also @ TechSpot: Jolla unveils first Sailfish OS smartphone, set to ship this year

IC8D1A13...infection

Discussion in 'Virus and Malware Removal' started by randy, Jul 12, 2012.

Post New Reply
Page 5 of 7

  1. randy Newcomer, in training Posts: 79

    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
    [2011/08/05 20:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\131C
    [2011/07/25 15:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1A399
    [2012/07/12 21:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
    [2012/01/25 11:48:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
    [2012/01/25 11:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
    [2011/07/24 18:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
    [2011/08/16 18:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
    [2011/02/10 00:41:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
    [2008/09/04 10:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FirstClass
    [2012/04/07 18:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
    [2012/07/20 12:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
    [2007/10/15 11:19:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2011/03/31 18:41:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Print2RDP Client
    [2011/07/25 21:50:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
    [2008/12/29 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
    [2011/07/24 19:38:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUpMedia
    [2008/12/29 20:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
    [2011/08/16 18:57:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{309C802B-A076-4563-B164-B62C0C145153}
    [2011/02/11 11:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    [2010/02/26 11:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\toshiba
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\toshiba
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser\Application Data\toshiba
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LogMeInRemoteUser.RANDY\Application Data\toshiba
    [2008/12/27 19:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\585Soft
    [2012/07/07 11:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\AVG Secure Search
    [2012/01/25 11:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\AVG2012
    [2011/07/25 16:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\BabylonToolbar
    [2011/07/25 16:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\bsbandmltbpi
    [2009/06/26 12:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Citrix
    [2011/01/01 22:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\FrostWire
    [2012/03/18 14:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\ICAClient
    [2009/05/12 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\InterVideo
    [2011/12/12 13:42:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\mediabarbs
    [2007/02/18 12:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\MSNInstaller
    [2011/07/25 16:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\OpenCandy
    [2007/02/13 23:16:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Opera
    [2008/12/27 11:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\RhinoSoft.com
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\toshiba
    [2010/11/09 20:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Uniblue
    [2010/12/03 22:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Randy Enns\Application Data\Windows Live Writer
    [2007/02/18 17:57:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana\Application Data\MSNInstaller
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana\Application Data\toshiba
    [2012/01/25 11:47:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\AVG Secure Search
    [2012/01/25 11:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\AVG2012
    [2011/09/23 13:29:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\Babylon
    [2011/09/08 12:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\BabylonToolbar
    [2011/09/08 12:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\bsbandmltbpi
    [2012/03/16 19:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\FrostWire
    [2011/09/08 12:59:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\mediabarbs
    [2006/01/29 19:57:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tana Lynn\Application Data\toshiba
    [2012/07/20 17:08:38 | 000,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
    [2012/07/20 17:29:00 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream

    < End of report >
    randy, Jul 20, 2012
    #81

  2. randy Newcomer, in training Posts: 79

    there is not a file named extras.text and an error message popped up :

    win32error code 1500
    event log file is corrupted
    randy, Jul 20, 2012
    #82

  3. Broni Malware Annihilator Posts: 39,313   +175

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MRV6X32P.dll -- (superproserver)
PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
[2010/10/29 08:11:49 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\S-1-5-21-3420744096-2968798833-731646614-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - Startup: C:\Documents and Settings\Tana Lynn\Start Menu\Programs\Startup\FrostWire On Startup.lnk = File not found
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[2011/08/05 20:28:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\131C
[2011/07/25 15:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1A399
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream

:Files
C:\Program Files\Ask.com

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =========================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
    Broni, Jul 20, 2012
    #83

  4. randy Newcomer, in training Posts: 79

    Otl runfix take a long time, I cant tell if its running
    randy, Jul 20, 2012
    #84

  5. Broni Malware Annihilator Posts: 39,313   +175

    Stop it. Restart in safe mode and run it from there.
    Broni, Jul 20, 2012
    #85

  6. randy Newcomer, in training Posts: 79

    Everything frozen. Ctrl alt delete not even working
    randy, Jul 20, 2012
    #86
     

  7. Broni Malware Annihilator Posts: 39,313   +175

    Restart manually to safe mode.
    Broni, Jul 20, 2012
    #87

  8. randy Newcomer, in training Posts: 79

    I should have pasted your code to my desktop...
    randy, Jul 20, 2012
    #88

  9. Broni Malware Annihilator Posts: 39,313   +175

    I'm not sure what you're saying.
    Broni, Jul 20, 2012
    #89

  10. randy Newcomer, in training Posts: 79

    Lost the copy & paste code and had no internet to retrieve it so now I connect normal copied code to desktop do I can put it in otl and click runfix
    randy, Jul 20, 2012
    #90

  11. Broni Malware Annihilator Posts: 39,313   +175

    Yes, but restart to safe mode and run the fix from there.
    Broni, Jul 20, 2012
    #91

  12. randy Newcomer, in training Posts: 79

    Lost the copy & paste code and had no internet to retrieve it so now I connect normal copied code to desktop do I can put it in otl and click runfix
    randy, Jul 20, 2012
    #92

  13. Broni Malware Annihilator Posts: 39,313   +175

    Read my previous reply.
    Broni, Jul 20, 2012
    #93

  14. randy Newcomer, in training Posts: 79

    All processes killed
    ========== OTL ==========
    Service superproserver stopped successfully!
    Service superproserver deleted successfully!
    File %systemroot%\system32\MRV6X32P.dll not found.
    No active process named Updater.exe was found!
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.order.1
    C:\Documents and Settings\Randy Enns\Application Data\Mozilla\Firefox\Profiles\fjj6xe7h.default\searchplugins\askcom.xml moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3420744096-2968798833-731646614-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
    C:\Documents and Settings\Tana Lynn\Start Menu\Programs\Startup\FrostWire On Startup.lnk moved successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CFSServ.exe deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Windows &Live Favorites\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\Documents and Settings\All Users\Application Data\131C folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\1A399 folder moved successfully.
    ADS C:\Documents and Settings\Randy Enns\My Documents\xpinsatlldisc.rcl:Roxio EMC Stream deleted successfully.
    ========== FILES ==========
    C:\Program Files\Ask.com\Updater folder moved successfully.
    C:\Program Files\Ask.com\assets\oobe folder moved successfully.
    C:\Program Files\Ask.com\assets folder moved successfully.
    C:\Program Files\Ask.com folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LogMeInRemoteUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LogMeInRemoteUser.RANDY
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Java cache emptied: 27621 bytes
    ->Flash cache emptied: 15571 bytes

    User: Randy Enns
    ->Temp folder emptied: 20427808 bytes
    ->Temporary Internet Files folder emptied: 755301 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 75541954 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 2185 bytes

    User: Tana
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Tana Lynn
    ->Temp folder emptied: 1190419 bytes
    ->Temporary Internet Files folder emptied: 1264013 bytes
    ->Java cache emptied: 6058897 bytes
    ->FireFox cache emptied: 94665085 bytes
    ->Flash cache emptied: 96726 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 68875 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 191.00 mb


    [EMPTYJAVA]

    User: Administrator

    User: All Users

    User: Default User

    User: Guest

    User: LocalService

    User: LogMeInRemoteUser

    User: LogMeInRemoteUser.RANDY

    User: NetworkService
    ->Java cache emptied: 0 bytes

    User: Randy Enns
    ->Java cache emptied: 0 bytes

    User: Tana

    User: Tana Lynn
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: Guest

    User: LocalService

    User: LogMeInRemoteUser

    User: LogMeInRemoteUser.RANDY

    User: NetworkService
    ->Flash cache emptied: 0 bytes

    User: Randy Enns
    ->Flash cache emptied: 0 bytes

    User: Tana

    User: Tana Lynn
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.54.0 log created on 07202012_205126

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
    randy, Jul 20, 2012
    #94

  15. randy Newcomer, in training Posts: 79

    Results of screen317's Security Check version 0.99.24
    Windows XP Service Pack 3 x86
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    AVG 2012
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    SpywareBlaster 4.0
    CCleaner (remove only)
    Java(TM) 6 Update 26
    Out of date Java installed!
    Adobe Flash Player 11.1.102.55
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgemc.exe
    ``````````End of Log````````````
    randy, Jul 20, 2012
    #95

  16. randy Newcomer, in training Posts: 79

    Farbar Service Scanner Version: 19-07-2012
    Ran by Randy Enns (administrator) on 20-07-2012 at 21:04:52
    Running from "C:\Documents and Settings\Randy Enns\Desktop"
    Microsoft Windows XP Professional Service Pack 3 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    ATTENTION!=====> Unable to retrieve HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\\EnableFirewall value. The value does not exist.


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    File Check:
    ========
    C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
    C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
    C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
    C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
    C:\WINDOWS\system32\netman.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\srsvc.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
    C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
    C:\WINDOWS\system32\qmgr.dll => MD5 is legit
    C:\WINDOWS\system32\es.dll => MD5 is legit
    C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit

    Extra List:
    =======
    AegisP(9) fssfltr(10) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
    0x0A0000000400000001000000020000000300000005000000060000000700000008000000090000000A000000
    IpSec Tag value is correct.

    **** End of log ****
    randy, Jul 20, 2012
    #96

  17. randy Newcomer, in training Posts: 79

    On eset,the timer is running but files scanned not Increasing..
    randy, Jul 20, 2012
    #97

  18. Broni Malware Annihilator Posts: 39,313   +175

    Be patient.
    Broni, Jul 20, 2012
    #98

  19. randy Newcomer, in training Posts: 79

    :)
    randy, Jul 20, 2012
    #99

  20. randy Newcomer, in training Posts: 79

    C:\Documents and Settings\Randy Enns\Application Data\OpenCandy\OpenCandy_1198725F1E3F46B0A8223DEE8E9FDA34\registrybooster(1).exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\Documents and Settings\Randy Enns\Desktop\computerprograms\noadware.exe multiple threats cleaned by deleting - quarantined
    C:\Documents and Settings\Randy Enns\Desktop\Tana\Tana Lynn\My Documents\FlvPlayerSetup.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\Documents and Settings\Randy Enns\My Documents\Downloads\SoftonicDownloader_for_bittorrent(2).exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Documents and Settings\Randy Enns\My Documents\Downloads\SoftonicDownloader_for_bittorrent.exe a variant of Win32/SoftonicDownloader.A application cleaned by deleting - quarantined
    C:\Documents and Settings\Tana Lynn\Local Settings\Application Data\Babylon\Setup\Setup.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarEng.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_22.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_36.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_4.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_DLL_84.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_32.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_34.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_39.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_DM_EXE_75.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_13.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_30.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_80.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\del_IEBHO_88.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting (after the next restart) - quarantined
    C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133144.exe a variant of Win32/RegistryBooster application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133145.exe multiple threats cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133146.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133147.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133148.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133149.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133150.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133151.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133152.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133153.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133154.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133155.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133156.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133157.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133158.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133159.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133160.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133161.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133162.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133163.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133164.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133165.dll a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133166.exe a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{85BD2043-3A64-479B-ABB4-B83390286164}\RP814\A0133167.dll probably a variant of Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
    Operating memory a variant of Win32/Toolbar.SearchSuite application



    *I think it said 50 of 51 fixed
    randy, Jul 21, 2012
    #100
Page 5 of 7

Add New Comment

Social Login & Guest Posting

TechSpot Members
Login here or sign up for free,
it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.