    DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
    DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www2.snapfish.com/SnapfishActivia.cab
    DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
    DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://myvpn.ford.com/dana-cached/setup/JuniperSetupSP1.cab
    DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} - hxxp://www.imagestation.com/common/classes/SonyISUpload.cab?v=1,0,0,38
    TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
    TCP: Interfaces\{344CA7AE-E4CE-4917-86A7-5B01A7F57C2F} : DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: orkxaa.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [2011-7-10 42664]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [2011-7-10 82120]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-5-3 263888]
    R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-5-3 338880]
    R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-5-3 656320]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\charter security suite\hips\drivers\fshs.sys [2011-7-10 68064]
    R1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [2011-5-3 233976]
    R2 F-Secure Gatekeeper Handler Starter;FSGKHS;c:\program files\charter security suite\anti-virus\fsgk32st.exe [2011-7-10 215648]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-9-26 88176]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-4-19 399416]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-8-1 24652]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\charter security suite\anti-virus\minifilter\fsgk.sys [2011-7-10 148648]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\charter security suite\orsp client\fsorsp.exe [2011-7-10 61088]
    R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
    R3 WinDriver;WinDriver kernel module;c:\windows\system32\drivers\windrvr.sys [2004-7-11 215640]
    S0 fnyozi;fnyozi;c:\windows\system32\drivers\qpedfh.sys --> c:\windows\system32\drivers\qpedfh.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S2 mrtRate;mrtRate; [x]
    S3 ba304;ba304;\??\c:\docume~1\bryan\locals~1\temp\ba304.sys --> c:\docume~1\bryan\locals~1\temp\ba304.sys [?]
    S3 cpuz132;cpuz132;\??\c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
    S3 CVDMINDV;CVDMINDV;\??\c:\docume~1\bryan\locals~1\temp\cvdmindv.sys --> c:\docume~1\bryan\locals~1\temp\CVDMINDV.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
    S3 imsfs;imsfs;c:\docume~1\kaylie\locals~1\temp\imsfs.sys [2007-7-14 17920]
    S3 iserial;iserial;\??\c:\docume~1\bryan\locals~1\temp\iserial.sys --> c:\docume~1\bryan\locals~1\temp\iserial.sys [?]
    S3 lpsched;lpsched;\??\c:\docume~1\bryan\locals~1\temp\lpsched.sys --> c:\docume~1\bryan\locals~1\temp\lpsched.sys [?]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2007-8-1 34248]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2007-8-1 40552]
    S3 omouhid;omouhid;\??\c:\docume~1\bryan\locals~1\temp\omouhid.sys --> c:\docume~1\bryan\locals~1\temp\omouhid.sys [?]
    S3 qtape;qtape;\??\c:\docume~1\bryan\locals~1\temp\qtape.sys --> c:\docume~1\bryan\locals~1\temp\qtape.sys [?]
    S3 rati1tux;rati1tux;c:\docume~1\kaylie\locals~1\temp\rati1tux.sys [2005-12-6 17920]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-1-12 371472]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-1-12 1117144]
    S3 ssmbali;ssmbali;\??\c:\docume~1\bryan\locals~1\temp\ssmbali.sys --> c:\docume~1\bryan\locals~1\temp\ssmbali.sys [?]
    S3 ta311;ta311;\??\c:\docume~1\bryan\locals~1\temp\ta311.sys --> c:\docume~1\bryan\locals~1\temp\ta311.sys [?]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [2001-1-8 15576]
    S3 xusbuhci;xusbuhci;\??\c:\docume~1\bryan\locals~1\temp\xusbuhci.sys --> c:\docume~1\bryan\locals~1\temp\xusbuhci.sys [?]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\charter security suite\anti-virus\win2k\fsfilter.sys [2011-7-10 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\charter security suite\anti-virus\win2k\fsrec.sys [2011-7-10 25184]
    .
    =============== Created Last 30 ================
    .
    2011-07-13 00:48:02 -------- d-----w- C:\savw_97_sa
    2011-07-10 18:42:03 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-07-10 18:38:39 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-07-10 18:24:53 -------- d-----w- c:\program files\Charter Security Suite
    2011-07-10 18:18:20 -------- d-----w- c:\documents and settings\all users\application data\fssg
    2011-07-10 18:16:39 -------- d-----w- c:\documents and settings\all users\application data\f-secure
    .
    ==================== Find3M ====================
    .
    2011-06-18 14:35:16 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-04 14:13:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-06-04 14:13:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-29 14:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 14:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-29 00:57:17 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
    2005-10-02 12:26:15 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    ============= FINISH: 22:35:13.85 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-23.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/9/2004 9:39:54 PM
    System Uptime: 7/12/2011 7:00:52 PM (3 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0F4491
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 149 GiB total, 79.516 GiB free.
    D: is CDROM (CDFS)
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable
    J: is Removable
    K: is FIXED (NTFS) - 932 GiB total, 815.995 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP2441: 5/14/2011 5:40:34 AM - System Checkpoint
    RP2442: 5/14/2011 8:06:12 PM - System Checkpoint
    RP2443: 5/15/2011 8:41:56 PM - System Checkpoint
    RP2444: 5/16/2011 10:14:11 PM - System Checkpoint
    RP2445: 5/17/2011 10:29:15 PM - System Checkpoint
    RP2446: 5/18/2011 11:20:11 PM - System Checkpoint
    RP2447: 5/20/2011 8:56:11 AM - System Checkpoint
    RP2448: 5/21/2011 12:30:02 PM - System Checkpoint
    RP2449: 5/22/2011 1:20:16 PM - System Checkpoint
    RP2450: 5/23/2011 4:43:35 PM - System Checkpoint
    RP2451: 5/24/2011 5:21:26 PM - System Checkpoint
    RP2452: 5/25/2011 6:21:23 PM - System Checkpoint
    RP2453: 5/26/2011 6:43:15 PM - System Checkpoint
    RP2454: 5/27/2011 7:43:15 PM - System Checkpoint
    RP2455: 5/28/2011 9:25:37 PM - System Checkpoint
    RP2456: 5/29/2011 9:55:25 PM - System Checkpoint
    RP2457: 5/30/2011 10:44:21 PM - System Checkpoint
    RP2458: 6/1/2011 1:13:29 AM - System Checkpoint
    RP2459: 6/2/2011 1:37:39 AM - System Checkpoint
    RP2460: 6/3/2011 10:04:58 AM - System Checkpoint
    RP2461: 6/4/2011 9:49:01 AM - Removed Adobe Reader 8.2.6
    RP2462: 6/4/2011 9:51:51 AM - Installed Adobe Reader X (10.0.1).
    RP2463: 6/5/2011 11:05:52 AM - System Checkpoint
    RP2464: 6/6/2011 11:42:03 AM - System Checkpoint
    RP2465: 6/7/2011 11:49:16 AM - System Checkpoint
    RP2466: 6/8/2011 7:12:05 PM - System Checkpoint
    RP2467: 6/9/2011 11:01:31 PM - System Checkpoint
    RP2468: 6/11/2011 7:41:07 PM - System Checkpoint
    RP2469: 6/13/2011 9:55:50 AM - System Checkpoint
    RP2470: 6/15/2011 9:49:48 AM - System Checkpoint
    RP2471: 6/16/2011 6:13:31 PM - System Checkpoint
    RP2472: 6/17/2011 6:52:32 PM - System Checkpoint
    RP2473: 6/25/2011 10:05:09 AM - System Checkpoint
    RP2474: 6/26/2011 10:55:42 AM - System Checkpoint
    RP2475: 6/27/2011 12:22:58 PM - System Checkpoint
    RP2476: 6/28/2011 12:48:04 PM - System Checkpoint
    RP2477: 6/29/2011 2:39:13 PM - System Checkpoint
    RP2478: 6/30/2011 2:40:52 PM - System Checkpoint
    RP2479: 7/1/2011 2:49:56 PM - System Checkpoint
    RP2480: 7/2/2011 3:12:21 PM - System Checkpoint
    RP2481: 7/3/2011 3:38:36 PM - System Checkpoint
    RP2482: 7/4/2011 5:16:14 PM - System Checkpoint
    RP2483: 7/5/2011 6:33:21 PM - System Checkpoint
    RP2484: 7/6/2011 8:45:10 PM - System Checkpoint
    RP2485: 7/7/2011 8:09:48 PM - Removed Ask Toolbar.
    RP2486: 7/7/2011 8:12:13 PM - Removed WeatherBug
    RP2487: 7/8/2011 8:30:28 PM - System Checkpoint
    RP2488: 7/9/2011 8:44:26 PM - System Checkpoint
    RP2489: 7/10/2011 1:24:34 PM - psc 9.01 build 105 Installation
    RP2490: 7/11/2011 2:18:34 PM - System Checkpoint
    RP2491: 7/12/2011 6:20:03 PM - System Checkpoint
    RP2492: 7/12/2011 7:02:35 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    3D Groove Playback Engine
    Acrobat.com
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.0)
    Adobe Shockwave Player 11.6
    Adobe® Photoshop® Album Starter Edition 3.0
    Alohabob PC Relocator Ultra Control
    America Online (Choose which version to remove)
    An American Tail MB
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Camera Suite 1.3
    Arthur's Reading Games
    Audacity 1.2.6
    Audit Support Center 1.0
    Banctec Service Agreement
    BankshotBilliards
    Barbie(TM) as The Princess and the Pauper Demo
    Barbie(TM) Diaries High School Mystery
    Barbie(TM) Fashion Show(TM) CD-ROM
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 6.0.1
    Bonjour
    Cache Cleaner 4.2.0
    Camera Support Core Library
    Camera Window
    Canon Camera Support Core Library
    Canon Camera Window for ZoomBrowser EX
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon Utilities PhotoStitch 3.1
    Canon Utilities ZoomBrowser EX
    Charter High Speed Internet Self-Installation Wizard
    Charter Security Suite
    Classic PhoneTools
    Compatibility Pack for the 2007 Office system
    Conexant D850 56K V.9x DFVc Modem
    Dell Driver Download Manager
    Dell Media Experience
    Dell Networking Guide
    Dell Photo AIO Printer 942
    Dell Solution Center
    Dell Support Center (Support Software)
    DellSupport
    Delta Force - Black Hawk Down
    Digital Line Detect
    Dinosaur Adventure 3-D
    Disney's Daily Blast 2.0
    Disney's Princess Fashion Boutique
    Dream House 3D
    Driver Whiz
    Dropbox
    DVDSentry
    eMusic Download Manager
    Express Burn
    Express Rip
    F-Secure PSC Prerequisites
    Get High Speed Internet!
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Help and Support Customization
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows Media Format SDK (KB910998)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    ImageMixer 3 SE Ver.4.5 Transfer Utility
    ImageMixer 3 SE Ver.4.5 Video Tools
    ImageStation Easy Upload Tools
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet
    Internet Explorer Default Page
    iTunes
    Jasc Paint Shop Photo Album
    Jasc Paint Shop Pro 8 Dell Edition
    Java 2 Runtime Environment, SE v1.4.2
    Java Auto Updater
    Java(TM) 6 Update 24
    Juniper Networks Cache Cleaner 6.0.0
    Learn2 Player (Uninstall Only)
    Let's Ride 3 Day Eventing - Championship Season
    Lets Ride Corral Club
    Malwarebytes' Anti-Malware version 1.51.0.1200
    Managed DirectX (0900)
    McAfee Shredder
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Halo Trial
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Small Business Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MixPad Audio Mixer
    MobileMe Control Panel
    Modem Helper
    Morpheus Toolbar
    Move Media Player
    MovieEdit Task
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 Parser and SDK
    Music Editor Free
    Music Transfer Utility Ver.1.5
    Musicmatch® Jukebox
    Nancy Drew: Danger by Design
    Nancy Drew: Danger on Deception Island
    Nancy Drew: Ghost Dogs of Moon Lake
    Nancy Drew: Last Train to Blue Moon Canyon
    Nancy Drew: Legend of the Crystal Skull
    Nancy Drew: Message in a Haunted Mansion
    Nancy Drew: Ransom of the Seven Ships
    Nancy Drew: Secret of Shadow Ranch
    Nancy Drew: Secret of the Old Clock
    Nancy Drew: Secret of the Scarlet Hand
    Nancy Drew: Secrets Can Kill
    Nancy Drew: Shadow at the Water's Edge
    Nancy Drew: Stay Tuned For Danger
    Nancy Drew: The Creature of Kapu Cave
    Nancy Drew: The Curse of Blackmoor Manor
    Nancy Drew: The Final Scene
    Nancy Drew: The Haunted Carousel
    Nancy Drew: The Haunting of Castle Malloy
    Nancy Drew: The Phantom of Venice
    Nancy Drew: Trail of the Twister
    Nancy Drew: Treasure in the Royal Tower
    Nancy Drew: Warnings at Waverly Academy
    NCH Toolbox
    NetWaiting
    PhotoStitch
    PowerDVD
    Quicken 2004
    Quicken Legal Business Pro 2004
    QuickTime
    RAW Image Task 1.1
    RealArcade
    RealPlayer
    Rex!
    Riding Star
    RollerCoaster Tycoon 2 Triple Thrill Pack
    Safari
    SeaWorld Adventure Park Tycoon
    Secunia PSI (2.0.0.3003)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Sesame Street Elmo's Art Workshop
    Sonic DLA
    Sonic RecordNow!
    Sonic Update Manager
    Spirit (remove only)
    Spyware Doctor with AntiVirus 8.0
    Strawberry Shortcake - Amazing Cookie Party
    Switch Sound File Converter
    swMSM
    Tarzan Activity Center
    Terayon DOCSIS Modem
    The Land Before Time Kindergarten Adventure
    The White Wolf of Icicle Creek
    Unity Web Player
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player
    WavePad Sound Editor
    WeatherBug Browser Bar - powered by MyWebSearch
    WebFldrs XP
    WildTangent Web Driver
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    You Can Fly! with Tinker Bell
    Zoo Tycoon 2 - African Adventure
    Zoo Tycoon: Complete Collection
    .
    ==== Event Viewer Messages From Past Week ========
    .
    7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/5/2011 8:09:39 AM, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    7/5/2011 4:59:36 PM, error: Service Control Manager [7000] - The mrtRate service failed to start due to the following error: The system cannot find the file specified.
    7/12/2011 6:01:37 PM, error: Print [6161] - The document Microsoft Word - resumedonna.doc owned by Bryan failed to print on printer Dell Photo AIO Printer 942. Data type: LEMF. Size of the spool file in bytes: 1387886. Number of bytes printed: 1387886. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\OFFICE. Win32 error code returned by the print processor: 535 (0x217).
    7/11/2011 8:06:41 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000CF1F9DDAD has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
    7/11/2011 12:13:54 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
    7/10/2011 3:02:28 PM, error: F-Secure Gatekeeper [1] -
    .
    ==== End Of File ===========================
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    What problems are you having? Subject should reflect problem and description of problem should be in the first post.
     
  3. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Have a red shield with white x in taskbar

    Also, history for Internet Explorer does not display pages visited and wireless network has disappeared.
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    So this is the description? IF you want help, you will need to give me something to work with.
    =====================================
    You are using 3 antivirus programs:
    AV: Spyware Doctor with AntiVirus *Enabled/Updated
    AV: Charter Security Suite 9.01 *Enabled/Update
    McAfee Security
    The first is in the PC Tools and the second is provided by your ISP. Please decide]which you want to keep and remove the others. Although you are using the McAfee Site Advosor, processes are loading for the antivirus program also. Multiple antivirus program make the system more vulnerable, not less.
    ==========================================
    Please run the following:

    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents
      in your next reply.
    ===============================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ==================================
    Please post the logs in your next reply.
     
  5. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    I thought I was asking for help by posting?

    My McAfee subscription ended so I downloaded the Charter Security Suite to use. I was trying to delete McAfee when the red shield popped up. Spyware Dr was supposed to have been deleted previously. I will delete 2 and then follow your instructions. I am trying to give the information needed but I am a little perplexed. I have use of my computer but there are little things that keep occuring. I have had major viruses before but have always been able to remove them with Malaware. Stay tuned for logs later.
     
  6. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Here are logs

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\bryan\my documents\my music\itunes\itunes music\compilations\breakthrough\12 breakin' at the cracks.m4a
    c:\nancy drew\secret of shadow ranch\hdvideo\gho_salooncracker.bik
    c:\program files\jasc software inc\paint shop photo album\frames\black crackle.pspframe
    c:\program files\jasc software inc\paint shop pro 8\picture frames\black crackle.pspframe
    c:\program files\musicmatch\musicmatch jukebox\crypt.dll
    c:\program files\musicmatch\musicmatch update\mmjb\crypt.dll
    c:\program files\nancy drew\legend of the crystal skull\video\gre_doorcrackanim.bik
    c:\program files\nancy drew\legend of the crystal skull\video\gre_doorcrackanim_last.bik
    c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle01_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle02_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle03_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle04_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle05_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\electriccrackle06_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_01_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_02_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_03_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_04_sfx.his
    c:\program files\nancy drew\shadow at the water's edge\sound\wood_crack_05_sfx.his
    c:\program files\nancy drew\the haunting of castle malloy\sound\electricity_crackle_buzz.his
    c:\program files\nancy drew\the phantom of venice\sound\firecracker_poppoof01.his
    c:\program files\nancy drew\the phantom of venice\sound\firecracker_poppoof02.his
    c:\program files\nancy drew\the phantom of venice\sound\firecracker_poppoof03.his
    c:\program files\nancy drew\the white wolf of icicle creek\sound\crackle.his
    c:\program files\nancy drew\the white wolf of icicle creek\sound\firecrackle_fireplace.his
    c:\program files\nancy drew\the white wolf of icicle creek\sound\icecrack.his
    c:\program files\nancy drew\trail of the twister\sound\fire_crackle01_sfx.his
    scanner sequence 3.ZZ.11.PRNAWD
    ----- EOF -----

    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Documents and Settings\Bryan\Desktop\klitekpp210e.exe probably a variant of Win32/TrojanDownloader.VB.IRCSLWN trojan
    C:\Documents and Settings\Bryan\Local Settings\Temp\jar_cache2885571977258918420.tmp a variant of OSX/Exploit.Smid.D trojan
    C:\Documents and Settings\Bryan\Local Settings\Temp\147A6811\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
    C:\Program Files\MorpheusBar\bar\2.bin\M0PLUGIN.DLL Win32/Toolbar.Morpheus application
    C:\Program Files\MorpheusBar\bar\2.bin\M0POPSWT.DLL Win32/Toolbar.Morpheus application
    C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL Win32/Toolbar.Morpheus application
    C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL Win32/Toolbar.Morpheus application
    C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
    C:\Program Files\Yontoo Layers\YontooIEClient.dll Win32/Adware.Yontoo.A application
    Operating memory Win32/Adware.Yontoo.A application
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    To remove McAfee: McAfee Removal

    To uninstall Spyware Doctor w/AV
    Follow these steps:
    • Right click on the Spyware Doctor icon in the Notification Area> Select Shitdown.
    • Click on Start> Programs> PC Tools Security> Choose Uninstall Spyware Doctor with AntiVirus
    • Restart the computer (if prompted)
    • Right click on Start> Explore> My Computer> Double click on Local Drive (C)> Programs> Navigate to the PC Tools Security and do a right click> Delete.
    Reboot the computer.
     
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    To remove Eset entries:

    1. Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll 
      C:\Documents and Settings\Bryan\Desktop\klitekpp210e.exe 
      C:\Documents and Settings\Bryan\Local Settings\Temp\147A6811\_Setupx.dll 
      C:\Program Files\MorpheusBar\bar\2.bin\M0PLUGIN.DLL 
      C:\Program Files\MorpheusBar\bar\2.bin\M0POPSWT.DLL 
      C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL
      C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL
      C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL
      C:\Program Files\Yontoo Layers\YontooIEClient.dll 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    -----------------------------
    2. To clear the Java Plug-in cache:

    • [1]. Click Start > Control Panel.
      [2]. Double-click the Java icon in the control panel. [​IMG] The Java Control Panel appears.
      [​IMG]
      [3].Click Settings under Temporary Internet Files.The Temporary Files Settings dialog box appears.
      [​IMG]
      [4] Click Delete Files.The Delete Temporary Files dialog box appears.
      [​IMG]
      [5]. Click OK on Delete Temporary Files window.
      Note: This deletes all the Downloaded Applications and Applets from the cache.
      [6]. Click Apply> OK on Temporary Files Settings window.
    Images courtesy java.com
    ===========================================
    Udate Java: Java Updates Uninstall any earlier versions (Java 2 Runtime Environment, SE v1.4.2, Java(TM) 6 Update 24) in Add/Remove Programs as they are vulnerabilities for the system.
    Note: Uncheck 'Install Yahoo Toolbar' on the download screen before you do the update.
    =========================================
    See next reply for Combofix instructions..
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    When you have finished with the instructions in my previous reply, please go on to this:

    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
     
  10. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Attached are the logs

    OTM log:
    All processes killed
    ========== FILES ==========
    DllUnregisterServer procedure not found in C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
    C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll moved successfully.
    C:\Documents and Settings\Bryan\Desktop\klitekpp210e.exe moved successfully.
    DllUnregisterServer procedure not found in C:\Documents and Settings\Bryan\Local Settings\Temp\147A6811\_Setupx.dll
    C:\Documents and Settings\Bryan\Local Settings\Temp\147A6811\_Setupx.dll moved successfully.
    C:\Program Files\MorpheusBar\bar\2.bin\M0PLUGIN.DLL moved successfully.
    C:\Program Files\MorpheusBar\bar\2.bin\M0POPSWT.DLL moved successfully.
    C:\Program Files\MorpheusBar\bar\2.bin\MORPHBAR.DLL moved successfully.
    C:\Program Files\MorpheusBar\SrchAstt\2.bin\MBSRCAS.DLL moved successfully.
    C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL moved successfully.
    C:\Program Files\Yontoo Layers\YontooIEClient.dll moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Abby
    ->Temp folder emptied: 93715505 bytes
    ->Temporary Internet Files folder emptied: 158186925 bytes
    ->Java cache emptied: 1003712 bytes
    ->Flash cache emptied: 55547 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 41 bytes

    User: All Users

    User: Bryan
    ->Temp folder emptied: 831393166 bytes
    ->Temporary Internet Files folder emptied: 162738732 bytes
    ->Java cache emptied: 12792599 bytes
    ->FireFox cache emptied: 4556178 bytes
    ->Apple Safari cache emptied: 1282048 bytes
    ->Flash cache emptied: 107002 bytes

    User: Bryan Banks

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32768 bytes
    ->Flash cache emptied: 56507 bytes

    User: Donna
    ->Temp folder emptied: 418577 bytes
    ->Temporary Internet Files folder emptied: 2292332 bytes
    ->Flash cache emptied: 300 bytes

    User: Kaylie
    ->Temp folder emptied: 13707224 bytes
    ->Temporary Internet Files folder emptied: 9876591 bytes
    ->Flash cache emptied: 42158 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 11683158 bytes
    ->Flash cache emptied: 8047 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 58826603 bytes
    ->Flash cache emptied: 2971 bytes

    User: Owner

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 39097 bytes
    %systemroot%\System32 .tmp files removed: 2929417 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 300382398 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94789536 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
    RecycleBin emptied: 168635988 bytes

    Total Files Cleaned = 1,840.00 mb


    OTM by OldTimer - Version 3.1.18.0 log created on 07152011_204925

    Files moved on Reboot...
    File C:\Documents and Settings\Bryan\Local Settings\Temp\Temporary Internet Files\Content.IE5\YCKNMW9E\7cC000000012!%5e%7c100016215!%5e%7c401010175!%5e%7cV174!%5e%7cA863!%5e%7c365!%5e%7cEGUNICA07PP!%5e%7chtml!%5e%7cBKLT365!%5e%7c0+++++++++++++++++++++!%5e%7cA863!%5e%7c06%2f30%2f2005 not found!

    Registry entries deleted on Reboot...

    ComboFix log:
    ComboFix 11-07-15.03 - Bryan 07/15/2011 22:36:00.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.480 [GMT -5:00]
    Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
    AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\Abby\WINDOWS
    c:\documents and settings\All Users\Application Data\Tarma Installer
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
    c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
    c:\documents and settings\Bryan\WINDOWS
    c:\documents and settings\Kaylie\WINDOWS
    c:\program files\Shared
    c:\program files\Shared\shared.sig
    c:\temp\fse
    K:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_WinDriver
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-16 to 2011-07-16 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-16 03:18 . 2011-07-16 03:18 -------- d-----w- c:\program files\Common Files\Java
    2011-07-16 03:18 . 2011-07-16 03:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-16 00:15 . 2011-07-16 00:15 -------- d-----w- C:\_OTM
    2011-07-14 23:42 . 2011-07-14 23:42 -------- d-----w- c:\program files\ESET
    2011-07-13 00:48 . 2011-07-13 00:50 -------- d-----w- C:\savw_97_sa
    2011-07-10 18:42 . 2011-07-10 18:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
    2011-07-10 18:42 . 2011-07-10 20:03 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-07-10 18:38 . 2011-07-10 20:32 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-07-10 18:24 . 2011-07-13 00:00 -------- d-----w- c:\program files\Charter Security Suite
    2011-07-10 18:18 . 2011-07-10 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
    2011-07-10 18:16 . 2011-07-12 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-16 03:18 . 2010-05-25 03:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-18 14:35 . 2011-05-23 23:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-05-29 14:11 . 2009-01-12 02:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 14:11 . 2009-01-12 02:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2005-10-02 12:26 . 2005-10-02 12:26 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "ZingSpooler"="c:\program files\Easy Upload Tools\Drivers\Spooler\ZingSpooler.exe" [2002-08-02 200704]
    "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-11-07 8192]
    "WildTangent CDA"="c:\program files\WildTangent\Apps\CDA\GameDrvr.exe" [2005-03-29 28616]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-12 185896]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
    "DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 69632]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-06 421160]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Bryan\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Bryan\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    PowerReg Scheduler.exe [2006-5-26 256000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-3 36953]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-3 24576]
    ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2011-1-23 406896]
    PowerReg Scheduler.exe [2005-3-5 251392]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Taskman"=""
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
    "c:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
    "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
    "c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dlbucoms.exe"=
    "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\DLBUPSWX.EXE"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Documents and Settings\\Bryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020
    .
    R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [7/10/2011 1:42 PM 42664]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [7/10/2011 1:38 PM 82120]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [7/10/2011 1:31 PM 68064]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/26/2008 3:35 PM 88176]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/1/2007 8:21 PM 24652]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [7/10/2011 1:25 PM 148648]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [7/10/2011 1:31 PM 61088]
    R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
    S0 fnyozi;fnyozi;c:\windows\system32\drivers\qpedfh.sys --> c:\windows\system32\drivers\qpedfh.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
    S2 mrtRate;mrtRate; [x]
    S3 ba304;ba304;\??\c:\docume~1\Bryan\LOCALS~1\Temp\ba304.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\ba304.sys [?]
    S3 CVDMINDV;CVDMINDV;\??\c:\docume~1\Bryan\LOCALS~1\Temp\CVDMINDV.SYS --> c:\docume~1\Bryan\LOCALS~1\Temp\CVDMINDV.SYS [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
    S3 imsfs;imsfs;\??\c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys --> c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys [?]
    S3 iserial;iserial;\??\c:\docume~1\Bryan\LOCALS~1\Temp\iserial.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\iserial.sys [?]
    S3 lpsched;lpsched;\??\c:\docume~1\Bryan\LOCALS~1\Temp\lpsched.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\lpsched.sys [?]
    S3 omouhid;omouhid;\??\c:\docume~1\Bryan\LOCALS~1\Temp\omouhid.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\omouhid.sys [?]
    S3 qtape;qtape;\??\c:\docume~1\Bryan\LOCALS~1\Temp\qtape.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\qtape.sys [?]
    S3 rati1tux;rati1tux;\??\c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys --> c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys [?]
    S3 ssmbali;ssmbali;\??\c:\docume~1\Bryan\LOCALS~1\Temp\ssmbali.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\ssmbali.sys [?]
    S3 ta311;ta311;\??\c:\docume~1\Bryan\LOCALS~1\Temp\ta311.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\ta311.sys [?]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [1/8/2001 8:53 AM 15576]
    S3 xusbuhci;xusbuhci;\??\c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys [?]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [7/10/2011 1:25 PM 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [7/10/2011 1:25 PM 25184]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WUAUSERV
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    2011-07-10 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]
    .
    2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
    .
    2011-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
    .
    2004-07-10 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.charter.net/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
    Trusted Zone: musicmatch.com\online
    TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-{D73F49B6-B51B-4d32-A3B7-BD04B8342F53} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKCU-Run-Sonic RecordNow! - (no file)
    HKCU-Run-Weather - c:\program files\AWS\WeatherBug\Weather.exe
    HKLM-Run-DellMCM - (no file)
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-15 23:14
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    .
    c:\documents and settings\Bryan\Application Data\Microsoft Games\Zoo Tycoon 2\Default Profile\Saved\ALPiNE MOUTAiN ZOO LARGE :eek:.z2s 566430 bytes hidden from API
    .
    scan completed successfully
    hidden files: 1
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,d3,e4,fe,3a,2c,29,4e,9a,d6,64,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,d3,e4,fe,3a,2c,29,4e,9a,d6,64,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3020)
    c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\OneX.DLL
    c:\windows\system32\eappprxy.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
    c:\program files\Charter Security Suite\Common\FSMA32.EXE
    c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
    c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\wanmpsvc.exe
    c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
    c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
    c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
    c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
    c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-15 23:31:21 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-16 04:31
    .
    Pre-Run: 87,109,189,632 bytes free
    Post-Run: 86,896,291,840 bytes free
    .
    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
    .
    - - End Of File - - A5B7DCC5F0643CB7587087E16BE70700
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Oh my gosh! OTM> Total Files Cleaned = 1,840.00 mb. You have won the prize for the most files I've seen cleaned! But this is not a prize to be desired> it shows that the accounts are doing maintenance on the system. Simple things like deleting temporary internet files:
    The Winner or Loser- depending on how you look at it:
    User: Bryan. BTW, there is another account with no entries set up as "User: Bryan Banks". You might want to delete that one.
    User: Abby is close second, followed by Kaylie then Donna! You all need to keep your account tidy. Set up regular maintenance to do: Delete temporary internet file and Cookies, do a Disc Cleanup, then Error Check and last a Defrag. The entire system will sigh and say 'Thank you!.'
    =========================================
    About this:
    You are. But telling us what the problem is is important. Depending on your description, we may be looking for specific entries in the logs. We may also ask you to run a specific program based on the description. And we will also ask if a specific problem has been resolved.

    Bottom line? What you tell us helps us help you.
    ==========================================
    Also, BTW< you can use the Quick Reply posting. You don't need to put in a new subject for each post.
    =========================================
    The presence of this deletion, K:\Autorun.inf indicates and infected flash drive may have been used. IF do, it need to be disinfected:
    You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.

    Please disinfect all movable drives
    1. Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
    2. Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
      Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
    3. The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
    4. Wait until it has finished scanning and then exit the program.
    5. Reboot your computer when done.

    Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
    =================
    Please do that while I finish the script for Combofix.
     
  12. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Can you tell me please if you have used the MSDTC to globally open TCP Port 135 and TCP Ports 5000-5020. If you don't know what I'm referring to, then I will know what to do.
     
  13. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    "Can you tell me please if you have used the MSDTC to globally open TCP Port 135 and TCP Ports 5000-5020. If you don't know what I'm referring to, then I will know what to do."

    No idea what that is.....

    I thought I had maintenance scheduled but with all of the issues I've had lately, it may have gotten deleted and I'll need to set it back up. The system seems to be running better but the history still does not list pages visited. Not sure if that matters or not. The k: drive is an external hard drive that I added to save videos/pics of our kids in each of their respective ports. I will run the flash disinfector to clean that and other flash drives.

    Thanks for your help!
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    A Note: As long as you're using Kazaa you are going to get malware:
    Please read the information on P2P Warning to help you better understand these dangers.
    =====================================
    Please do the following:
    Click on Start> Run> type cmd> enter> at the blinking C Prompt, type the following

    netstat -a-n-b
    (note space before -a)
    When it finishes, do a right click on the page> Copy> Paste the result here.
    =============================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\program files\viewpoint\common\ViewpointService.exe 
    c:\windows\system32\ConduitEngine.tmp
    c:\docume~1\bryan\locals~1\temp\iserial.sys
    c:\docume~1\bryan\locals~1\temp\lpsched.sys
    c:\docume~1\bryan\locals~1\temp\omouhid.sys
    c:\docume~1\bryan\locals~1\temp\qtape.sys
    c:\docume~1\bryan\locals~1\temp\ssmbali.sys
    c:\docume~1\bryan\locals~1\temp\ta311.sys
    c:\docume~1\bryan\locals~1\temp\ba304.sys
    c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys
    c:\docume~1\bryan\locals~1\temp\cvdmindv.sys
    DirLook::
    C:\savw_97_sa
    Folder::
    DDS::
    BHO: My Web Search Bar BHO: {8eab99c1-f9ec-4b64-a4ba-d9bcae8779c2} - c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
    BHO: {D73F49B1-B51B-4d32-A3B7-BD04B8342F53} - No File
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers\YontooIEClient.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: Morpheus Toolbar: {3f3714a9-89a4-46be-8af3-d0c9d1fb03f9} - c:\program files\morpheusbar\bar\2.bin\MORPHBAR.DLL
    mRun: [ZingSpooler] c:\program files\easy upload tools\drivers\spooler\ZingSpooler.exe
    mRun: [MimBoot] c:\progra~1\musicm~1\musicm~2\mimboot.exe>> Muiv mqtch
    mRun: [WildTangent CDA] "c:\program files\wildtangent\apps\cda\gamedrvr.exe" /startup "c:\program files\wildtangent\apps\cda\cdaEngine0500.dll"
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZingSpooler"=-
    "WildTangent CDA"=-
    RegLock::
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,d3,e4,fe,3a,2c,29,4e,9a,d6,64, \
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,28,d3,e4,fe,3a,2c,29,4e,9a,d6,64, \
    Driver::
    Viewpoint Manager Service
    iserial
    lpsched
    omouhid  
    qtape 
    ssmbali
    ta311
    ba304
    cpuz132
    CVDMINDV
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Unintstall the following:
    Viewpoint:
    Yontoo:Yontoo Layers or Drop Down Deals browser add-on - creates virtual layers that can be edited to create the appearance of having made changes to the underlying website. Has ads in the layers with no obvious warning on install
    Morpheus Toolbar: Morpheus was a file sharing and searching peer-to-peer client > As of October 29, 2008 the official Morpheus website is offline, including all other websites owned by StreamCast Networks including Morpheus.com, MusicCity.com, Streamcastnetworks.com and NeoNetwork.com. During installation, an optional peer-to-peer Morpheus Toolbar is offered. Both the Morpheus application and the Morpheus Toolbar are easily uninstalled with Windows Add/Remove Programs commands, however this is not the case with previous versions.
    Zing: Zing: Was used for a drag and drop program to upload pictures to www.zing.com but Zing has gone out of business. Now used for Sony ImageStation's upload photos to online albums.
    DSentry: DSentry: Anti-spyware from Dell. Seems that after Dell found out certain applications being installed from DVD's would report back information about what customers were watching, they decided to implement an anti-spyware service. Run manually before installation starts
    =======================
    Remove the following from the Trusted Zone: Nothing needs to be in that zone, where the security is lower.
    Trusted Zone: musicmatch.com\online
     
  15. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    results from netstat:
    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\Bryan>netstat -a-n-b

    Displays protocol statistics and current TCP/IP network connections.

    NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-v] [interval]

    -a Displays all connections and listening ports.
    -b Displays the executable involved in creating each connection or
    listening port. In some cases well-known executables host
    multiple independent components, and in these cases the
    sequence of components involved in creating the connection
    or listening port is displayed. In this case the executable
    name is in [] at the bottom, on top is the component it called,
    and so forth until TCP/IP was reached. Note that this option
    can be time-consuming and will fail unless you have sufficient
    permissions.
    -e Displays Ethernet statistics. This may be combined with the -s
    option.
    -n Displays addresses and port numbers in numerical form.
    -o Displays the owning process ID associated with each connection.
    -p proto Shows connections for the protocol specified by proto; proto
    may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
    option to display per-protocol statistics, proto may be any of:
    IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
    -r Displays the routing table.
    -s Displays per-protocol statistics. By default, statistics are
    shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
    the -p option may be used to specify a subset of the default.
    -v When used in conjunction with -b, will display sequence of
    components involved in creating the connection or listening
    port for all executables.
    interval Redisplays selected statistics, pausing interval seconds
    between each display. Press CTRL+C to stop redisplaying
    statistics. If omitted, netstat will print the current
    configuration information once.

    C:\Documents and Settings\Bryan>

    Also, several other questions:
    -Can't find user Bryan Banks in User Accounts to be able to delete
    -Can't find the items at the end of your reply to delete. I will need help getting them deleted.
    -How do I remove item from Trusted Zone
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    The copy of netstat is only the directions- not the result. I'm going to close the ports.

    Did you run the script in Combofix? Where is the new log?

    Regarding the Bryan Banks account:
    Click on the Control Panel> User Accounts> Scroll to the lower part of the screen to pick an account to change> If you see the account there click on it and follow the prompt to remove.
    If you don't see it there, since it doesn't show any contents in OTM, just close.

    Uninstalling entries:
    Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
    ------------------------
    How to Remove Viewpoint Media Player, Toolbar, or Manager
    1. Click on Start> Control Panel> Add/Remove Programs
    2. Uninstall any of the following programs associated with Viewpoint
      [o] Viewpoint Manager
      [o] Viewpoint Media Player
      [o] Viewpoint Toolbar
    3. Close the Add/Remove Programs and Control Panel
    ----------------------------------------------
    Uninstall Morpheus Toolbar:
    1. Right click on Start> Explore> Double click on Local Drive> Programs
    2. click to open the Morpheus Toolbar
    3. Double click on toolbaruninstaller.exe.
    4. Follow the prompts for the uninstall
    5. Exit Widows Explorer when through
    6. Check the Control Panel> Add/Remove Programs> if any Morpheus entries> Uninstall
    --------------------------------------------
    Uninstall Zing Photo Uploader
    1. Click on Start> Control Panel> Add/Remove Programs
    2. Click on Zing Photo Uploader> Uninstall
    3. Right click on Start> Explore> Double click on Local Drive
    4. Click on Docs & Settings for yourself
    5. Click on Downloads> right click> Delete any of the following if present.
      [o] Zing TreeView ActiveX
      [o]Zing UploadController ActiveX
      [o]ZingDropFiles Class
    6. Exit and close Windows Explorer when through
    ---------------------------------------------
    Uninstall Yontoo
    Use the same direction for Add/Remove Programs
    Uninstall Yontoo Layers Client and Drop Down Deals
    Close and exit when done.
    ---------------------------------------------
    Uninstall Dell DSentry
    Use Add/Remove directions to uninstall Dell DVD Sentry
    --------------------------------------------
    When all of the uninstallations have been completed:
    Right click on start> Explore> My Computer> Double click on Local Drive(C)> Programs> Find each of the following program folders and do a right click> Delete on each.
    =============================================
    When finished all uninstall and folder deletions, reboot back into Normal Mode
    Be sure you have run the script in Combofix first.
    Then rescan with Combofix and give me the new logs. I will remove any 'left over' entries.
     
  17. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Part 1 of 2

    ComboFix 11-07-15.03 - Bryan 07/17/2011 0:35.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.431 [GMT -5:00]
    Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
    AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .
    FILE ::
    "c:\docume~1\bryan\locals~1\temp\ba304.sys"
    "c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys"
    "c:\docume~1\bryan\locals~1\temp\cvdmindv.sys"
    "c:\docume~1\bryan\locals~1\temp\iserial.sys"
    "c:\docume~1\bryan\locals~1\temp\lpsched.sys"
    "c:\docume~1\bryan\locals~1\temp\omouhid.sys"
    "c:\docume~1\bryan\locals~1\temp\qtape.sys"
    "c:\docume~1\bryan\locals~1\temp\ssmbali.sys"
    "c:\docume~1\bryan\locals~1\temp\ta311.sys"
    "c:\program files\viewpoint\common\ViewpointService.exe"
    "c:\windows\system32\ConduitEngine.tmp"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\easy upload tools\drivers\spooler\ZingSpooler.exe
    c:\program files\mywebsearchwb\bar\1.bin\W6BAR.DLL
    c:\program files\viewpoint\common\ViewpointService.exe
    c:\program files\wildtangent\apps\cda\gamedrvr.exe
    .
    Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
    Restored copy from - c:\windows\ERDNT\cache\ntfs.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_BA304
    -------\Legacy_CPUZ132
    -------\Legacy_CVDMINDV
    -------\Legacy_ISERIAL
    -------\Legacy_LPSCHED
    -------\Legacy_OMOUHID
    -------\Legacy_QTAPE
    -------\Legacy_SSMBALI
    -------\Legacy_TA311
    -------\Legacy_VIEWPOINT_MANAGER_SERVICE
    -------\Service_ba304
    -------\Service_cpuz132
    -------\Service_CVDMINDV
    -------\Service_iserial
    -------\Service_lpsched
    -------\Service_omouhid
    -------\Service_qtape
    -------\Service_ssmbali
    -------\Service_ta311
    -------\Service_Viewpoint Manager Service
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-17 to 2011-07-17 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-16 20:18 . 2011-07-16 20:18 53248 ----a-r- c:\documents and settings\Bryan\Application Data\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
    2011-07-16 20:17 . 2011-07-16 20:17 -------- d-sh--w- c:\documents and settings\Bryan\UserData
    2011-07-16 20:06 . 2011-07-16 20:06 -------- d-----w- C:\Pictures
    2011-07-16 08:07 . 2011-07-16 08:51 -------- d-----w- c:\windows\ie8updates
    2011-07-16 05:07 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2011-07-16 05:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2011-07-16 05:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2011-07-16 05:06 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2011-07-16 05:06 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2011-07-16 05:06 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2011-07-16 05:04 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2011-07-16 05:04 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2011-07-16 05:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2011-07-16 05:03 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-07-16 05:03 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-07-16 05:03 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-07-16 05:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2011-07-16 05:01 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2011-07-16 05:01 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
    2011-07-16 05:01 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
    2011-07-16 05:01 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
    2011-07-16 05:01 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
    2011-07-16 05:00 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
    2011-07-16 05:00 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-07-16 05:00 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-07-16 05:00 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
    2011-07-16 04:54 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
    2011-07-16 04:54 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
    2011-07-16 04:43 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2011-07-16 04:42 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-07-16 04:42 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-07-16 03:18 . 2011-07-16 03:18 -------- d-----w- c:\program files\Common Files\Java
    2011-07-16 03:18 . 2011-07-16 03:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-16 00:15 . 2011-07-16 00:15 -------- d-----w- C:\_OTM
    2011-07-14 23:42 . 2011-07-14 23:42 -------- d-----w- c:\program files\ESET
    2011-07-13 00:48 . 2011-07-13 00:50 -------- d-----w- C:\savw_97_sa
    2011-07-10 18:42 . 2011-07-10 18:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
    2011-07-10 18:42 . 2011-07-10 20:03 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-07-10 18:38 . 2011-07-10 20:32 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-07-10 18:24 . 2011-07-13 00:00 -------- d-----w- c:\program files\Charter Security Suite
    2011-07-10 18:18 . 2011-07-10 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
    2011-07-10 18:16 . 2011-07-12 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-16 03:18 . 2010-05-25 03:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-18 14:35 . 2011-05-23 23:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02 . 2002-08-29 10:00 1858944 ------w- c:\windows\system32\win32k.sys
    2011-05-29 14:11 . 2009-01-12 02:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 14:11 . 2009-01-12 02:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-02 15:31 . 2004-06-07 18:19 692736 ------w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2004-03-30 01:48 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2002-08-29 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-26 11:07 . 2002-08-29 10:00 33280 ------w- c:\windows\system32\csrsrv.dll
    2011-04-26 11:07 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-04-25 16:11 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2002-08-29 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2002-08-29 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2005-10-02 12:26 . 2005-10-02 12:26 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    ---- Directory of C:\savw_97_sa ----
    Edit: Contents are all for the Sophos program dated 2011-07-13 00:54 . Unneeded entries deleted by Bobbye
     
  18. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Edit: DirLook shows contents of Sophos AV. Contents deleted by BobbyePart 2 of 2

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"="c:\windows\System32\DSentry.exe" [2003-08-13 28672]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-12 185896]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
    "DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 69632]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-06 421160]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Bryan\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Bryan\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    PowerReg Scheduler.exe [2006-5-26 256000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-3 36953]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-3 24576]
    ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2011-1-23 406896]
    PowerReg Scheduler.exe [2005-3-5 251392]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Taskman"=""
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
    "c:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
    "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
    "c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dlbucoms.exe"=
    "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\DLBUPSWX.EXE"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Documents and Settings\\Bryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020
    .
    R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [7/10/2011 1:42 PM 42664]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [7/10/2011 1:38 PM 82120]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [7/10/2011 1:31 PM 68064]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/26/2008 3:35 PM 88176]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [7/10/2011 1:25 PM 148648]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [7/10/2011 1:31 PM 61088]
    R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
    S0 fnyozi;fnyozi;c:\windows\system32\drivers\qpedfh.sys --> c:\windows\system32\drivers\qpedfh.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
    S2 mrtRate;mrtRate; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
    S3 imsfs;imsfs;\??\c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys --> c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys [?]
    S3 rati1tux;rati1tux;\??\c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys --> c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys [?]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [1/8/2001 8:53 AM 15576]
    S3 xusbuhci;xusbuhci;\??\c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys --> c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys [?]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [7/10/2011 1:25 PM 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [7/10/2011 1:25 PM 25184]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    2011-07-17 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]
    .
    2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
    .
    2011-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
    .
    2011-07-17 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2011-07-10 15:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.charter.net/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
    Trusted Zone: musicmatch.com\online
    TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-17 00:56
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3108)
    c:\windows\system32\WININET.dll
    c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\dfshim.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
    c:\program files\Charter Security Suite\Common\FSMA32.EXE
    c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
    c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\wanmpsvc.exe
    c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
    c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
    c:\windows\system32\rundll32.exe
    c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\iPod\bin\iPodService.exe
    c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-17 01:07:45 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-17 06:07
    ComboFix2.txt 2011-07-16 04:31
    .
    Pre-Run: 84,626,964,480 bytes free
    Post-Run: 84,748,935,168 bytes free
    .
    - - End Of File - - 6627C1187489A21C07356FF1237CDCF8
     
  19. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Did I tell you how to move MusicMatch out of Trusted Zone? If not, here it is:

    Access Internet Options either through IE> Tools or Control Panel> Internet Options: Choose the Security tab> Click on Trusted Sites> Sites> Highlight musicmatch.com[/b[ in the Web Sites> Press the Remove button> OK> Apply> OK
    ========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.
    Code:
    File::
    c:\windows\system32\drivers\qpedfh.sys
    c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys
    c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys
    c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys 
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DVDSentry"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Kazaa Lite K++\\Kazaa.kpp"=-
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
    "135:TCP"=-
    "5000:TCP"=-
    "5001:TCP"=-
    "5002:TCP"=-
    "5003:TCP"=-
    "5004:TCP"=-
    "5005:TCP"=-
    "5006:TCP"=-
    "5007:TCP"=-
    "5008:TCP"=-
    "5009:TCP"=-
    "5010:TCP"=-
    "5011:TCP"=-
    "5012:TCP"=-
    "5013:TCP"=-
    "5014:TCP"=-
    "5015:TCP"=-
    "5016:TCP"=-
    "5017:TCP"=-
    "5018:TCP"=-
    "5019:TCP"=-
    "5020:TCP"=-
    Driver::
    fnyozi
    imsfs
    rati1tux
    xusbuhci
    FCopy::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
    ====================
    Have any of your 'little problems' been resolved?

    I'm going to delet the Sophos entries from the FileLook I did in Combofix. Like a laywer, I should ask question unless I know the answer- but I could not ID that process!
     
  20. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Not sure what happened but I don't see my post from last night. I am posting what I think is the log. If it's not right, I can rerun again and repost.
    Computer seems to be running fine. I still don't see any sites on the Internet Explorer history and I still get the red shield with white X when I turn off anti-virus. There is also a Windows Security icon in the Control Panel that makes me nervous because I know that is what started my virus issues several months ago.

    Part 1 of 2

    ComboFix 11-07-18.05 - Bryan 07/18/2011 21:13:04.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.501 [GMT -5:00]
    Running from: c:\documents and settings\Bryan\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Bryan\Desktop\CFScript.txt
    AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Charter Security Suite 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
    .
    FILE ::
    "c:\docume~1\Bryan\LOCALS~1\Temp\xusbuhci.sys"
    "c:\docume~1\Kaylie\LOCALS~1\Temp\imsfs.sys"
    "c:\docume~1\Kaylie\LOCALS~1\Temp\rati1tux.sys"
    "c:\windows\system32\drivers\qpedfh.sys"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_IMSFS
    -------\Legacy_RATI1TUX
    -------\Legacy_XUSBUHCI
    -------\Service_fnyozi
    -------\Service_imsfs
    -------\Service_rati1tux
    -------\Service_xusbuhci
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-06-19 to 2011-07-19 )))))))))))))))))))))))))))))))
    .
    .
    2011-07-18 12:42 . 2011-07-18 12:42 -------- d-----w- c:\documents and settings\Bryan\Application Data\F-Secure
    2011-07-17 06:07 . 2011-07-17 06:07 -------- dc----w- c:\documents and settings\Donna
    2011-07-16 20:18 . 2011-07-16 20:18 53248 ----a-r- c:\documents and settings\Bryan\Application Data\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
    2011-07-16 20:17 . 2011-07-16 20:17 -------- d-sh--w- c:\documents and settings\Bryan\UserData
    2011-07-16 20:06 . 2011-07-16 20:06 -------- d-----w- C:\Pictures
    2011-07-16 08:07 . 2011-07-16 08:51 -------- d-----w- c:\windows\ie8updates
    2011-07-16 05:07 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
    2011-07-16 05:07 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
    2011-07-16 05:06 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
    2011-07-16 05:06 . 2009-10-15 16:28 81920 ------w- c:\windows\system32\dllcache\fontsub.dll
    2011-07-16 05:06 . 2010-08-27 08:02 119808 ------w- c:\windows\system32\dllcache\t2embed.dll
    2011-07-16 05:06 . 2009-11-21 15:51 471552 ------w- c:\windows\system32\dllcache\aclayers.dll
    2011-07-16 05:04 . 2010-06-18 13:36 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2011-07-16 05:04 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
    2011-07-16 05:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
    2011-07-16 05:03 . 2011-04-25 16:11 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2011-07-16 05:03 . 2011-04-25 16:11 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2011-07-16 05:03 . 2011-04-25 16:11 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2011-07-16 05:03 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2011-07-16 05:01 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
    2011-07-16 05:01 . 2009-03-06 14:22 284160 ------w- c:\windows\system32\dllcache\pdh.dll
    2011-07-16 05:01 . 2009-02-06 10:39 35328 ------w- c:\windows\system32\dllcache\sc.exe
    2011-07-16 05:01 . 2009-02-09 12:10 401408 ------w- c:\windows\system32\dllcache\rpcss.dll
    2011-07-16 05:01 . 2009-02-06 11:11 110592 ------w- c:\windows\system32\dllcache\services.exe
    2011-07-16 05:00 . 2009-02-09 12:10 473600 ------w- c:\windows\system32\dllcache\fastprox.dll
    2011-07-16 05:00 . 2009-02-06 10:10 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
    2011-07-16 05:00 . 2009-02-09 12:10 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
    2011-07-16 05:00 . 2009-02-09 12:10 617472 ------w- c:\windows\system32\dllcache\advapi32.dll
    2011-07-16 04:54 . 2010-12-09 15:15 718336 ------w- c:\windows\system32\dllcache\ntdll.dll
    2011-07-16 04:54 . 2010-07-12 12:55 218112 ------w- c:\windows\system32\dllcache\wordpad.exe
    2011-07-16 04:43 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
    2011-07-16 04:42 . 2010-08-16 08:45 590848 ------w- c:\windows\system32\dllcache\rpcrt4.dll
    2011-07-16 04:42 . 2011-02-17 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-07-16 03:18 . 2011-07-16 03:18 -------- d-----w- c:\program files\Common Files\Java
    2011-07-16 03:18 . 2011-07-16 03:18 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-07-16 00:15 . 2011-07-16 00:15 -------- d-----w- C:\_OTM
    2011-07-14 23:42 . 2011-07-14 23:42 -------- d-----w- c:\program files\ESET
    2011-07-13 00:48 . 2011-07-13 00:50 -------- d-----w- C:\savw_97_sa
    2011-07-10 18:42 . 2011-07-10 18:42 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\F-Secure
    2011-07-10 18:42 . 2011-07-10 20:03 42664 ----a-w- c:\windows\system32\drivers\fsbts.sys
    2011-07-10 18:38 . 2011-07-10 20:32 82120 ----a-w- c:\windows\system32\drivers\fsdfw.sys
    2011-07-10 18:24 . 2011-07-13 00:00 -------- d-----w- c:\program files\Charter Security Suite
    2011-07-10 18:18 . 2011-07-10 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\fssg
    2011-07-10 18:16 . 2011-07-12 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\f-secure
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-07-16 03:18 . 2010-05-25 03:19 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-06-18 14:35 . 2011-05-23 23:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-02 14:02 . 2002-08-29 10:00 1858944 ------w- c:\windows\system32\win32k.sys
    2011-05-29 14:11 . 2009-01-12 02:37 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 14:11 . 2009-01-12 02:37 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-02 15:31 . 2004-06-07 18:19 692736 ------w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25 . 2004-03-30 01:48 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19 . 2002-08-29 10:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-26 11:07 . 2002-08-29 10:00 33280 ------w- c:\windows\system32\csrsrv.dll
    2011-04-26 11:07 . 2002-08-29 10:00 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-04-25 16:11 . 2004-02-06 23:05 916480 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 16:11 . 2002-08-29 10:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-04-25 16:11 . 2002-08-29 10:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-04-25 12:01 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
    2011-04-21 13:37 . 2002-08-29 10:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    2005-10-02 12:26 . 2005-10-02 12:26 774144 ----a-w- c:\program files\RngInterstitial.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-07-16_04.15.06 )))))))))))))))))))))))))))))))))))))))))
    Edit: Extensive Combofix snapshot deleted by Bobbye
     
  21. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Edit: Extensive Combofix snapshot deleted by Bobbye
     
  22. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Edit: Extensive Combofix snapshot deleted by Bobbye
     
  23. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Part 4
    Edit: Extensive Combofix snapshot deleted by Bobbye

    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2010-10-06 23:36 94208 ----a-w- c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
    "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
    "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
    "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-12 185896]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
    "Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2005-04-28 294912]
    "DLBUCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2004-11-09 69632]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-06 421160]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "F-Secure Manager"="c:\program files\Charter Security Suite\Common\FSM32.EXE" [2009-08-05 199264]
    "F-Secure TNB"="c:\program files\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "RunNarrator"="Narrator.exe" [2008-04-14 53760]
    .
    c:\documents and settings\Bryan\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\documents and settings\Bryan\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
    PowerReg Scheduler.exe [2006-5-26 256000]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-7-3 36953]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-3 24576]
    ImageMixer 3 SE Camera Monitor Ver.4.5.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4.5\Transfer Utility\CameraMonitor.exe [2011-1-23 406896]
    PowerReg Scheduler.exe [2005-3-5 251392]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-29 57344]
    Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "Taskman"=""
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, dblstssp.dll
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Games\\Halo Trial\\halo.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
    "c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
    "c:\\Program Files\\NovaLogic\\Delta Force Black Hawk Down\\UPDATE.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\SYSTEM32\\dlbucoms.exe"=
    "c:\\WINDOWS\\SYSTEM32\\SPOOL\\DRIVERS\\W32X86\\3\\DLBUPSWX.EXE"=
    "c:\\Program Files\\Research In Motion\\BlackBerry Desktop\\Rim.Desktop.exe"=
    "c:\\Documents and Settings\\Bryan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
    "135:TCP"= 135:TCP:TCP Port 135
    "5000:TCP"= 5000:TCP:TCP Port 5000
    "5001:TCP"= 5001:TCP:TCP Port 5001
    "5002:TCP"= 5002:TCP:TCP Port 5002
    "5003:TCP"= 5003:TCP:TCP Port 5003
    "5004:TCP"= 5004:TCP:TCP Port 5004
    "5005:TCP"= 5005:TCP:TCP Port 5005
    "5006:TCP"= 5006:TCP:TCP Port 5006
    "5007:TCP"= 5007:TCP:TCP Port 5007
    "5008:TCP"= 5008:TCP:TCP Port 5008
    "5009:TCP"= 5009:TCP:TCP Port 5009
    "5010:TCP"= 5010:TCP:TCP Port 5010
    "5011:TCP"= 5011:TCP:TCP Port 5011
    "5012:TCP"= 5012:TCP:TCP Port 5012
    "5013:TCP"= 5013:TCP:TCP Port 5013
    "5014:TCP"= 5014:TCP:TCP Port 5014
    "5015:TCP"= 5015:TCP:TCP Port 5015
    "5016:TCP"= 5016:TCP:TCP Port 5016
    "5017:TCP"= 5017:TCP:TCP Port 5017
    "5018:TCP"= 5018:TCP:TCP Port 5018
    "5019:TCP"= 5019:TCP:TCP Port 5019
    "5020:TCP"= 5020:TCP:TCP Port 5020
    .
    R0 fsbts;fsbts;c:\windows\SYSTEM32\DRIVERS\fsbts.sys [7/10/2011 1:42 PM 42664]
    R0 FSFW;F-Secure Firewall Driver;c:\windows\SYSTEM32\DRIVERS\fsdfw.sys [7/10/2011 1:38 PM 82120]
    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Charter Security Suite\HIPS\drivers\fshs.sys [7/10/2011 1:31 PM 68064]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/26/2008 3:35 PM 88176]
    R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]
    R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [4/19/2011 1:44 AM 399416]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [7/10/2011 1:25 PM 148648]
    R3 FSORSPClient;F-Secure ORSP Client;c:\program files\Charter Security Suite\ORSP Client\fsorsp.exe [7/10/2011 1:31 PM 61088]
    R3 PSI;PSI;c:\windows\SYSTEM32\DRIVERS\psi_mf.sys [9/1/2010 3:30 AM 15544]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
    S2 mrtRate;mrtRate; [x]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/6/2010 4:14 AM 135664]
    S3 Wdm1;USB Bridge Cable Driver;c:\windows\SYSTEM32\DRIVERS\usbbc.sys [1/8/2001 8:53 AM 15576]
    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys [7/10/2011 1:25 PM 39776]
    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys [7/10/2011 1:25 PM 25184]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 17:34]
    .
    2011-07-18 c:\windows\Tasks\Disk Cleanup.job
    - c:\windows\SYSTEM32\cleanmgr.exe [2002-08-29 00:12]
    .
    2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
    .
    2011-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 09:14]
    .
    2011-07-18 c:\windows\Tasks\Scheduled scanning task.job
    - c:\progra~1\CHARTE~1\ANTI-V~1\fsav.exe [2011-07-10 15:56]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.charter.net/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
    LSP: c:\program files\Charter Security Suite\FSPS\program\FSLSP.DLL
    Trusted Zone: musicmatch.com\online
    TCP: DhcpNameServer = 24.159.64.23 97.81.22.195 66.189.0.100
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-07-18 22:07
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    DLBUCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3708)
    c:\windows\system32\WININET.dll
    c:\program files\Charter Security Suite\Spam Control\fsscoepl.dll
    c:\progra~1\mcafee\SITEAD~1\saHook.dll
    c:\documents and settings\Bryan\Application Data\Dropbox\bin\DropboxExt.14.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\program files\iTunes\iTunesMiniPlayer.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
    c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\COMMON~1\AOL\ACS\acsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Charter Security Suite\Anti-Virus\fsgk32st.exe
    c:\program files\Charter Security Suite\Common\FSMA32.EXE
    c:\program files\Charter Security Suite\Anti-Virus\FSGK32.EXE
    c:\program files\Charter Security Suite\Common\FSHDLL32.EXE
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Dell Support Center\bin\sprtsvc.exe
    c:\windows\wanmpsvc.exe
    c:\program files\Charter Security Suite\FWES\Program\fsdfwd.exe
    c:\program files\Charter Security Suite\Anti-Virus\fssm32.exe
    c:\windows\system32\rundll32.exe
    c:\windows\system32\wscntfy.exe
    c:\program files\Dell Photo AIO Printer 942\dlbubmon.exe
    c:\program files\Charter Security Suite\Anti-Virus\fsav32.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2011-07-18 22:15:22 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-07-19 03:15
    ComboFix2.txt 2011-07-17 06:07
    ComboFix3.txt 2011-07-16 04:31
    .
    Pre-Run: 84,405,092,352 bytes free
    Post-Run: 84,427,108,352 bytes free
    .
    - - End Of File - - 56027B6AD9AFA10E0E6D437B5453AEC0
     
  24. bbanks72

    bbanks72 TS Rookie Topic Starter Posts: 38

    Also, trying to set up disk clean up, etc and I keep getting error message - Access Denied.
     
  25. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    This would not be the time to do the disc cleanup. Please wait until we're through.

    Did you copy all the script I had in the code box, including all of the ports?

    Can you give me any update on the system now?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...