"System Check" malware removal

Inactive
By Slawfor
Jan 3, 2012
  1. I have the same "System Check" virus producing the same problems as listed by other posters in this thread. Here are the requested logs:


    Malware Bytes / Anti-Malware:


    aswMBR version 0.9.9.1124 Copyright(c) 2011 AVAST Software
    Run date: 2012-01-03 10:59:53
    -----------------------------
    10:59:53.734 OS Version: Windows 5.1.2600 Service Pack 3
    10:59:53.734 Number of processors: 2 586 0x1C02
    10:59:53.734 ComputerName: PC279151865318 UserName: Scott
    10:59:54.765 Initialize success
    11:00:15.000 AVAST engine defs: 12010300
    11:01:51.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
    11:01:51.046 Disk 0 Vendor: WDC_WD1600BEVT-60ZCT1 13.01A13 Size: 152627MB BusType: 3
    11:01:51.078 Disk 0 MBR read successfully
    11:01:51.093 Disk 0 MBR scan
    11:01:51.171 Disk 0 Windows VISTA default MBR code
    11:01:51.203 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152616 MB offset 2048
    11:01:51.281 Disk 0 scanning sectors +312560640
    11:01:51.453 Disk 0 scanning C:\WINDOWS\system32\drivers
    11:02:32.843 Service scanning
    11:02:34.546 Service MpKsl10b43a19 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{562EA33E-40CA-4F46-8840-B3C3A2A5E639}\MpKsl10b43a19.sys **LOCKED** 32
    11:02:35.562 Modules scanning
    11:02:50.578 Disk 0 trace - called modules:
    11:02:50.656 ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
    11:02:51.218 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d4bab8]
    11:02:51.234 3 CLASSPNP.SYS[f7668fd7] -> nt!IofCallDriver -> [0x86d56bb0]
    11:02:51.265 5 SahdIa32.sys[f7689939] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x86d7ed98]
    11:02:53.109 AVAST engine scan C:\WINDOWS
    11:03:17.234 AVAST engine scan C:\WINDOWS\system32
    11:09:06.843 AVAST engine scan C:\WINDOWS\system32\drivers
    11:09:58.515 AVAST engine scan C:\Documents and Settings\Scott
    11:22:53.234 AVAST engine scan C:\Documents and Settings\All Users
    11:24:21.843 Scan finished successfully
    11:25:16.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Scott\Desktop\MBR.dat"
    11:25:16.265 The log file has been saved successfully to "C:\Documents and Settings\Scott\Desktop\aswMBR.txt"



    GMER LOG:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-01-03 12:11:58
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600BEVT-60ZCT1 rev.13.01A13
    Running: o44hdn2m.exe; Driver: C:\DOCUME~1\Scott\LOCALS~1\Temp\kwdyifoc.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----





    DDS.TXT


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
    Run by Scott at 12:19:15 on 2012-01-03
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.298 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\STacSV.exe
    svchost.exe
    C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\HP\HPBTWD.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\syncables\syncables desktop\Syncables.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\syncables\syncables desktop\MigoMapi.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Connection Wizard,ShellNext = iexplore
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0559.0\msneshellx.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    mRun: [HP BTW Detect Program] c:\program files\hp\HPBTWD.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [HP Mobile Broadband] c:\swsetup\hpqwwan\HPMobileBroadband.exe /TrayMode
    mRun: [Syncables] c:\program files\syncables\syncables desktop\Syncables.exe
    mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [YwAYWnYwRqKS.exe] c:\documents and settings\all users\application data\YwAYWnYwRqKS.exe
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    StartupFolder: c:\docume~1\scott\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    dPolicies-explorer: NoDesktop = 1 (0x1)
    dPolicies-system: DisableTaskMgr = 1 (0x1)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    TCP: Interfaces\{18758B16-EF4B-456A-BBDE-B4F0D5AB9BA2} : DhcpNameServer = 65.32.5.111 65.32.5.112
    Filter: text/html - {c728c8d1-9a8f-4606-a9c7-38756772d8cb} -
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: TPSvc - TPSvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\scott\application data\mozilla\firefox\profiles\5shyoky5.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\ipsffplgn\components\IPSFFPl.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    ============= SERVICES / DRIVERS ===============
    .
    R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2009-5-7 21488]
    R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2009-5-7 15856]
    R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [2008-9-25 103792]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
    R1 MpKsl6aa54160;MpKsl6aa54160;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e21a864-f80a-45d8-bbc1-37bc32733e71}\MpKsl6aa54160.sys [2012-1-3 29904]
    R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2009-5-7 25584]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2008-12-12 125424]
    R2 BOTService;BOTService;c:\program files\roxio\backontrack\instant restore\BOTService.exe [2009-3-19 203248]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-10-24 113664]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2009-3-31 39424]
    S1 MpKsl2b7a86e2;MpKsl2b7a86e2;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85dd5633-fc75-4cb4-beb1-b8c878c18f50}\mpksl2b7a86e2.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{85dd5633-fc75-4cb4-beb1-b8c878c18f50}\MpKsl2b7a86e2.sys [?]
    S1 MpKsld9a1437c;MpKsld9a1437c;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c33f2aa9-b934-469c-b0a9-84549f57d63f}\mpksld9a1437c.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c33f2aa9-b934-469c-b0a9-84549f57d63f}\MpKsld9a1437c.sys [?]
    S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [2010-4-1 103552]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2009-5-7 160256]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
    S3 UCORESYS;UCORESYS;c:\swsetup\sp43745\UCORESYS.SYS [2008-7-24 15432]
    .
    =============== Created Last 30 ================
    .
    2012-01-03 17:13:32 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e21a864-f80a-45d8-bbc1-37bc32733e71}\MpKsl6aa54160.sys
    2012-01-03 17:13:06 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e21a864-f80a-45d8-bbc1-37bc32733e71}\offreg.dll
    2012-01-03 17:13:00 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1e21a864-f80a-45d8-bbc1-37bc32733e71}\mpengine.dll
    2012-01-03 15:29:00 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-03 15:10:15 -------- d-----w- C:\WINSSLog
    2012-01-03 14:57:02 -------- d-----w- C:\24e7b5ead86baa5ad129324da0
    2012-01-03 12:59:44 -------- d-----w- c:\documents and settings\scott\application data\Malwarebytes
    2012-01-03 12:59:34 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2012-01-03 12:41:39 -------- d-----w- c:\documents and settings\scott\local settings\application data\PackageAware
    2011-12-29 15:49:33 626688 ---ha-w- c:\program files\mozilla firefox\msvcr80.dll
    2011-12-29 15:49:33 548864 ---ha-w- c:\program files\mozilla firefox\msvcp80.dll
    2011-12-29 15:49:33 479232 ---ha-w- c:\program files\mozilla firefox\msvcm80.dll
    2011-12-29 15:49:33 43992 ---ha-w- c:\program files\mozilla firefox\mozutils.dll
    2011-12-20 02:11:04 -------- d--h--w- c:\documents and settings\all users\application data\STOPzilla!
    2011-12-10 08:51:11 159744 ---ha-w- c:\program files\mozilla firefox\plugins\npqtplugin7.dll
    2011-12-06 02:00:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    ==================== Find3M ====================
    .
    2011-11-30 22:14:34 414368 ---ha-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25:32 1859584 ---ha-w- c:\windows\system32\win32k.sys
    2011-11-04 19:20:51 916992 ---ha-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20:51 43520 ---ha-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20:51 1469440 ---ha-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23:59 385024 ---ha-w- c:\windows\system32\html.iec
    2011-11-01 16:07:10 1288704 ---ha-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31:48 33280 ---ha-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37:08 2148864 ---ha-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52:02 2027008 ---ha-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 19:29:02 94208 ---ha-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ---ha-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13:22 186880 ---ha-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22:41 692736 ---ha-w- c:\windows\system32\inetcomm.dll
    .
    ============= FINISH: 12:21:20.12 ===============




    DDS ATTACH.TXT


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/13/2009 4:35:15 AM
    System Uptime: 1/3/2012 10:23:39 AM (2 hours ago)
    .
    Motherboard: Hewlett-Packard | | 308F
    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | CPU 1 | 1596/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 125.511 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.7
    Apple Application Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Broadcom 802.11 Wireless LAN Adapter
    Compatibility Pack for the 2007 Office system
    Critical Update for Windows Media Player 11 (KB959772)
    Default Manager
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB2570791)
    Hotfix for Windows XP (KB2633952)
    Hotfix for Windows XP (KB949764)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976002-v5)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP BatteryCheck 2.10 A4
    HP Doc Viewer
    HP Help and Support
    HP Mobile Broadband Setup Utility
    HP User Guides 0139
    HP Wireless Assistant
    HpSdpAppCoreApp
    IDT Audio
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 26
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2572067)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Antimalware
    Microsoft Application Error Reporting
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Live Search Toolbar
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSN
    MSXML 6.0 Parser
    PC Suite
    QuickTime
    Roxio BackOnTrack
    Roxio Disaster Recovery
    Roxio Instant Restore
    Roxio Instant Restore Recovery Disk
    Roxio Update Manager
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Security Update for Microsoft Windows (KB2564958)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB2497640)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2530548)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2412687)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476490)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB2485663)
    Security Update for Windows XP (KB2503658)
    Security Update for Windows XP (KB2503665)
    Security Update for Windows XP (KB2506212)
    Security Update for Windows XP (KB2506223)
    Security Update for Windows XP (KB2507618)
    Security Update for Windows XP (KB2507938)
    Security Update for Windows XP (KB2508272)
    Security Update for Windows XP (KB2508429)
    Security Update for Windows XP (KB2509553)
    Security Update for Windows XP (KB2511455)
    Security Update for Windows XP (KB2524375)
    Security Update for Windows XP (KB2535512)
    Security Update for Windows XP (KB2536276-v2)
    Security Update for Windows XP (KB2536276)
    Security Update for Windows XP (KB2544893-v2)
    Security Update for Windows XP (KB2544893)
    Security Update for Windows XP (KB2555917)
    Security Update for Windows XP (KB2562937)
    Security Update for Windows XP (KB2566454)
    Security Update for Windows XP (KB2567053)
    Security Update for Windows XP (KB2567680)
    Security Update for Windows XP (KB2570222)
    Security Update for Windows XP (KB2570947)
    Security Update for Windows XP (KB2592799)
    Security Update for Windows XP (KB2618451)
    Security Update for Windows XP (KB2619339)
    Security Update for Windows XP (KB2620712)
    Security Update for Windows XP (KB2624667)
    Security Update for Windows XP (KB2633171)
    Security Update for Windows XP (KB2639417)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Skype™ 3.8
    Spelling Dictionaries Support For Adobe Reader 9
    Synaptics Pointing Device Driver
    syncables desktop
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB2541763)
    Update for Windows XP (KB2607712)
    Update for Windows XP (KB2616676)
    Update for Windows XP (KB2641690)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    USB2.0 Card Reader Software
    Viewpoint Media Player
    VoiceOver Kit
    WebFldrs XP
    Windows Backup Utility
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/3/2012 10:30:38 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    1/3/2012 10:30:04 AM, error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80070424 Error description: The specified service does not exist as an installed service.
    .
    ==== End Of File ===========================





    After completing the above steps, I ran UnHide.exe and it was successful in bringing my program icons back to my desk top.

    My security program is Windows Security Essential. I cannot get the automatic update to work -- it won't go from "off" setting to "on" using the steps Windows lists.

    Thank you very much for any help you can provide.
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Welcome to TechSpot! I'll help with the malware.

    Did you try to run Mawlarebytes or forget the log? aswMBR isn't Malwarebytes. You should also advise me if you weren't able to run Malwarebytes.
    ==================================
    What I'm seeing in these logs is the malware Trojan.Agent/Gen-FakeAlert
    It has changes the policies to NoDesktop and to DisableTaskMgr
    Please run the following:
    [​IMG]
    SuperAntiSpyware Home Edition Free Version
    • Please download SuperAntiSpyware from HERE
    • Launch SuperAntiSpyware and click on 'Check for updates'.
    • Wait for the updates to be installed
    • On the main screen click on 'Scan your computer'.
    • Check: 'Perform Complete Scan then Click 'Next' to start the scan.
    • Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
    • Make sure everything found has a checkmark next to it,then press 'Next'.
    • Click on 'Finish' when you've done.
    It's possible that the program will ask you to reboot in order to delete some files.

    Obtain the SuperAntiSpyware log as follows:
    • Click on 'Preferences'.
    • Click on the 'Statistics/Logs' tab.
    • Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
    It will then open in your default text editor,such as Notepad. Paste the notepad file here on your reply
    ===================================
    Please describe the particular problems you are having. Not everyone experiences the same problems. There are also several very active rogue malware programs that can cause similar problems, but not all. So please tell me how you know that you have the "System Check" malware.
    ===================================
    Please follow with Combofix. Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need onternet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===================================
    Please leave the logs in your next reply.
    =====================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.

    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
  3. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    I just ran Malwarebytes Anti-Malware and it completed successfully. It did not detect any malicious items. Here is the log:



    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.03.04

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    Scott :: PC279151865318 [administrator]

    1/3/2012 5:52:24 PM
    mbam-log-2012-01-03 (17-52-24).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 238685
    Time elapsed: 1 hour(s), 6 minute(s), 42 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  4. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    Following is the SuperAntiSpyware Scan Log:



    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/03/2012 at 09:12 PM

    Application Version : 5.0.1142

    Core Rules Database Version : 8095
    Trace Rules Database Version: 5907

    Scan type : Complete Scan
    Total Scan Time : 01:57:03

    Operating System Information
    Windows XP Home Edition 32-bit, Service Pack 3 (Build 5.01.2600)
    Administrator

    Memory items scanned : 457
    Memory threats detected : 0
    Registry items scanned : 36710
    Registry threats detected : 3
    File items scanned : 156166
    File threats detected : 155

    Disabled.TaskManager
    HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR
    HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM#DISABLETASKMGR

    Adware.Tracking Cookie
    C:\Documents and Settings\Scott\Cookies\578L82JW.txt [ /doubleclick.net ]
    C:\Documents and Settings\Scott\Cookies\GTTV28GB.txt [ /kontera.com ]
    C:\Documents and Settings\Scott\Cookies\FWERB166.txt [ /ad.yieldmanager.com ]
    C:\Documents and Settings\Scott\Cookies\G1OJILXQ.txt [ /apmebf.com ]
    C:\Documents and Settings\Scott\Cookies\BPZ4BDKY.txt [ /ar.atwola.com ]
    C:\Documents and Settings\Scott\Cookies\1XFPUS1J.txt [ /akamai.interclickproxy.com ]
    C:\Documents and Settings\Scott\Cookies\8KTN1SYP.txt [ /tacoda.at.atwola.com ]
    C:\Documents and Settings\Scott\Cookies\I8HR1SFE.txt [ /adxpose.com ]
    C:\Documents and Settings\Scott\Cookies\XWMHD7D0.txt [ /atdmt.com ]
    C:\Documents and Settings\Scott\Cookies\34BYLF1K.txt [ /at.atwola.com ]
    C:\Documents and Settings\Scott\Cookies\MZAPHS9Z.txt [ /casalemedia.com ]
    C:\Documents and Settings\Scott\Cookies\GGE7U4KT.txt [ /stopzilla.com ]
    C:\Documents and Settings\Scott\Cookies\FKNLPQSN.txt [ /interclick.com ]
    C:\Documents and Settings\Scott\Cookies\4GLMOUZ8.txt [ /ads.pubmatic.com ]
    C:\Documents and Settings\Scott\Cookies\AYBCALWC.txt [ /r1-ads.ace.advertising.com ]
    C:\Documents and Settings\Scott\Cookies\SISMZQ4T.txt [ /serving-sys.com ]
    C:\Documents and Settings\Scott\Cookies\S05756RQ.txt [ /statse.webtrendslive.com ]
    C:\Documents and Settings\Scott\Cookies\KMQICZ4B.txt [ /a1.interclick.com ]
    C:\Documents and Settings\Scott\Cookies\RDQBZXCL.txt [ /imrworldwide.com ]
    C:\Documents and Settings\Scott\Cookies\F57B9RZ2.txt [ /www.stopzilla.com ]
    C:\Documents and Settings\Scott\Cookies\YTK943U5.txt [ /advertising.com ]
    C:\Documents and Settings\Scott\Cookies\3T6OCIK9.txt [ /revsci.net ]
    C:\Documents and Settings\Scott\Cookies\DLNN0VA5.txt [ /mediaplex.com ]
    C:\Documents and Settings\Scott\Cookies\HH357BSG.txt [ /invitemedia.com ]
    C:\Documents and Settings\Scott\Cookies\1ERI746S.txt [ /adbrite.com ]
    C:\Documents and Settings\Scott\Cookies\IY8KIN5N.txt [ /atwola.com ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NDIDZI7A.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NMDNVI4X.txt [ Cookie:system@ru4.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\G3RGW6WS.txt [ Cookie:system@www.burstnet.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\O6LV1WOG.txt [ Cookie:system@fastclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\NDEYVA2L.txt [ Cookie:system@dc.tremormedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\W4K9XX4M.txt [ Cookie:system@tacoda.at.atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\88LDLMZT.txt [ Cookie:system@media6degrees.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\40C06DCD.txt [ Cookie:system@ar.atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\0X3O8EKB.txt [ Cookie:system@revsci.net/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\B0H3O2EN.txt [ Cookie:system@atdmt.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XLAV5TA2.txt [ Cookie:system@doubleclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\EO28WP39.txt [ Cookie:system@lucidmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\CXG1CJV0.txt [ Cookie:system@trafficmp.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FCYH9C3J.txt [ Cookie:system@collective-media.net/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\PXFI1SEV.txt [ Cookie:system@c.gigcount.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\95ZS3SEW.txt [ Cookie:system@amazon-adsystem.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\A9TVWA15.txt [ Cookie:system@realmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\QU2XMU7S.txt [ Cookie:system@burstnet.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\041P2LTT.txt [ Cookie:system@adbrite.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\YWW1AM1S.txt [ Cookie:system@yieldmanager.net/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\9QIXXAK0.txt [ Cookie:system@apmebf.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\V421UFQ2.txt [ Cookie:system@adxpose.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\OBGIVAWL.txt [ Cookie:system@crackle.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HH9T13XT.txt [ Cookie:system@bs.serving-sys.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\13SUW45P.txt [ Cookie:system@pro-market.net/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\H4BC6NTM.txt [ Cookie:system@brighthouse.122.2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\7FCZJJXH.txt [ Cookie:system@bizzclick.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\57FGF4CG.txt [ Cookie:system@casalemedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\FBYZYR7C.txt [ Cookie:system@adserver.adtechus.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\TMFQHT35.txt [ Cookie:system@questionmarket.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\BP2X30AM.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\XKD8JE1G.txt [ Cookie:system@network.realmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\HYOQO6TS.txt [ Cookie:system@r1-ads.ace.advertising.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\WED8F56A.txt [ Cookie:system@tribalfusion.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ANE9WUJF.txt [ Cookie:system@adtech.de/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\ZQY5IZCY.txt [ Cookie:system@advertising.com/ ]
    C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\Cookies\43KKQ0PS.txt [ Cookie:system@youngbucks.rotator.hadj7.adjuggler.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YQVBEEGG.txt [ Cookie:system@ru4.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OXVOT3SH.txt [ Cookie:system@imrworldwide.com/cgi-bin ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\URV2MUKH.txt [ Cookie:system@fastclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\BQWFZC2F.txt [ Cookie:system@www.burstnet.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AJ15RK38.txt [ Cookie:system@dc.tremormedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C64BW9VM.txt [ Cookie:system@indieclick.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\W37LVGTM.txt [ Cookie:system@tacoda.at.atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\P4EQTMFR.txt [ Cookie:system@ox-d.enveromedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\04N1QS83.txt [ Cookie:system@media6degrees.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\AQ6CFWAM.txt [ Cookie:system@ar.atwola.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\V079KPJG.txt [ Cookie:system@a1.interclick.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZMHRZEKE.txt [ Cookie:system@akamai.interclickproxy.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L9Q8CZYS.txt [ Cookie:system@optimize.indieclick.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NIB4CRKU.txt [ Cookie:system@marchex.bafind.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\WQH81F20.txt [ Cookie:system@atdmt.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\46V3W1GV.txt [ Cookie:system@adsonar.com/adserving ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1HLQTM51.txt [ Cookie:system@doubleclick.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\F661W6RK.txt [ Cookie:system@lucidmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GNOQQGCF.txt [ Cookie:system@linksynergy.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L9RNP4EX.txt [ Cookie:system@getclicky.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\Y5HXUK7I.txt [ Cookie:system@trafficmp.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\724ZH3DC.txt [ Cookie:system@collective-media.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RBZGM4JU.txt [ Cookie:system@xml.prostreammedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MHEHC80S.txt [ Cookie:system@amazon-adsystem.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\DQSU81ZL.txt [ Cookie:system@realmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\7SOVFOST.txt [ Cookie:system@ads.bridgetrack.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\L70LCQL4.txt [ Cookie:system@burstnet.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\12149NW0.txt [ Cookie:system@histats.com/stats/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XVEADN98.txt [ Cookie:system@adjuggler.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1MSK8AKD.txt [ Cookie:system@ggpublishing.rotator.hadj7.adjuggler.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K262BBR4.txt [ Cookie:system@yieldmanager.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\TKM0JE8P.txt [ Cookie:system@artcitymedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\5LK3YKTJ.txt [ Cookie:system@apmebf.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NZPO0HZ7.txt [ Cookie:system@adxpose.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\FVJNJXKE.txt [ Cookie:system@advertise.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\1OEY0C47.txt [ Cookie:system@crackle.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\379CD4HS.txt [ Cookie:system@bs.serving-sys.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\RFQQFGI3.txt [ Cookie:system@liveperson.net/hc/28564642 ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LJXNNZHT.txt [ Cookie:system@ad2.adfarm1.adition.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YDGPIZQS.txt [ Cookie:system@pro-market.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\3UYQYOPV.txt [ Cookie:system@bizzclick.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\GXWD4K7E.txt [ Cookie:system@casalemedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\K15DAW0O.txt [ Cookie:system@adserver.adtechus.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0S7URVU1.txt [ Cookie:system@tag.2bluemedia.hiro.tv/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\07KAJYD6.txt [ Cookie:system@questionmarket.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XRQGT7S6.txt [ Cookie:system@r1-ads.ace.advertising.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OP61ZQDG.txt [ Cookie:system@smashfind.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\LNASUPG1.txt [ Cookie:system@server.cpmstar.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\NH4JVUZ6.txt [ Cookie:system@tribalfusion.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\JNJV9346.txt [ Cookie:system@statcounter.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\N7RG8A7N.txt [ Cookie:system@247realmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\J0P5Y4X5.txt [ Cookie:system@histats.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\T7DDO7KD.txt [ Cookie:system@mm.chitika.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YKGJK7SY.txt [ Cookie:system@advertising.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\2EBDNZ4D.txt [ Cookie:system@www.crackle.com/shows/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\YT15L9J6.txt [ Cookie:system@citygridmedia.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\IMN3CXQM.txt [ Cookie:system@youngbucks.rotator.hadj7.adjuggler.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\XNFA82CL.txt [ Cookie:system@2o7.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\0AYY43RG.txt [ Cookie:system@stat.onestat.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\ZX27ZG9G.txt [ Cookie:system@pointroll.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\C17MWROX.txt [ Cookie:system@goodcholesterolcount.com/ ]
    cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AYJYQ2LN ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\23BO1A40.txt [ Cookie:system@ads.pointroll.com/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\MEFG3WF2.txt [ Cookie:system@static.getclicky.com/ ]
    crackle.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AYJYQ2LN ]
    objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AYJYQ2LN ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\OCMWUESC.txt [ Cookie:system@liveperson.net/ ]
    C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\Cookies\R0OU4DJC.txt [ Cookie:system@xml.trafficengine.net/ ]
    tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\AYJYQ2LN ]
    C:\DOCUMENTS AND SETTINGS\SCOTT\Cookies\F30ICLEL.txt [ Cookie:scott@adsonar.com/adserving ]
    cdn.insights.gravity.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DLCY7KFJ ]
    ia.media-imdb.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DLCY7KFJ ]
    s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\DLCY7KFJ ]
    .adxpose.com [ C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\PQE7HEZH.DEFAULT\COOKIES.SQLITE ]
    ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    cdn.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    content.yieldmanager.edgesuite.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    crackle.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    ds.serving-sys.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    media.heavy.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    media1.break.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    objects.tremormedia.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    service.twistage.com [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    tag.2bluemedia.hiro.tv [ C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\N9F3D9QK ]
    secure-uk.imrworldwide.com [ C:\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000148\00000147\0\TARGET\DOCUMENTS AND SETTINGS\SCOTT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3UZPFPFV ]
    media.mtvnservices.com [ C:\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000148\00000147\0\TARGET\DOCUMENTS AND SETTINGS\SCOTT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\4ZU4X5K9 ]
    ia.media-imdb.com [ C:\SYSTEM ROLLBACK DATA\RESTORE\ARCHIVE\00000148\00000147\0\TARGET\DOCUMENTS AND SETTINGS\SCOTT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\MPM34N59 ]
    ia.media-imdb.com [ C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\54437\153\TARGET\DOCUMENTS AND SETTINGS\SCOTT\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\5A2WKEKD ]

    Trojan.Agent/Gen-Nullo[Short]
    C:\SYSTEM ROLLBACK DATA\RESTORE\CURRENT\54437\481\TARGET\PROGRAM FILES\SMART-SHOPPER\UNINST.EXE

    System.BrokenFileAssociation
    HKCR\.exe
  5. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    Description of the problems my computer is having:

    Soon after turning the power on and pulling up the windows desktop, I bogus window appears warning of viral infections. It pretends to do four different types of scans and posts results of having found about 10 to 15 problem files. There is a button to "Fix" these issues which leads to a window where the program tries to sell you software. This window is titled "System Check" and the program name "System Check also appears on my Start button.

    You cannot remove the System Check screen and it always appears on the top. Most of my program files are missing from the Start menu and as shortcuts on the desktop. Only the bare minimum is listed, and even if I click on, say, the Internet Explorer shortcut icon -- IE will not start. I figured out that I could access all my old program files by going through my Documents files --- but the System Check screen will remain on top and I have to move it around to read the posts at this site, for example.


    Other warning signs pop up and a series of gray box warnings are posted - one . right on top of the other. These boxes can increase 20 fold while deleting them, and so there seems to be a stack of 100+ of these gray warning boxes.

    The malware replaces the desktop with an entirely new bogus desktop. It does not delete the original program files, it just 'hides' them in the Document folders where one can still access them. However, attempts to access those programs will trigger all these bells and whistles warning of viral infections and generally making it impossible to operate the computer in any useful way.
  6. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    I have tried to run Combofix 3 times and each time it stalled. I will try again tomorrow.
  7. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    ComboFix Log

    I was able to run ComboFix. Below is the log.

    Just so you know, "System Check" still appears as a program listed under my Start Menu. I dare not touch it as that triggers the bogus malware safety screens and other problems as described above.



    ComboFix 12-01-03.08 - Scott 01/03/2012 23:35:54.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.590 [GMT -5:00]
    Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-04 to 2012-01-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-04 04:16 . 2012-01-04 04:16 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E21A864-F80A-45D8-BBC1-37BC32733E71}\offreg.dll
    2012-01-04 00:13 . 2012-01-04 00:13 -------- d-----w- c:\documents and settings\Scott\Application Data\SUPERAntiSpyware.com
    2012-01-04 00:11 . 2012-01-04 00:13 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-01-04 00:11 . 2012-01-04 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-01-03 22:50 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-03 17:13 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1E21A864-F80A-45D8-BBC1-37BC32733E71}\mpengine.dll
    2012-01-03 15:29 . 2012-01-03 15:29 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-03 15:10 . 2012-01-03 15:10 -------- d-----w- C:\WINSSLog
    2012-01-03 14:57 . 2012-01-03 15:13 -------- d-----w- C:\24e7b5ead86baa5ad129324da0
    2012-01-03 12:59 . 2012-01-03 12:59 -------- d-----w- c:\documents and settings\Scott\Application Data\Malwarebytes
    2012-01-03 12:59 . 2012-01-03 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-03 12:41 . 2012-01-03 12:41 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\PackageAware
    2011-12-29 15:49 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2011-12-29 15:49 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2011-12-29 15:49 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2011-12-29 15:49 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2011-12-28 06:35 . 2011-12-28 06:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-12-20 02:11 . 2011-12-29 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2011-12-10 08:51 . 2011-12-10 08:51 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
    2011-12-10 08:43 . 2011-12-10 08:43 -------- d-----w- c:\program files\Common Files\Apple
    2011-12-10 08:43 . 2011-12-10 08:43 -------- d-----w- c:\program files\Apple Software Update
    2011-12-06 02:00 . 2011-11-15 19:29 222080 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-30 22:14 . 2011-05-25 14:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-23 13:25 . 2011-11-23 13:25 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-01 16:07 . 2011-11-01 16:07 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2011-10-28 05:31 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2011-10-25 13:37 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2011-10-25 12:52 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2011-10-18 11:13 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-10-10 14:22 . 2011-10-10 14:22 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-12-21 07:24 . 2011-09-17 09:36 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-06 21755688]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
    "HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
    "Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    .
    c:\documents and settings\Scott\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [5/7/2009 6:32 PM 21488]
    R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [5/7/2009 6:32 PM 15856]
    R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/25/2008 12:09 AM 103792]
    R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [5/7/2009 6:32 PM 25584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/12/2008 12:46 AM 125424]
    R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 2:04 PM 203248]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/24/2010 8:40 PM 113664]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 11:11 AM 39424]
    S1 MpKsl2b7a86e2;MpKsl2b7a86e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85DD5633-FC75-4CB4-BEB1-B8C878C18F50}\MpKsl2b7a86e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85DD5633-FC75-4CB4-BEB1-B8C878C18F50}\MpKsl2b7a86e2.sys [?]
    S1 MpKsld9a1437c;MpKsld9a1437c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C33F2AA9-B934-469C-B0A9-84549F57D63F}\MpKsld9a1437c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C33F2AA9-B934-469C-B0A9-84549F57D63F}\MpKsld9a1437c.sys [?]
    S3 cpuz134;cpuz134;\??\c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [4/1/2010 4:48 PM 103552]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/7/2009 6:23 PM 160256]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    S3 UCORESYS;UCORESYS;c:\swsetup\SP43745\UCORESYS.SYS [7/24/2008 2:16 PM 15432]
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-15 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-01-04 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
    - c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 19:05]
    .
    2012-01-03 c:\windows\Tasks\BackOnTrack Update.job
    - c:\windows\BotInvokeUpdate.exe [2009-07-23 06:41]
    .
    2012-01-04 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Connection Wizard,ShellNext = iexplore
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\5shyoky5.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - user.js: yahoo.homepage.dontask - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-HP BTW Detect Program - c:\program files\HP\HPBTWD.exe
    HKLM-Run-YwAYWnYwRqKS.exe - c:\documents and settings\All Users\Application Data\YwAYWnYwRqKS.exe
    Notify-TPSvc - TPSvc.dll
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-04 00:11
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(808)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\windows\system32\igfxdev.dll
    .
    Completion time: 2012-01-04 00:14:59
    ComboFix-quarantined-files.txt 2012-01-04 05:14
    .
    Pre-Run: 134,702,198,784 bytes free
    Post-Run: 136,017,022,976 bytes free
    .
    - - End Of File - - 2F99B7935CEC408E529407D744567646
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thank you for the information. That helps me help you.

    Please read through all of the directions following before you start. It would help you to follow them if you printed them out: It is important that you ollow the order given for running the programs.
    ========================================
    it is important that you do not delete any files from your Temp folder or use any temp file cleaners.

    1. Download Unhide.exe and save to the desktop.
    • Double-click on Unhide.exe icon to run the program.
    • This program will remove the +H, or hidden, attribute from all the files on your hard drives.
    Note: This does not remove the malware- only the attribute that hides icons and programs. It is important that you continue.
    ================================
    2. Boot into Safe Mode
    • Restart your computer and start pressing the F8 key on your keyboard.
    • Select the Safe Mode with Networking option when the Windows Advanced Opti; ons
      menu appears, using your up/down arrows to reach it and then press ENTER.
    =======================================
    3. To end the processes that belong to the rogue program:
    Please click on RKill
    • At the download page, click on Download now button for iExplore.exe download link and save to the desktop
    • Double click on the iExplore.exe icon
    • Please be patient- it may take a bit.
    • The black Window will close when through and you can continue.
    Note: If you get a message that RKilll is malware, ignore it> it's from the malware.
    =======================================
    Do not reboot your computer after runningRKilll as the malware programs will start again.
    ================================
    4. This malware frequently comes with the TDSSrootkit, so do the following:
    • Download the file TDSSKiller.zip and save to the desktop.
      (If you are unable to download the file for some reason, then TDSS may be blocking it. You would then need to download it first to a clean computer and then transfer it to the infected one using an external drive or USB flash drive.)
    • Right-click the tdsskiller.zip file> Select Extract All into a folder on the infected (or potentially infected) PC.
    • Double click on TDSSKiller.exe. to run the scan
    • When the scan is over, the utility outputs a list of detected objects with description.
      The utility automatically selects an action (Cure or Delete) for malicious objects.
      The utility prompts the user to select an action to apply to suspicious objects (Skip, by default).
    • Select the action Quarantine to quarantine detected objects.
      The default quarantine folder is in the system disk root folder, e.g.: C:\TDSSKiller_Quarantine\23.07.2010_15.31.43
    • After clicking Next, the utility applies selected actions and outputs the result.
    • A reboot is required after disinfection.
    ====================================
    If TDSSKiller requires you to reboot, please allow it to do so. After you reboot, reboot back into Safe Mode with Networking again
    ====================================
    5. Update and rescan with Malwarebytes:
    • Select Perform Full Scan on the Scanner tab
    • Click on the Scan button.
    • When scan has finished, you will see this image:
      [​IMG]
    • Click on OK to close box and continue.
    • Click on the Show Results button.
    • Click on the Remove Selected button to remove all the listed malware.
    • At end of malware removal, the scan log opens and displays in Notepad. Be sure to click on Format>Uncheckk Word Wrap before copying the log to paste in your next reply.
    ==============================
    6. Correct Display Changes if needed:
    If the desktop background is black or if the theme has been removed:
    For Windows XP: Click on Start> Control Panel> Display> change theme and/or background if needed.
    For Windows Vista or Windows 7: Click on Start> Control Panel> Appearance & Personalization> Select Change Theme or Change Desktop Background
    =====================================
    You can now reboot back into Normal Mode
    ====================================
    I'll have some script for entries to remove in Combofix when this is complete. Please leave all logs in your next reply.
  9. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    I performed all the actions you listed. Here is the MalwareBytes log:


    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.03.04

    Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
    Internet Explorer 8.0.6001.18702
    Administrator :: PC279151865318 [administrator]

    1/4/2012 6:08:01 PM
    mbam-log-2012-01-04 (18-08-01).txt

    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 452419
    Time elapsed: 2 hour(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Questions:
    1. Where is the TDSSKiller log?
    2. Are all the 'missing icons,, program files, etc. now visible and working?
    3. Did you have any Display problem- #6?
    4. Some items may not show on the Start menu. To add them back:
    • Right click on Start> Properties
    • Taskbar and Start Menu Properties screen appears
    • Choose Start Menu tab> Click on Customize
    • For Windows XP> Choose Advanced tab
    • Check the items you want back on the Start Menu
    • When finished> click on OK> Apply and close.
    5. Are any of the malware problems you experienced remaining? If so, what?
    6. Why don't you have any System Restore Points?
    7. It looks like the malware disabled the Logoff function and also Disabled.TaskManager. Can you use these features now?
    =================================
    You should reboot back into Normal Mode at this point.
    ==================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ================================
    First, set up a Directory for HijackThis as follows:
    Right click Taskbar> Explore> My Computer> Local Drive (C)> File> New> Folder> Name folder HijackThis
    Exit Explorer
    You now have a folder C:\HijackThis
    -----------------------------------------
    Download HijackThis and save to your desktop.
    • Click on the HJT icon> 'Extract all files'> Extraction Wizard> Click on Browse to right of dialogue box that says 'Select a folder'
    • Extract it to the directory on your hard drive you created C:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and paste (Ctrl+V) the log in your next reply.
    NOTE: Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
    ====================================
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system. Current version on this date is v6u30
    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download..
    ==================================
    Please update the Adobe Reader: Adobe Reader Update . Uninstall any earlier updates as they are vulnerabilities. Current version on this date is v10.xxx.
    =================================
    Reset Cookies to prevent Tracking Cookies:
    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    =====================================
    Answer my questions and do the additional instructions. Combofix script should bring the problem to an end..
  11. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    1. Where is the TDSSKiller.log?

    Answer: I pasted it below. It is not clear that you wanted this because Item Number 4 above does not contain any specific request for that particular log (as appears in Item Number 6, for example).


    18:03:07.0671 0364 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
    18:03:08.0218 0364 ============================================================
    18:03:08.0218 0364 Current date / time: 2012/01/04 18:03:08.0218
    18:03:08.0218 0364 SystemInfo:
    18:03:08.0218 0364
    18:03:08.0218 0364 OS Version: 5.1.2600 ServicePack: 3.0
    18:03:08.0218 0364 Product type: Workstation
    18:03:08.0218 0364 ComputerName: PC279151865318
    18:03:08.0234 0364 UserName: Administrator
    18:03:08.0234 0364 Windows directory: C:\WINDOWS
    18:03:08.0234 0364 System windows directory: C:\WINDOWS
    18:03:08.0234 0364 Processor architecture: Intel x86
    18:03:08.0234 0364 Number of processors: 2
    18:03:08.0234 0364 Page size: 0x1000
    18:03:08.0234 0364 Boot type: Safe boot with network
    18:03:08.0234 0364 ============================================================
    18:03:11.0078 0364 Initialize success
    18:03:26.0328 1032 ============================================================
    18:03:26.0328 1032 Scan started
    18:03:26.0328 1032 Mode: Manual;
    18:03:26.0328 1032 ============================================================
    18:03:28.0109 1032 Abiosdsk - ok
    18:03:28.0171 1032 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    18:03:28.0171 1032 abp480n5 - ok
    18:03:28.0218 1032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    18:03:28.0218 1032 ACPI - ok
    18:03:28.0250 1032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
    18:03:28.0250 1032 ACPIEC - ok
    18:03:28.0296 1032 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    18:03:28.0296 1032 adpu160m - ok
    18:03:28.0375 1032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
    18:03:28.0390 1032 aec - ok
    18:03:28.0453 1032 AESTAud (822d53766d57c90c437536232ece9023) C:\WINDOWS\system32\drivers\AESTAud.sys
    18:03:28.0453 1032 AESTAud - ok
    18:03:28.0515 1032 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
    18:03:28.0515 1032 AFD - ok
    18:03:28.0546 1032 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
    18:03:28.0546 1032 agp440 - ok
    18:03:28.0578 1032 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    18:03:28.0578 1032 agpCPQ - ok
    18:03:28.0609 1032 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
    18:03:28.0609 1032 Aha154x - ok
    18:03:28.0640 1032 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    18:03:28.0656 1032 aic78u2 - ok
    18:03:28.0687 1032 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    18:03:28.0687 1032 aic78xx - ok
    18:03:28.0750 1032 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
    18:03:28.0750 1032 AliIde - ok
    18:03:28.0781 1032 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
    18:03:28.0781 1032 alim1541 - ok
    18:03:28.0812 1032 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
    18:03:28.0812 1032 amdagp - ok
    18:03:28.0843 1032 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
    18:03:28.0859 1032 amsint - ok
    18:03:28.0906 1032 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
    18:03:28.0921 1032 Arp1394 - ok
    18:03:28.0937 1032 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
    18:03:28.0937 1032 asc - ok
    18:03:28.0968 1032 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    18:03:28.0968 1032 asc3350p - ok
    18:03:29.0015 1032 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
    18:03:29.0015 1032 asc3550 - ok
    18:03:29.0093 1032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    18:03:29.0093 1032 AsyncMac - ok
    18:03:29.0156 1032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
    18:03:29.0156 1032 atapi - ok
    18:03:29.0203 1032 Atdisk - ok
    18:03:29.0234 1032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    18:03:29.0234 1032 Atmarpc - ok
    18:03:29.0281 1032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    18:03:29.0296 1032 audstub - ok
    18:03:29.0468 1032 BCM43XX (181153dd2c704bf17981f5ae190ba7e8) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
    18:03:29.0578 1032 BCM43XX - ok
    18:03:29.0593 1032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    18:03:29.0593 1032 Beep - ok
    18:03:29.0859 1032 catchme - ok
    18:03:29.0890 1032 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    18:03:29.0890 1032 cbidf - ok
    18:03:29.0921 1032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    18:03:29.0921 1032 cbidf2k - ok
    18:03:30.0031 1032 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    18:03:30.0046 1032 CCDECODE - ok
    18:03:30.0078 1032 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    18:03:30.0078 1032 cd20xrnt - ok
    18:03:30.0109 1032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    18:03:30.0109 1032 Cdaudio - ok
    18:03:30.0156 1032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
    18:03:30.0156 1032 Cdfs - ok
    18:03:30.0203 1032 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    18:03:30.0218 1032 Cdrom - ok
    18:03:30.0234 1032 Changer - ok
    18:03:30.0312 1032 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
    18:03:30.0312 1032 CmBatt - ok
    18:03:30.0359 1032 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
    18:03:30.0359 1032 CmdIde - ok
    18:03:30.0421 1032 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
    18:03:30.0421 1032 Compbatt - ok
    18:03:30.0484 1032 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    18:03:30.0484 1032 Cpqarray - ok
    18:03:30.0703 1032 cpuz134 - ok
    18:03:30.0750 1032 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    18:03:30.0750 1032 dac2w2k - ok
    18:03:30.0781 1032 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    18:03:30.0781 1032 dac960nt - ok
    18:03:30.0843 1032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
    18:03:30.0843 1032 Disk - ok
    18:03:30.0937 1032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
    18:03:30.0984 1032 dmboot - ok
    18:03:31.0015 1032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
    18:03:31.0015 1032 dmio - ok
    18:03:31.0046 1032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    18:03:31.0046 1032 dmload - ok
    18:03:31.0140 1032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
    18:03:31.0140 1032 DMusic - ok
    18:03:31.0187 1032 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    18:03:31.0187 1032 dpti2o - ok
    18:03:31.0234 1032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
    18:03:31.0234 1032 drmkaud - ok
    18:03:31.0359 1032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
    18:03:31.0359 1032 Fastfat - ok
    18:03:31.0421 1032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
    18:03:31.0421 1032 Fdc - ok
    18:03:31.0437 1032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
    18:03:31.0453 1032 Fips - ok
    18:03:31.0468 1032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
    18:03:31.0468 1032 Flpydisk - ok
    18:03:31.0500 1032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
    18:03:31.0515 1032 FltMgr - ok
    18:03:31.0562 1032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    18:03:31.0562 1032 Fs_Rec - ok
    18:03:31.0593 1032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    18:03:31.0593 1032 Ftdisk - ok
    18:03:31.0625 1032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    18:03:31.0640 1032 Gpc - ok
    18:03:31.0671 1032 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    18:03:31.0671 1032 HDAudBus - ok
    18:03:31.0796 1032 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    18:03:31.0796 1032 HidUsb - ok
    18:03:31.0859 1032 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
    18:03:31.0859 1032 hpn - ok
    18:03:31.0968 1032 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
    18:03:31.0984 1032 HTTP - ok
    18:03:32.0078 1032 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
    18:03:32.0093 1032 i2omgmt - ok
    18:03:32.0109 1032 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
    18:03:32.0125 1032 i2omp - ok
    18:03:32.0203 1032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    18:03:32.0203 1032 i8042prt - ok
    18:03:32.0500 1032 ialm (48846b31be5a4fa662ccfde7a1ba86b9) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    18:03:32.0703 1032 ialm - ok
    18:03:32.0781 1032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
    18:03:32.0781 1032 Imapi - ok
    18:03:32.0843 1032 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
    18:03:32.0843 1032 ini910u - ok
    18:03:32.0890 1032 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
    18:03:32.0890 1032 IntelIde - ok
    18:03:32.0921 1032 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    18:03:32.0921 1032 intelppm - ok
    18:03:32.0953 1032 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
    18:03:32.0953 1032 Ip6Fw - ok
    18:03:32.0984 1032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    18:03:32.0984 1032 IpFilterDriver - ok
    18:03:33.0015 1032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    18:03:33.0031 1032 IpInIp - ok
    18:03:33.0062 1032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    18:03:33.0062 1032 IpNat - ok
    18:03:33.0109 1032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    18:03:33.0125 1032 IPSec - ok
    18:03:33.0140 1032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
    18:03:33.0140 1032 IRENUM - ok
    18:03:33.0218 1032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    18:03:33.0218 1032 isapnp - ok
    18:03:33.0296 1032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    18:03:33.0296 1032 Kbdclass - ok
    18:03:33.0343 1032 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
    18:03:33.0343 1032 kmixer - ok
    18:03:33.0390 1032 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
    18:03:33.0390 1032 KSecDD - ok
    18:03:33.0437 1032 L1c (140f9b777fa84e2f5eeea5cadc112e53) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys
    18:03:33.0453 1032 L1c - ok
    18:03:33.0500 1032 lbrtfdc - ok
    18:03:33.0593 1032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    18:03:33.0593 1032 mnmdd - ok
    18:03:33.0671 1032 MobileAdapter (83c97f6d9feb37af9d785ac099e41a42) C:\WINDOWS\system32\DRIVERS\qscnusb.sys
    18:03:33.0671 1032 MobileAdapter - ok
    18:03:33.0718 1032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
    18:03:33.0718 1032 Modem - ok
    18:03:33.0765 1032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    18:03:33.0765 1032 Mouclass - ok
    18:03:33.0812 1032 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    18:03:33.0828 1032 mouhid - ok
    18:03:33.0875 1032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
    18:03:33.0890 1032 MountMgr - ok
    18:03:33.0953 1032 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
    18:03:33.0953 1032 MpFilter - ok
    18:03:34.0093 1032 MpKsl2b7a86e2 - ok
    18:03:34.0109 1032 MpKsld9a1437c - ok
    18:03:34.0171 1032 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    18:03:34.0171 1032 mraid35x - ok
    18:03:34.0203 1032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    18:03:34.0203 1032 MRxDAV - ok
    18:03:34.0281 1032 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    18:03:34.0296 1032 MRxSmb - ok
    18:03:34.0343 1032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
    18:03:34.0343 1032 Msfs - ok
    18:03:34.0421 1032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    18:03:34.0421 1032 MSKSSRV - ok
    18:03:34.0484 1032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    18:03:34.0484 1032 MSPCLOCK - ok
    18:03:34.0531 1032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
    18:03:34.0531 1032 MSPQM - ok
    18:03:34.0578 1032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    18:03:34.0578 1032 mssmbios - ok
    18:03:34.0593 1032 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
    18:03:34.0593 1032 MSTEE - ok
    18:03:34.0640 1032 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
    18:03:34.0640 1032 Mup - ok
    18:03:34.0671 1032 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    18:03:34.0687 1032 NABTSFEC - ok
    18:03:34.0765 1032 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
    18:03:34.0765 1032 NDIS - ok
    18:03:34.0781 1032 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    18:03:34.0796 1032 NdisIP - ok
    18:03:34.0859 1032 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    18:03:34.0859 1032 NdisTapi - ok
    18:03:34.0890 1032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    18:03:34.0890 1032 Ndisuio - ok
    18:03:34.0921 1032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    18:03:34.0921 1032 NdisWan - ok
    18:03:35.0000 1032 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
    18:03:35.0000 1032 NDProxy - ok
    18:03:35.0046 1032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
    18:03:35.0062 1032 NetBIOS - ok
    18:03:35.0078 1032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
    18:03:35.0093 1032 NetBT - ok
    18:03:35.0203 1032 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
    18:03:35.0203 1032 NIC1394 - ok
    18:03:35.0234 1032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
    18:03:35.0234 1032 Npfs - ok
    18:03:35.0296 1032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
    18:03:35.0312 1032 Ntfs - ok
    18:03:35.0359 1032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    18:03:35.0375 1032 Null - ok
    18:03:35.0390 1032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    18:03:35.0406 1032 NwlnkFlt - ok
    18:03:35.0437 1032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    18:03:35.0437 1032 NwlnkFwd - ok
    18:03:35.0484 1032 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
    18:03:35.0484 1032 ohci1394 - ok
    18:03:35.0562 1032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
    18:03:35.0562 1032 Parport - ok
    18:03:35.0593 1032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
    18:03:35.0593 1032 PartMgr - ok
    18:03:35.0625 1032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    18:03:35.0625 1032 ParVdm - ok
    18:03:35.0687 1032 PCASp50 - ok
    18:03:35.0750 1032 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
    18:03:35.0750 1032 PCI - ok
    18:03:35.0781 1032 PCIDump - ok
    18:03:35.0812 1032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    18:03:35.0812 1032 PCIIde - ok
    18:03:35.0843 1032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
    18:03:35.0859 1032 Pcmcia - ok
    18:03:35.0875 1032 PDCOMP - ok
    18:03:35.0906 1032 PDFRAME - ok
    18:03:35.0937 1032 PDRELI - ok
    18:03:35.0968 1032 PDRFRAME - ok
    18:03:36.0031 1032 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
    18:03:36.0031 1032 perc2 - ok
    18:03:36.0046 1032 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    18:03:36.0046 1032 perc2hib - ok
    18:03:36.0203 1032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    18:03:36.0203 1032 PptpMiniport - ok
    18:03:36.0234 1032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
    18:03:36.0250 1032 PSched - ok
    18:03:36.0265 1032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    18:03:36.0281 1032 Ptilink - ok
    18:03:36.0343 1032 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    18:03:36.0343 1032 PxHelp20 - ok
    18:03:36.0375 1032 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
    18:03:36.0375 1032 ql1080 - ok
    18:03:36.0421 1032 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    18:03:36.0437 1032 Ql10wnt - ok
    18:03:36.0468 1032 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
    18:03:36.0468 1032 ql12160 - ok
    18:03:36.0500 1032 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
    18:03:36.0500 1032 ql1240 - ok
    18:03:36.0531 1032 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
    18:03:36.0531 1032 ql1280 - ok
    18:03:36.0562 1032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    18:03:36.0578 1032 RasAcd - ok
    18:03:36.0609 1032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    18:03:36.0625 1032 Rasl2tp - ok
    18:03:36.0671 1032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    18:03:36.0671 1032 RasPppoe - ok
    18:03:36.0703 1032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    18:03:36.0703 1032 Raspti - ok
    18:03:36.0734 1032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    18:03:36.0750 1032 Rdbss - ok
    18:03:36.0765 1032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    18:03:36.0765 1032 RDPCDD - ok
    18:03:36.0812 1032 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    18:03:36.0828 1032 rdpdr - ok
    18:03:36.0906 1032 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
    18:03:36.0921 1032 RDPWD - ok
    18:03:36.0968 1032 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
    18:03:36.0968 1032 redbook - ok
    18:03:37.0109 1032 RSUSBSTOR (030442f08aec1a5d7cf035cc514374b9) C:\WINDOWS\system32\Drivers\RTS5121.sys
    18:03:37.0109 1032 RSUSBSTOR - ok
    18:03:37.0140 1032 Rts516xIR - ok
    18:03:37.0218 1032 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
    18:03:37.0218 1032 SahdIa32 - ok
    18:03:37.0265 1032 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
    18:03:37.0265 1032 SaibIa32 - ok
    18:03:37.0328 1032 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
    18:03:37.0328 1032 SaibVd32 - ok
    18:03:37.0468 1032 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    18:03:37.0468 1032 SASDIFSV - ok
    18:03:37.0515 1032 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
    18:03:37.0531 1032 SASKUTIL - ok
    18:03:37.0609 1032 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
    18:03:37.0609 1032 sdbus - ok
    18:03:37.0640 1032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    18:03:37.0640 1032 Secdrv - ok
    18:03:37.0734 1032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
    18:03:37.0734 1032 Serial - ok
    18:03:37.0812 1032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
    18:03:37.0812 1032 Sfloppy - ok
    18:03:37.0859 1032 Simbad - ok
    18:03:37.0890 1032 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
    18:03:37.0890 1032 sisagp - ok
    18:03:37.0953 1032 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    18:03:37.0953 1032 SLIP - ok
    18:03:38.0000 1032 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
    18:03:38.0015 1032 Sparrow - ok
    18:03:38.0093 1032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
    18:03:38.0093 1032 splitter - ok
    18:03:38.0140 1032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
    18:03:38.0140 1032 sr - ok
    18:03:38.0250 1032 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
    18:03:38.0250 1032 Srv - ok
    18:03:38.0406 1032 STHDA (4f500b19d3e5e7d0ffb4488e404a95b4) C:\WINDOWS\system32\drivers\sthda.sys
    18:03:38.0468 1032 STHDA - ok
    18:03:38.0531 1032 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    18:03:38.0531 1032 streamip - ok
    18:03:38.0593 1032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
    18:03:38.0593 1032 swenum - ok
    18:03:38.0671 1032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
    18:03:38.0671 1032 swmidi - ok
    18:03:38.0734 1032 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
    18:03:38.0734 1032 symc810 - ok
    18:03:38.0765 1032 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    18:03:38.0765 1032 symc8xx - ok
    18:03:38.0796 1032 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    18:03:38.0796 1032 sym_hi - ok
    18:03:38.0828 1032 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    18:03:38.0828 1032 sym_u3 - ok
    18:03:38.0890 1032 SynTP (8da49473f997d4c5d821f1e358f94f2d) C:\WINDOWS\system32\DRIVERS\SynTP.sys
    18:03:38.0890 1032 SynTP - ok
    18:03:38.0953 1032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
    18:03:38.0953 1032 sysaudio - ok
    18:03:39.0031 1032 SysCow (806284d876063ce0395c178124e708d3) C:\WINDOWS\system32\drivers\syscow32x.sys
    18:03:39.0031 1032 SysCow - ok
    18:03:39.0156 1032 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    18:03:39.0156 1032 Tcpip - ok
    18:03:39.0187 1032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
    18:03:39.0187 1032 TDPIPE - ok
    18:03:39.0218 1032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
    18:03:39.0218 1032 TDTCP - ok
    18:03:39.0265 1032 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
    18:03:39.0265 1032 TermDD - ok
    18:03:39.0328 1032 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
    18:03:39.0328 1032 TosIde - ok
    18:03:39.0468 1032 UCORESYS (9555d36fb21b993e5c4b98c2fc2b3671) c:\swsetup\SP43745\UCORESYS.SYS
    18:03:39.0468 1032 UCORESYS - ok
    18:03:39.0515 1032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
    18:03:39.0515 1032 Udfs - ok
    18:03:39.0531 1032 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
    18:03:39.0546 1032 ultra - ok
    18:03:39.0593 1032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
    18:03:39.0609 1032 Update - ok
    18:03:39.0671 1032 USBAAPL - ok
    18:03:39.0734 1032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    18:03:39.0734 1032 usbccgp - ok
    18:03:39.0750 1032 USBCCID - ok
    18:03:39.0828 1032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    18:03:39.0828 1032 usbehci - ok
    18:03:39.0875 1032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    18:03:39.0875 1032 usbhub - ok
    18:03:39.0937 1032 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    18:03:39.0937 1032 USBSTOR - ok
    18:03:40.0000 1032 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    18:03:40.0000 1032 usbuhci - ok
    18:03:40.0062 1032 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
    18:03:40.0078 1032 usbvideo - ok
    18:03:40.0125 1032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
    18:03:40.0125 1032 VgaSave - ok
    18:03:40.0187 1032 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
    18:03:40.0187 1032 viaagp - ok
    18:03:40.0218 1032 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
    18:03:40.0218 1032 ViaIde - ok
    18:03:40.0250 1032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
    18:03:40.0250 1032 VolSnap - ok
    18:03:40.0359 1032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    18:03:40.0359 1032 Wanarp - ok
    18:03:40.0437 1032 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    18:03:40.0453 1032 Wdf01000 - ok
    18:03:40.0468 1032 WDICA - ok
    18:03:40.0546 1032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
    18:03:40.0562 1032 wdmaud - ok
    18:03:40.0703 1032 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
    18:03:40.0703 1032 WmiAcpi - ok
    18:03:40.0859 1032 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    18:03:40.0859 1032 WSTCODEC - ok
    18:03:40.0906 1032 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    18:03:40.0906 1032 WudfPf - ok
    18:03:40.0937 1032 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    18:03:40.0937 1032 WudfRd - ok
    18:03:41.0078 1032 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    18:03:41.0140 1032 \Device\Harddisk0\DR0 - ok
    18:03:41.0156 1032 MBR (0x1B8) (66d0b28c8b44e531d0c19f436252abaa) \Device\Harddisk1\DR2
    18:03:41.0171 1032 \Device\Harddisk1\DR2 - ok
    18:03:41.0187 1032 Boot (0x1200) (74b5248a06e270fe7cf21a77587ecc61) \Device\Harddisk0\DR0\Partition0
    18:03:41.0203 1032 \Device\Harddisk0\DR0\Partition0 - ok
    18:03:41.0234 1032 Boot (0x1200) (17832f46967eb82096d34eb6bc36f55b) \Device\Harddisk1\DR2\Partition0
    18:03:41.0234 1032 \Device\Harddisk1\DR2\Partition0 - ok
    18:03:41.0234 1032 ============================================================
    18:03:41.0250 1032 Scan finished
    18:03:41.0250 1032 ============================================================
    18:03:41.0296 1348 Detected object count: 0
    18:03:41.0296 1348 Actual detected object count: 0
    18:04:44.0375 0628 Deinitialize success



    2. Are all the 'missing icons,, program files, etc. now visible and working?

    Answer: Yes. Also, there is a "System Check" Icon on my Desktop and listed in my Program Files. When I right click on it, it is a shortcut to:

    "C:\Documents and Settings\All Users\Application Data\aCiKSOMZN5QN92.exe"

    A box labelled "Problem with the shortcut" appears. It says the file listed above is not valid and does not appear at that location.


    3. 3. Did you have any Display problem- #6?

    Answer: No


    4. Some items may not show on the Start menu. To add them back: (etc. . . )

    Answer: I did not have any items to add back.

    5. 5. Are any of the malware problems you experienced remaining? If so, what?

    Answer: As far as I can tell, No


    6. 6. Why don't you have any System Restore Points?

    System Restore has been turned off. I believe the reason why it is off is because I also have the program Roxio BackOnTrack. I think Windows told me to use one or the other, but not both.


    7. 7. It looks like the malware disabled the Logoff function and also Disabled.TaskManager. Can you use these features now?

    Yes, I am able to Log Off and pull up the Windows TaskManager.


    I will post any additional logs in my next Reply..


    Thanks!
     
  12. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    Below is the ESETLog:

    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\3fe7f413-45cbc2a6 Java/Exploit.CVE-2011-3544.P trojan
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\3e5f79d9-70598a4c Java/Exploit.CVE-2011-3544.P trojan
    C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\10\62c547ca-1e1c0241 multiple threats
    C:\Documents and Settings\Scott\My Documents\Downloads\jZipV1c.exe multiple threats
  13. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    HiJackThis Log:



    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 2:20:44 PM, on 1/8/2012
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\wdm\STacSV.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\AESTFltr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\syncables\syncables desktop\Syncables.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Program Files\syncables\syncables desktop\MigoMapi.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\WINDOWS\BotInvokeUpdate.exe
    C:\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0559.0\msneshellx.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [HP Mobile Broadband] c:\SWsetup\HPQWWAN\HPMobileBroadband.exe /TrayMode
    O4 - HKLM\..\Run: [Syncables] C:\Program Files\syncables\syncables desktop\Syncables.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "c:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
    O23 - Service: BOTService - Sonic Solutions - C:\Program Files\Roxio\BackOnTrack\Instant Restore\BOTService.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe

    --
    End of file - 8266 bytes
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    All but one of the entries in Eset are in the Java cache. That usually happens when there is an old version of Java. I left instructions to update Java. You should only have Java v6u30 installed.

    Please review my instructions in Reply #10 re Java, Adobe Reader, Reset Cookies. You have not done the first 2- I don''t know if you reset the Cookies.
    ==============================
    Uninstall System Check if in Add/Remove Programs. Do a right click> Delete on the file on the desktop. I am going to add the file into Combofix in case it won't let you delete it.
    ==============================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\3fe7f413-45cbc2a6 
      C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\3e5f79d9-70598a4c 
      C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\10\62c547ca-1e1c0241 
      C:\Documents and Settings\Scott\My Documents\Downloads\jZipV1c.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ============================================
    Please reopen HijackThis to 'do system scan only.' Check each of the following- if present:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    Close All Windows except HijackThis and click on "Fix Checked"
    ===========================================
    Click on Start> Run> type in services.msc> Enter> Double click on Messenger> Change Startup Type to Disabled> Stop the Service> Close and exit Services.

    Click on Windows key + E> Double click on Local Drive (C)> Programs> Look for Messenger> Do a right click> Rename> Add 'old' to read messengerold> Apply> OK
    ===========================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    KillAll::
    File::
    c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Documents and Settings\All Users\Application Data\aCiKSOMZN5QN92.exe"
    Folder::
    C:\24e7b5ead86baa5ad129324da0
    DDS::
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
    uInternet Connection Wizard,ShellNext = iexplore
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: URLRedirectionBHO - No File
    Run: [YwAYWnYwRqKS.exe] c:\documents and settings\all users\application data\YwAYWnYwRqKS.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    Filter: text/html - {c728c8d1-9a8f-4606-a9c7-38756772d8cb} - 
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Leave log from OTM and new Combofix log in next reply. Let me know how the system is doing.
    ===================
    You might want to take a look at the posts HERE and HERE for information about the SYSTEM ROLLBACK DATA for the Roxio BackOnTrack.
  15. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    "All but one of the entries in Eset are in the Java cache. That usually happens when there is an old version of Java. I left instructions to update Java. You should only have Java v6u30 installed.

    Please review my instructions in Reply #10 re Java, Adobe Reader, Reset Cookies. You have not done the first 2- I don''t know if you reset the Cookies."


    In Reply #10 above, I was instructed to run Eset and to generate an Eset log before the instruction to remove older versions of Java and Adobe Reader. This would explain why there might be an old version of Java.

    I verified that I have Java Version 6, Update 30 installed. I have Adobe Reader X Version 10.1.1 installed. I reset the Cookies pursuant to your instructions.

    System Check is not listed in Add/Remove Programs. I right-clicked and deleted "System Check" from my desk top.



    OT Movit Log:


    All processes killed
    ========== FILES ==========
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\19\3fe7f413-45cbc2a6 moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\25\3e5f79d9-70598a4c moved successfully.
    C:\Documents and Settings\Scott\Application Data\Sun\Java\Deployment\cache\6.0\10\62c547ca-1e1c0241 moved successfully.
    C:\Documents and Settings\Scott\My Documents\Downloads\jZipV1c.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8541138 bytes
    ->FireFox cache emptied: 20545917 bytes
    ->Flash cache emptied: 456 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes
    ->Flash cache emptied: 321 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 8487046 bytes
    ->Flash cache emptied: 10680 bytes

    User: Mark
    ->Temp folder emptied: 2000663 bytes
    ->Temporary Internet Files folder emptied: 69027635 bytes
    ->Java cache emptied: 7140 bytes
    ->FireFox cache emptied: 10212532 bytes
    ->Flash cache emptied: 6288 bytes

    User: NetworkService
    ->Temp folder emptied: 66574 bytes
    ->Temporary Internet Files folder emptied: 9093254 bytes
    ->Java cache emptied: 19241 bytes
    ->Flash cache emptied: 19717 bytes

    User: Scott
    ->Temp folder emptied: 33317304 bytes
    ->Temporary Internet Files folder emptied: 20036889 bytes
    ->Java cache emptied: 37932791 bytes
    ->FireFox cache emptied: 1088788417 bytes
    ->Flash cache emptied: 1272 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 19569 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4135491 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 15250844 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 151590 bytes
    RecycleBin emptied: 835 bytes

    Total Files Cleaned = 1,266.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 01142012_053456

    Files moved on Reboot...
    C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.

    Registry entries deleted on Reboot...






    More logs to follow
  16. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    ComboFix 12-01-13.05 - Scott 01/14/2012 6:36.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.497 [GMT -5:00]
    Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Scott\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    FILE ::
    "c:\documents and settings\All Users\Application Data\aCiKSOMZN5QN92.exe"
    "c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe"
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\24e7b5ead86baa5ad129324da0
    c:\24e7b5ead86baa5ad129324da0\compappscontent.dll
    c:\24e7b5ead86baa5ad129324da0\en-us\amhelp.chm
    c:\24e7b5ead86baa5ad129324da0\en-us\epploc.cab
    c:\24e7b5ead86baa5ad129324da0\en-us\epploc_x86.msi
    c:\24e7b5ead86baa5ad129324da0\en-us\eula.rtf
    c:\24e7b5ead86baa5ad129324da0\en-us\setupres.dll.mui
    c:\24e7b5ead86baa5ad129324da0\epplauncher.exe
    c:\24e7b5ead86baa5ad129324da0\eppmanifest.dll
    c:\24e7b5ead86baa5ad129324da0\setup.ini
    c:\24e7b5ead86baa5ad129324da0\setupres.dll
    c:\24e7b5ead86baa5ad129324da0\x86\dw20shared.msi
    c:\24e7b5ead86baa5ad129324da0\x86\epp.msi
    c:\24e7b5ead86baa5ad129324da0\x86\legitlib.dll
    c:\24e7b5ead86baa5ad129324da0\x86\mp_ambits.msi
    c:\24e7b5ead86baa5ad129324da0\x86\setup.exe
    c:\24e7b5ead86baa5ad129324da0\x86\sqmapi.dll
    c:\24e7b5ead86baa5ad129324da0\x86\windows6.0-kb981889-v2.msu
    c:\24e7b5ead86baa5ad129324da0\x86\windows6.1-kb981889.msu
    c:\documents and settings\Scott\Start Menu\Programs\System Check
    c:\documents and settings\Scott\Start Menu\Programs\System Check\System Check.lnk
    c:\documents and settings\Scott\Start Menu\Programs\System Check\Uninstall System Check.lnk
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-14 11:48 . 2012-01-14 11:48 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A0A99EB-4B82-49AC-8CFC-0F86912F1539}\offreg.dll
    2012-01-14 10:58 . 2012-01-14 10:58 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A0A99EB-4B82-49AC-8CFC-0F86912F1539}\MpKslbf7851de.sys
    2012-01-14 10:34 . 2012-01-14 10:34 -------- d-----w- C:\_OTM
    2012-01-14 10:21 . 2012-01-14 10:21 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Temp
    2012-01-14 09:53 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A0A99EB-4B82-49AC-8CFC-0F86912F1539}\mpengine.dll
    2012-01-08 19:45 . 2012-01-08 19:46 -------- d-----w- c:\program files\Common Files\Adobe
    2012-01-08 19:35 . 2012-01-08 19:35 -------- d-----w- c:\program files\Common Files\Java
    2012-01-08 19:34 . 2012-01-08 19:33 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2012-01-08 19:01 . 2012-01-14 11:14 -------- d-----w- C:\HijackThis
    2012-01-08 16:35 . 2012-01-08 16:35 -------- d-----w- c:\program files\ESET
    2012-01-05 01:50 . 2011-11-30 07:21 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-01-04 22:36 . 2012-01-04 22:46 -------- d-----w- c:\documents and settings\Administrator
    2012-01-04 03:39 . 2012-01-04 03:39 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\IsolatedStorage
    2012-01-04 00:13 . 2012-01-04 00:13 -------- d-----w- c:\documents and settings\Scott\Application Data\SUPERAntiSpyware.com
    2012-01-04 00:11 . 2012-01-04 00:13 -------- d-----w- c:\program files\SUPERAntiSpyware
    2012-01-04 00:11 . 2012-01-04 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2012-01-03 22:50 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-03 15:29 . 2012-01-03 15:29 -------- d-----w- c:\program files\Microsoft Security Client
    2012-01-03 15:10 . 2012-01-03 15:10 -------- d-----w- C:\WINSSLog
    2012-01-03 12:59 . 2012-01-03 12:59 -------- d-----w- c:\documents and settings\Scott\Application Data\Malwarebytes
    2012-01-03 12:59 . 2012-01-03 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2012-01-03 12:41 . 2012-01-03 12:41 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\PackageAware
    2011-12-29 15:49 . 2011-12-21 07:24 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
    2011-12-29 15:49 . 2011-12-21 04:30 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
    2011-12-29 15:49 . 2011-12-21 04:30 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
    2011-12-29 15:49 . 2011-12-21 04:30 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
    2011-12-28 06:35 . 2011-12-28 06:35 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
    2011-12-20 02:11 . 2011-12-29 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-01-08 19:33 . 2011-03-28 19:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-11-30 22:14 . 2011-05-25 14:31 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-11-25 21:57 . 2011-11-25 21:57 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-11-23 13:25 . 2011-11-23 13:25 1859584 ----a-w- c:\windows\system32\win32k.sys
    2011-11-18 12:35 . 2011-11-18 12:35 60416 ----a-w- c:\windows\system32\packager.exe
    2011-11-15 19:29 . 2011-12-06 02:00 222080 ------w- c:\windows\system32\MpSigStub.exe
    2011-11-04 19:20 . 2011-12-15 00:44 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-04 19:20 . 2011-12-15 00:44 916992 ----a-w- c:\windows\system32\wininet.dll
    2011-11-04 19:20 . 2011-12-15 00:44 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-11-04 11:23 . 2011-12-15 00:44 385024 ----a-w- c:\windows\system32\html.iec
    2011-11-03 15:28 . 2011-11-03 15:28 386048 ----a-w- c:\windows\system32\qdvd.dll
    2011-11-03 15:28 . 2011-11-03 15:28 1292288 ----a-w- c:\windows\system32\quartz.dll
    2011-11-01 16:07 . 2011-11-01 16:07 1288704 ----a-w- c:\windows\system32\ole32.dll
    2011-10-28 05:31 . 2011-10-28 05:31 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-10-25 13:37 . 2011-10-25 13:37 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-10-25 12:52 . 2011-10-25 12:52 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2011-10-18 11:13 . 2011-10-18 11:13 186880 ----a-w- c:\windows\system32\encdec.dll
    2011-12-21 07:24 . 2011-09-17 09:36 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-01-04_05.11.20 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-01-14 11:48 . 2012-01-14 11:48 16384 c:\windows\temp\Perflib_Perfdata_e8.dat
    - 2008-06-25 01:26 . 2011-11-30 22:16 71910 c:\windows\system32\perfc009.dat
    + 2008-06-25 01:26 . 2012-01-05 02:54 71910 c:\windows\system32\perfc009.dat
    + 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\mciseq.dll
    - 2008-04-15 12:00 . 2008-04-15 12:00 23040 c:\windows\system32\mciseq.dll
    + 2011-11-18 12:35 . 2011-11-18 12:35 60416 c:\windows\system32\dllcache\packager.exe
    + 2011-10-14 14:47 . 2011-10-14 14:47 23040 c:\windows\system32\dllcache\mciseq.dll
    + 2009-07-13 08:30 . 2012-01-13 19:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-07-13 08:30 . 2012-01-03 19:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
    - 2009-07-13 08:30 . 2012-01-03 19:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2012-01-04 19:00 . 2012-01-13 19:00 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
    + 2011-12-25 08:49 . 2011-12-25 08:49 31504 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
    - 2011-07-08 18:00 . 2011-07-08 18:00 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    + 2011-12-25 16:07 . 2011-12-25 16:07 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
    - 2011-07-07 16:04 . 2011-07-07 16:04 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2011-12-25 03:55 . 2011-12-25 03:55 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
    + 2011-12-25 03:55 . 2011-12-25 03:55 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    - 2011-07-07 16:04 . 2011-07-07 16:04 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
    + 2011-12-25 03:55 . 2011-12-25 03:55 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    - 2011-07-07 16:03 . 2011-07-07 16:03 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
    + 2011-12-25 04:49 . 2011-12-25 04:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    - 2011-07-07 17:09 . 2011-07-07 17:09 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
    + 2011-12-25 04:49 . 2011-12-25 04:49 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    - 2011-07-07 17:09 . 2011-07-07 17:09 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
    + 2012-01-05 02:57 . 2012-01-05 02:57 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_78fb12e3\System.Drawing.Design.dll
    + 2012-01-05 02:57 . 2012-01-05 02:57 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_ab2dcac5\CustomMarshalers.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 36864 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\750de53f30e516eb2c62de9bab7954e9\System.Web.DynamicData.Design.ni.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    - 2011-10-13 07:02 . 2011-10-13 07:02 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-05 02:56 . 2012-01-05 02:56 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
    + 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\winmm.dll
    - 2008-04-15 12:00 . 2008-04-15 12:00 176128 c:\windows\system32\winmm.dll
    - 2008-06-25 01:26 . 2011-11-30 22:16 442140 c:\windows\system32\perfh009.dat
    + 2008-06-25 01:26 . 2012-01-05 02:54 442140 c:\windows\system32\perfh009.dat
    - 2011-06-23 01:16 . 2011-05-04 08:52 157472 c:\windows\system32\javaws.exe
    + 2012-01-08 19:34 . 2012-01-08 19:33 157472 c:\windows\system32\javaws.exe
    + 2012-01-08 19:34 . 2012-01-08 19:33 149280 c:\windows\system32\javaw.exe
    + 2012-01-08 19:34 . 2012-01-08 19:33 149280 c:\windows\system32\java.exe
    + 2011-11-25 21:57 . 2011-11-25 21:57 293376 c:\windows\system32\dllcache\winsrv.dll
    - 2011-06-20 17:44 . 2011-06-20 17:44 293376 c:\windows\system32\dllcache\winsrv.dll
    + 2011-10-14 14:47 . 2011-10-14 14:47 176128 c:\windows\system32\dllcache\winmm.dll
    + 2011-11-03 15:28 . 2011-11-03 15:28 386048 c:\windows\system32\dllcache\qdvd.dll
    + 2011-12-25 08:49 . 2011-12-25 08:49 436496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
    - 2011-07-07 16:04 . 2011-07-07 16:04 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    + 2011-12-25 03:55 . 2011-12-25 03:55 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
    - 2011-07-07 16:01 . 2011-07-07 16:01 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2011-12-25 03:53 . 2011-12-25 03:53 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
    + 2011-12-25 04:49 . 2011-12-25 04:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    - 2011-07-07 17:09 . 2011-07-07 17:09 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
    + 2012-01-08 19:35 . 2012-01-08 19:35 203776 c:\windows\Installer\a5a51b.msi
    + 2012-01-08 19:33 . 2012-01-08 19:33 901120 c:\windows\Installer\a5a516.msi
    + 2011-12-25 10:40 . 2011-12-25 10:40 819200 c:\windows\Installer\423918.msp
    + 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
    + 2012-01-05 02:58 . 2012-01-05 02:58 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_c1fffaf1\System.Drawing.dll
    + 2012-01-05 03:55 . 2012-01-05 03:55 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_81531d92\System.Drawing.Design.dll
    + 2012-01-05 03:54 . 2012-01-05 03:54 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_7dc3468f\CustomMarshalers.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\0bda7bdfaf440d5dd4bc6a1dea7ffa39\System.Web.Routing.ni.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 859648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\6e29f9faa74a48b83a13a3413b826295\System.Web.Extensions.Design.ni.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\be8965fe859bc53dff61579bf626858b\System.Web.Entity.ni.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\8441b3eb247e0344fede848337ee911c\System.Web.Entity.Design.ni.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\09c6a41f187ba483486cdb92dad714a1\System.Web.DynamicData.ni.dll
    + 2012-01-05 16:57 . 2012-01-05 16:57 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Abstract#\5efb726d424b9712632eff749411fa89\System.Web.Abstractions.ni.dll
    + 2012-01-05 12:18 . 2012-01-05 12:18 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\f374e8e7849a72d1470b4a6a0771a137\System.Data.Entity.Design.ni.dll
    + 2012-01-05 12:17 . 2012-01-05 12:17 320512 c:\windows\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\439732479756e0f6df88d29e50a402bf\ServiceModelReg.ni.exe
    + 2012-01-05 12:16 . 2012-01-05 12:16 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\bfcea15c95909860c4f4ac19bd7a2d6c\AspNetMMCExt.ni.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
    + 2011-11-03 15:28 . 2011-11-03 15:28 1292288 c:\windows\system32\dllcache\quartz.dll
    + 2011-12-25 08:50 . 2011-12-25 08:50 5246976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
    + 2011-12-25 16:07 . 2011-12-25 16:07 2064384 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
    + 2011-12-25 16:06 . 2011-12-25 16:06 1269760 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
    + 2011-12-25 16:06 . 2011-12-25 16:06 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2011-07-08 17:59 . 2011-07-08 17:59 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
    - 2011-07-07 16:02 . 2011-07-07 16:02 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2011-12-25 03:54 . 2011-12-25 03:54 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
    + 2011-12-25 03:53 . 2011-12-25 03:53 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    - 2011-07-07 16:02 . 2011-07-07 16:02 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
    + 2011-12-25 16:06 . 2011-12-25 16:06 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    - 2011-07-08 17:59 . 2011-07-08 17:59 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
    + 2012-01-08 19:48 . 2012-01-08 19:48 2295808 c:\windows\Installer\a5a6f9.msi
    + 2011-12-26 14:59 . 2011-12-26 14:59 4368896 c:\windows\Installer\4238f9.msp
    + 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
    + 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
    + 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
    + 2012-01-05 02:57 . 2012-01-05 02:57 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_8e2a0a2f\System.dll
    + 2012-01-05 03:54 . 2012-01-05 03:54 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_1bf360f5\System.dll
    + 2012-01-05 03:55 . 2012-01-05 03:55 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_67c6ba59\System.Xml.dll
    + 2012-01-05 02:57 . 2012-01-05 02:57 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_27474587\System.Xml.dll
    + 2012-01-05 02:57 . 2012-01-05 02:57 3035136 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7c387413\System.Windows.Forms.dll
    + 2012-01-05 03:55 . 2012-01-05 03:55 7917568 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_2e02de8c\System.Windows.Forms.dll
    + 2012-01-05 03:56 . 2012-01-05 03:56 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f5596078\System.Drawing.dll
    + 2012-01-05 03:56 . 2012-01-05 03:56 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_9b287a0e\System.Design.dll
    + 2012-01-05 02:57 . 2012-01-05 02:57 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_8e329b2c\System.Design.dll
    + 2012-01-05 03:53 . 2012-01-05 03:53 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_2a8710ed\mscorlib.dll
    + 2012-01-05 03:56 . 2012-01-05 03:56 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_21f4a75a\mscorlib.dll
    + 2012-01-05 16:59 . 2012-01-05 16:59 1356288 c:\windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\05c29118462056cf810df0b6aa660d05\System.WorkflowServices.ni.dll
    + 2012-01-05 16:59 . 2012-01-05 16:59 1908224 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Run#\26b3258c559dc0ab6bdce481ffd458b3\System.Workflow.Runtime.ni.dll
    + 2012-01-05 16:59 . 2012-01-05 16:59 4514304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Com#\1642d1b72cd84caf24cbe7c5e8fd8368\System.Workflow.ComponentModel.ni.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 2992640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Workflow.Act#\32ce12c3c2049f2df94c44c94b052e16\System.Workflow.Activities.ni.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f63ae1310e004777e880f28377bcddd2\System.Web.Services.ni.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 2209280 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\c99b02434e71ca9898bebbc08d63e885\System.Web.Mobile.ni.dll
    + 2012-01-05 16:58 . 2012-01-05 16:58 2405888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\c8f78b9e94857fdf6c2a378dd1629ee0\System.Web.Extensions.ni.dll
    + 2012-01-05 12:18 . 2012-01-05 12:18 1706496 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ae749b024162e9ac79110c633b5ce6be\System.ServiceModel.Web.ni.dll
    + 2012-01-05 12:16 . 2012-01-05 12:16 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\23eb4618c9d171be9fb551a13a475a32\System.IdentityModel.ni.dll
    + 2012-01-05 12:18 . 2012-01-05 12:18 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\f35064c125799df650c1a959d8fa450b\System.Data.Services.ni.dll
    + 2012-01-05 12:18 . 2012-01-05 12:18 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\a86c12788293105a0d9fda1bc90c90bc\Microsoft.VisualBasic.ni.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-01-05 02:57 . 2012-01-05 02:57 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    - 2010-10-03 07:14 . 2010-10-03 07:14 1277952 c:\windows\assembly\GAC_MSIL\System.Web.Extensions\3.5.0.0__31bf3856ad364e35\System.Web.Extensions.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    - 2011-10-13 07:17 . 2011-10-13 07:17 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
    + 2012-01-05 02:52 . 2012-01-05 02:52 5246976 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-10-13 07:19 . 2011-10-13 07:19 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    - 2011-10-13 07:18 . 2011-10-13 07:18 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    + 2012-01-05 02:53 . 2012-01-05 02:53 4550656 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
    - 2011-10-13 07:02 . 2011-10-13 07:02 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2012-01-05 02:56 . 2012-01-05 02:56 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
    + 2012-01-05 02:56 . 2012-01-05 02:56 2064384 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
    + 2012-01-05 02:56 . 2012-01-05 02:56 1269760 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
    + 2009-11-02 23:27 . 2012-01-11 08:03 52128560 c:\windows\system32\MRT.exe
    + 2011-12-26 22:02 . 2011-12-26 22:02 12482048 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M2656353\M2656353Uninstall.msp
    + 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\a5a6fa.msp
    + 2011-12-26 14:02 . 2011-12-26 14:02 19677184 c:\windows\Installer\423912.msp
    + 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
    + 2012-01-05 16:57 . 2012-01-05 16:57 11817472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll
    + 2012-01-05 12:17 . 2012-01-05 12:17 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\2dac4fc006596760cd4988d0bfd52ff0\System.ServiceModel.ni.dll
    + 2012-01-05 02:56 . 2012-01-05 02:56 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\9e15d80ffb037e9171fa4bd2e0233497\System.Design.ni.dll
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-06 21755688]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-12-09 4616064]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
    "AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-18 737280]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-16 1418536]
    "HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2009-01-09 455224]
    "Syncables"="c:\program files\syncables\syncables desktop\Syncables.exe" [2009-04-02 173360]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
    "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-06-29 458844]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    .
    c:\documents and settings\Scott\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\syncables\\syncables desktop\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    .
    R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [5/7/2009 6:32 PM 21488]
    R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [5/7/2009 6:32 PM 15856]
    R0 SysCow;SysCow;c:\windows\system32\drivers\syscow32x.sys [9/25/2008 12:09 AM 103792]
    R1 MpKslbf7851de;MpKslbf7851de;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6A0A99EB-4B82-49AC-8CFC-0F86912F1539}\MpKslbf7851de.sys [1/14/2012 5:58 AM 29904]
    R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [5/7/2009 6:32 PM 25584]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 11:27 AM 12880]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 4:55 PM 67664]
    R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/11/2011 6:38 PM 116608]
    R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [12/12/2008 12:46 AM 125424]
    R2 BOTService;BOTService;c:\program files\Roxio\BackOnTrack\Instant Restore\BOTService.exe [3/19/2009 2:04 PM 203248]
    R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/24/2010 8:40 PM 113664]
    R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/31/2009 11:11 AM 39424]
    S1 MpKsl2b7a86e2;MpKsl2b7a86e2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85DD5633-FC75-4CB4-BEB1-B8C878C18F50}\MpKsl2b7a86e2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85DD5633-FC75-4CB4-BEB1-B8C878C18F50}\MpKsl2b7a86e2.sys [?]
    S1 MpKsld9a1437c;MpKsld9a1437c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C33F2AA9-B934-469C-B0A9-84549F57D63F}\MpKsld9a1437c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C33F2AA9-B934-469C-B0A9-84549F57D63F}\MpKsld9a1437c.sys [?]
    S3 cpuz134;cpuz134;\??\c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\Scott\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
    S3 MobileAdapter;Mobile Adapter USB Modem and USB Serial;c:\windows\system32\drivers\qscnusb.sys [4/1/2010 4:48 PM 103552]
    S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [5/7/2009 6:23 PM 160256]
    S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    S3 UCORESYS;UCORESYS;c:\swsetup\SP43745\UCORESYS.SYS [7/24/2008 2:16 PM 15432]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-12 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
    .
    2012-01-14 c:\windows\Tasks\BackOnTrack Instant Restore Idle.job
    - c:\program files\Roxio\BackOnTrack\Instant Restore\RstIdle.exe [2009-03-19 19:05]
    .
    2012-01-13 c:\windows\Tasks\BackOnTrack Update.job
    - c:\windows\BotInvokeUpdate.exe [2009-07-23 06:41]
    .
    2012-01-14 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 20:39]
    .
    .
    ------- Supplementary Scan -------
    .
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
    FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\5shyoky5.default\
    FF - prefs.js: browser.search.selectedEngine - Secure Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
    FF - user.js: yahoo.homepage.dontask - true
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-01-14 06:49
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(812)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    - - - - - - - > 'explorer.exe'(1280)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
    c:\program files\idt\wdm\STacSV.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\wscntfy.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\syncables\syncables desktop\jre\bin\javaw.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\syncables\syncables desktop\MigoMapi.exe
    c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    c:\program files\Roxio\BackOnTrack\Instant Restore\UINotification.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-14 06:55:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-14 11:55
    ComboFix2.txt 2012-01-04 05:15
    .
    Pre-Run: 135,634,444,288 bytes free
    Post-Run: 135,598,133,248 bytes free
    .
    - - End Of File - - 926CEFF1849BB80AFB197B4E56D86689
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Looking very good! How is the system running? any rema'ining problems? If 'no, go ahead with this:

    Removing all of the tools we used and the files and folders they created
    • Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
      [​IMG]
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • Select Yes when the "Begin cleanup Process?" prompt appears.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    -----
    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

    Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
    ------------------------------------------
    If you are relaying on the Roxio program, you can skip the following:
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    ====================================
    Here are some tips to help you stay clean: :)
    Tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie:
      [o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
      [o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
      I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
      AdBlock Plus
      Easy List
      [o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner]
      or
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.

    Let me know if you have any questions.
  18. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    Current Status:


    1. In your post above, you said:
    " ===================
    You might want to take a look at the posts HERE and HERE for information about the SYSTEM ROLLBACK DATA for the Roxio BackOnTrack. "


    I was unable to do the first link -- I made the batch file as instructed and ran it. It repeated the message that it cannot find the specified file, over and over.


    The second HERE concerns Roxio Back on Track file: rstidle.exe
    I have that file in my Roxio folder but it was not listed in the Windows Task Manager and it is not listed as a Program that is Running. Thus, I could not turn it off, as instructed.


    2. When I am logged on to Facebook, I have screen freeze often, or it runs extremely slowly.


    3. For Mozilla FIrefox/ Tools/ Options -- you asked me to uncheck the box for "Accept Third Party Cookies." When this box is unchecked, I am unable to log into certain groups I belong -- but I am able to log on when I put the check back. So I have left that box checked.
  19. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    "Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually."


    The following programs are listed in my Add or Remove Programs list in the Control Panel. Do you want me to remove these programs?
    ESET Online Scanner v. 3 123 MB
    MalwareBytes Anti-Malware 11.49 MB
    SuperAntiSpyware 75.6 MB

    I also have on my DeskTop the following files/folders/programs. Do you want me to delete them all?
    "UnHide"
    "Fix" - a registation entries program
    MBR.dat File
    Several logs we used to remove this Malware (I assume you want me to delete this)
  20. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    Also, on my Start button / All Programs list, I have the following. Shall I uninstall/delete any of them?
    MalwareBytes Anti-Malware
    McAfee Security Scan Plus
    Norton
    StopZilla
    Super AntiSpyware
  21. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Of the programs you listed, the only ones I had you run were:
    Malwarebytes
    Superantispyware

    Uninstall from Add/Remove Programs if there. Then use Windows Explorer to access Computer> Local Drive> Programs> do a right click> Delete on the program folder.
    Do a right click> Delete on any of the logs that remain on the desktop.

    These are your responsibility- I did not have you use them.
    McAfee Security Scan Plus
    Norton
    StopZilla
    ===========================================
    For Firefox Cookies:
    These are all of my settings for the Privacy Section:
    Tools> Options> Privacy Section:
    History:
    Firefox will> Use custom settings for history
    NO check to start in private browsing
    Check 'remember by browsing HX for at least> set days (I have 4)
    NO check to 'remember download HX'
    Check 'remember search and form HX'
    Check 'accept cookies from sites'
    NO check for 'accept third party cookies
    Keep until> they expire
    Check 'clear HX when Firefox closed>>>> click on Settings
    'When I quit Firefox, it should automatically clear all'
    • History section
      [o]Check Browsing History
      [o]Check Download History
      [o]Check Cache
    • Data section
      [o]NO CHECKS
    OK> OK

    This information should allow you to get on any legitimate site> Site Cookie is 1st party. 3rd Party Cookies are for ads, banners, tracking and other processes that are not a part of the site itself.
    ( If you had Cookies checked in the Data section to remove, that's why you couldn't get on the site- it remove the registration with user name and password.)

    Do you understand? Uncheck 3rd party Cookies.
    =====================================
    Check any settings you have for Facebook. Also if they have a forum, check if others are having the same problem. This isn't malware related.
    ====================================
    About the Roxio BackTrack: I am not familiar with the program. I tried to find source of info. Please address this in a Roxio Forum.
  22. Slawfor

    Slawfor Newcomer, in training Topic Starter Posts: 16

    Thank you Bobbye for all your help and patience. I believe the malware is gone for good. I removed the spyware programs we used without problems.

    The fix you gave me for "third party cookies" seems to have worked. The cite I was trying to log onto was www.yuku.com. At first I had the same problem of not being able to log on. I checked that allow third party cookie box, logged on, then unchecked that box and was able to remain online.

    For Roxio Back On Track, I determined that I can clean up all the old save locations through my clean disk accessory or even through the program's home page. That accomplishes the same objective as what those earlier Roxio threads were about.

    So my system is clean and working fine. Again, thank you very much for resolving my malware problems.

    Slawfor
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +35

    Thank you for the update. Glad everything is running well

    Here are some tips for added security and safer browsing: (Links are in Bold Blue)
    1. Browser Security
      [o] Safe Settings (Please ignore the suggestion to use the Registry Editor in this section "Creating a Custom Security Zone")
      [o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
      [o] Replace the Host Files
      [o] Google Toolbar Pop Up Blocker
      [o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
    2. Have layered Security:
      [o]Antivirus :(only one):Both of the following programs are free and known to be good:
      [o]Avira-AntiVir-Personal-Free-Antivirus
      [o]Avast-Free Antivirus
      [o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
      [o]Comodo
      [o]Zone Alarm
    3. Antimalware: I recommend all of the following:
      [o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
      [o]Spybot Search & Destroy
    4. Updates: Stay current:
      [o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
      [o]Adobe Reader Install current, uninstall old.
      [o]Java Updates Install current, uninstall old.
    5. Tracking Cookies
      Reset Cookie: Previously given.
    6. Do regular Maintenance
      Clean the temporary internet files often:
      [o] Temporary File Cleaner]
      or
      [o] ATF Cleaner by Atribune
    7. Restore Points:
      [o]See System Restore Guide
    8. Safe Email Handling
      [o] Don't open email from anyone you don't know.
      [o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
      [o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.
    Please let me know if you find any bad link.

    Note: re: Total Files Cleaned = 1,266.00 mb. Pay paticular attention to #6


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.