Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SPYWARE/outerinfo [RESOLVED]


  • This topic is locked This topic is locked

#1
VforVctory

VforVctory

    New Member

  • Member
  • Pip
  • 7 posts
I went through the tutorial on how to remove Outerinfo. Since it seem to be geared towards XP it made me a little nervous. I got the pop-ups to stop but my internet loading speed has been cut in half. Any help would be appreciated



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:22 PM, on 2/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu1002397.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...DTP&M=W3619
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=W3619
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...DTP&M=W3619
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu1002397.exe 61A847B5BBF72813329B3A557BFE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7583 bytes

Edited by VforVctory, 17 February 2008 - 12:57 PM.

  • 0

Advertisements


#2
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello VforVctory

Welcome to G2Go. :)
===============
Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.

  • 0

#3
VforVctory

VforVctory

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here you go.........Thanks again



Deckard's System Scanner v20071014.68
Run by Rareform on 2008-02-17 17:36:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- Last 5 Restore Point(s) --
19: 2008-02-17 02:27:38 UTC - RP85 - Windows Update
18: 2008-02-16 05:00:02 UTC - RP84 - Scheduled Checkpoint
17: 2008-02-15 03:11:21 UTC - RP83 - Scheduled Checkpoint
16: 2008-02-14 08:01:00 UTC - RP82 - Windows Update
15: 2008-02-13 23:37:24 UTC - RP81 - Windows Update


-- First Restore Point --
1: 2008-01-29 05:00:02 UTC - RP67 - Scheduled Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Rareform.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:37:20 PM, on 2/17/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\McAfee\MSK\mskagent.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\mrofinu1002397.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\McAfee\MSC\mcuimgr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Users\Rareform\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Rareform.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...DTP&M=W3619
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=W3619
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...DTP&M=W3619
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [BigFix] c:\program files\Bigfix\bigfix.exe /atstartup
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [runner1] C:\Windows\mrofinu1002397.exe 61A847B5BBF72813329B3A557BFE01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\bigfix.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O13 - Gopher Prefix:
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7557 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080211-232045-417 O4 - HKCU\..\Run: [SurfAccuracy] C:\Users\Rareform\AppData\Roaming\SurfAccuracy\SAcc.exe
backup-20080211-232045-500 O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares Galaxy P2P Plus\Ares.exe" -h
backup-20080211-233554-763 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

All drivers whitelisted.


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 RichVideo (Cyberlink RichVideo Service(CRVS)) - "c:\program files\cyberlink\shared files\richvideo.exe" <Not Verified; ; RichVideo Module>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-02-15 01:24:41 342 --a------ C:\Windows\Tasks\McDefragTask.job
2008-02-01 01:00:04 334 --a------ C:\Windows\Tasks\McQcTask.job


-- Files created between 2008-01-17 and 2008-02-17 -----------------------------

2008-02-11 23:19:14 0 d-------- C:\Program Files\Trend Micro
2008-02-11 22:42:41 0 d-------- C:\Program Files\??stem32
2008-02-11 22:42:33 36864 --a------ C:\Windows\mrofinu1002397.exe
2008-02-11 22:42:24 0 d-------- C:\Program Files\YourSiteBar
2008-02-11 22:41:44 0 d-------- C:\Program Files\Ares Galaxy P2P Plus
2008-02-11 22:41:44 0 d-------- C:\Program Files\32Vegas Casino


-- Find3M Report ---------------------------------------------------------------

2008-02-16 22:35:15 0 d-------- C:\Program Files\McAfee
2008-02-16 21:10:09 0 d-------- C:\Users\Rareform\AppData\Roaming\Full Tilt Poker
2008-02-13 18:40:12 0 d-------- C:\Program Files\Common Files
2008-02-13 18:40:03 0 d-------- C:\Program Files\??stem32
2008-01-20 11:41:29 0 d-------- C:\Users\Rareform\AppData\Roaming\Adobe
2008-01-08 20:35:19 0 d-------- C:\Program Files\Windows Mail
2008-01-08 19:40:25 0 d-------- C:\Program Files\Windows Sidebar
2008-01-03 19:39:47 0 d-------- C:\Program Files\Microsoft Works
2008-01-03 18:53:50 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-12-29 22:10:02 0 d-------- C:\Users\Rareform\AppData\Roaming\ArcSoft
2007-12-29 22:08:58 0 d-------- C:\Users\Rareform\AppData\Roaming\SampleView
2007-12-28 22:05:32 0 d-------- C:\Program Files\Common Files\Nikon
2007-12-28 21:27:13 0 d-------- C:\Program Files\PictureProject In Touch Downloader
2007-12-28 21:25:48 0 d-------- C:\Users\Rareform\AppData\Roaming\Nikon
2007-12-28 21:25:24 0 d-------- C:\Program Files\Common Files\muvee Technologies
2007-12-28 21:25:20 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-12-28 21:25:12 0 d-------- C:\Program Files\Nikon
2007-12-28 21:24:56 268 -r-h----- C:\Users\Rareform\AppData\Roaming\Action Clauses
2007-12-28 21:22:42 0 d-------- C:\Program Files\ArcSoft
2007-12-20 17:09:36 0 d-------- C:\Users\Rareform\AppData\Roaming\CyberLink
2007-12-19 22:36:44 0 d-------- C:\Program Files\PHTO6
2007-12-19 21:45:17 0 d-------- C:\Program Files\Google
2007-12-19 20:26:59 0 d-------- C:\Program Files\Common Files\Adobe
2007-12-19 13:44:07 0 d-------- C:\Users\Rareform\AppData\Roaming\Google
2007-12-19 00:06:08 0 d-------- C:\Users\Rareform\AppData\Roaming\Apple Computer
2007-12-19 00:05:49 0 d-------- C:\Program Files\iTunes
2007-12-19 00:05:41 0 d-------- C:\Program Files\iPod
2007-12-19 00:04:30 0 d-------- C:\Program Files\QuickTime
2007-12-19 00:03:13 0 d-------- C:\Program Files\Apple Software Update
2007-12-19 00:01:58 0 d-------- C:\Program Files\Common Files\Apple
2007-12-18 23:23:56 0 d-------- C:\Users\Rareform\AppData\Roaming\InstallShield Installation Information
2007-12-18 20:54:49 0 d-------- C:\Program Files\Canon
2007-12-18 20:48:50 0 d--h----- C:\Program Files\CanonBJ
2007-12-18 20:40:56 0 d-------- C:\Users\Rareform\AppData\Roaming\Macromedia
2007-12-18 20:33:38 0 d-------- C:\Users\Rareform\AppData\Roaming\Identities
2007-12-18 20:30:39 174 --ahs---- C:\Program Files\desktop.ini
2007-12-18 20:27:36 0 d-------- C:\Program Files\Windows Calendar
2007-12-18 20:27:31 0 d-------- C:\Program Files\Windows Defender
2007-12-18 19:53:49 0 d-------- C:\Program Files\MSXML 4.0
2007-12-18 19:06:40 81 --a------ C:\Windows\system32\LOG


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [12/18/2007 08:09 PM]
"RtHDVCpl"="RtHDVCpl.exe" [12/28/2006 10:11 PM C:\WINDOWS\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [12/12/2006 01:02 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [12/12/2006 01:03 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [12/12/2006 01:02 PM]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [11/23/2006 05:10 PM]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [11/29/2006 02:22 PM]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [07/10/2007 07:10 PM]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [10/19/2006 09:42 PM]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [11/16/2006 06:04 PM]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [10/16/2006 08:40 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [12/11/2007 10:56 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [12/11/2007 12:10 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/10/2007 07:51 PM]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [08/03/2007 10:33 PM]
"runner1"="C:\Windows\mrofinu1002397.exe" [02/11/2008 10:42 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 07:34 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-02-17 17:38:28 ------------

SECOND LOG

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Home Basic (build 6000)
Architecture: X86; Language: English

CPU 0: Intel® Celeron® D CPU 3.46GHz
Percentage of Memory in Use: 38%
Physical Memory (total/avail): 1526.94 MiB / 941.89 MiB
Pagefile Memory (total/avail): 3289.19 MiB / 2465.82 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.31 MiB

C: is Fixed (NTFS) - 103.43 GiB total, 74.97 GiB free.
D: is Fixed (NTFS) - 8.36 GiB total, 4.82 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

\\.\PHYSICALDRIVE0 - ST3120813AS ATA Device - 111.79 GiB - 2 partitions
\PARTITION0 - Installable File System - 8.36 GiB - D:
\PARTITION1 (bootable) - Installable File System - 103.43 GiB - C:

\\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee) Outdated
AS: McAfee VirusScan v (McAfee)
AS: Windows Defender v1.1.1505.0 (Microsoft Corporation)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Rareform\AppData\Roaming
CLASSPATH=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PHILLIPSPC
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Rareform
LOCALAPPDATA=C:\Users\Rareform\AppData\Local
LOGONSERVER=\\PHILLIPSPC
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0605
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Rareform\AppData\Local\Temp
TMP=C:\Users\Rareform\AppData\Local\Temp
USERDOMAIN=PhillipsPC
USERNAME=Rareform
USERPROFILE=C:\Users\Rareform
windir=C:\Windows


-- User Profiles ---------------------------------------------------------------

Sillykalua
Rareform


-- Add/Remove Programs ---------------------------------------------------------

Activation Assistant for the 2007 Microsoft Office suites --> "C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE
Adobe Flash Player 9 ActiveX --> C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81100000003}
Apple Mobile Device Support --> MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Panorama Maker 3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5F68DC8-0278-4AD8-B413-861509B5F25B}\Setup.exe" -l0x9
Bejeweled 2 Deluxe --> "C:\Program Files\eMachines Games\Bejeweled 2 Deluxe\Uninstall.exe"
BigFix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{34FF0741-EC67-4C05-AC2A-6D257123DF2E}\setup.exe" -l0x9 -uninst -f"C:\Program Files\BigFix\Uninst.isu" -c"C:\Program Files\BigFix\Lib\UninstallHelper.dll"
Blackhawk Striker 2 --> "C:\Program Files\eMachines Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 3 --> "C:\Program Files\eMachines Games\Blasterball 3\Uninstall.exe"
Browser Address Error Redirector --> regsvr32 /u /s "c:\google\BAE.dll"
Canon iP1800 series --> "C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series\DelDrv.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1800_series /L0x0009
Canon iP1800 series User Registration --> C:\Program Files\Canon\IJEREG\iP1800 series\UNINST.EXE
Canon My Printer --> C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini
Canon Utilities Easy-LayoutPrint --> C:\Program Files\Canon\Easy-LayoutPrint\uninst.exe uninst.ini
Canon Utilities Easy-PhotoPrint --> C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe uninst.ini
Digital Media Reader --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61} /l1033
Diner Dash --> "C:\Program Files\eMachines Games\Diner Dash\Uninstall.exe"
DVD Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
eMachines Game Console --> "C:\Program Files\eMachines Games\eMachines Game Console\Uninstall.exe"
eMachines Recovery Center Installer --> MsiExec.exe /X{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}
FATE --> "C:\Program Files\eMachines Games\FATE\Uninstall.exe"
Full Tilt Poker --> "C:\Users\Rareform\AppData\Roaming\InstallShield Installation Information\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}\setup.exe" -runfromtemp -l0x0009 -removeonly
Google Desktop --> C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
Google Toolbar for Internet Explorer --> MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Intel® Graphics Media Accelerator Driver --> C:\Windows\system32\igxpun.exe -uninstall
iTunes --> MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
Java™ SE Runtime Environment 6 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Linkit_eBay --> MsiExec.exe /I{91B3BEC8-748B-4912-82ED-29D38E140B2A}
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft Digital Image Starter Edition 2006 --> "C:\Program Files\Common Files\Microsoft Shared\Picture It!\RmvSuite.exe" ADDREMOVE=1 SKU=TRIAL VERSION=12
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{91110409-6000-11D3-8CFE-0150048383C9}
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB936181) --> MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833) --> MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 Parser and SDK --> MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Nikon Message Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\Setup.exe" -l0x9 UNINSTALL
Penguins! --> "C:\Program Files\eMachines Games\Penguins!\Uninstall.exe"
PictureProject --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FF3999BE-1A7B-4738-88AA-97BF14094A4A}\Setup.exe" -l0x9 UNINSTALL
PictureProject In Touch Downloader 1.0 --> C:\Program Files\PictureProject In Touch Downloader\uninst.exe
Polar Bowler --> "C:\Program Files\eMachines Games\Polar Bowler\Uninstall.exe"
Polar Golfer --> "C:\Program Files\eMachines Games\Polar Golfer\Uninstall.exe"
Power2Go 5.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9 -removeonly
SCRABBLE --> "C:\Program Files\eMachines Games\SCRABBLE\Uninstall.exe"
Soft Data Fax Modem with SmartCP --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F40&SUBSYS_200014F1\HXFSETUP.EXE -U -IPDBRYCMzK.inf
Tradewinds --> "C:\Program Files\eMachines Games\Tradewinds\Uninstall.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type3272 / Warning
Event Submitted/Written: 02/17/2008 10:06:25 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3880407246-2727126330-3836474913-1000_Classes:
Process 844 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3880407246-2727126330-3836474913-1000_CLASSES

Event Record #/Type3271 / Warning
Event Submitted/Written: 02/17/2008 10:06:25 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3880407246-2727126330-3836474913-1000:
Process 844 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3880407246-2727126330-3836474913-1000

Event Record #/Type3257 / Warning
Event Submitted/Written: 02/17/2008 09:56:11 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3880407246-2727126330-3836474913-1001_Classes:
Process 844 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3880407246-2727126330-3836474913-1001_CLASSES

Event Record #/Type3256 / Warning
Event Submitted/Written: 02/17/2008 09:56:10 AM
Event ID/Source: 1530 / profsvc
Event Description:
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-3880407246-2727126330-3836474913-1001:
Process 844 (\Device\HarddiskVolume2\WINDOWS\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-3880407246-2727126330-3836474913-1001

Event Record #/Type3238 / Success
Event Submitted/Written: 02/16/2008 10:35:23 PM
Event ID/Source: 5617 / WinMgmt
Event Description:




-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type13711 / Warning
Event Submitted/Written: 02/17/2008 05:37:47 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PhillipsPC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PhillipsPC27 can't undo changes that you allow.

For more information please see the following:
%PhillipsPC275

Scan ID: {A61807F0-9D9D-4A52-9E0B-4A57A1AFE05B}

User: PhillipsPC\Rareform

Name: %PhillipsPC271

ID: %PhillipsPC272

Severity ID: %PhillipsPC273

Category ID: %PhillipsPC274

Path Found: %PhillipsPC276

Alert Type: %PhillipsPC278

Detection Type: 1.1.1505.02

Event Record #/Type13710 / Warning
Event Submitted/Written: 02/17/2008 05:37:44 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PhillipsPC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PhillipsPC27 can't undo changes that you allow.

For more information please see the following:
%PhillipsPC275

Scan ID: {8AC0A7D6-862A-44E1-A36D-7755418AE3AF}

User: PhillipsPC\Rareform

Name: %PhillipsPC271

ID: %PhillipsPC272

Severity ID: %PhillipsPC273

Category ID: %PhillipsPC274

Path Found: %PhillipsPC276

Alert Type: %PhillipsPC278

Detection Type: 1.1.1505.02

Event Record #/Type13709 / Warning
Event Submitted/Written: 02/17/2008 05:37:44 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PhillipsPC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PhillipsPC27 can't undo changes that you allow.

For more information please see the following:
%PhillipsPC275

Scan ID: {32B413AF-5E65-4A0F-96FA-D391169BF035}

User: PhillipsPC\Rareform

Name: %PhillipsPC271

ID: %PhillipsPC272

Severity ID: %PhillipsPC273

Category ID: %PhillipsPC274

Path Found: %PhillipsPC276

Alert Type: %PhillipsPC278

Detection Type: 1.1.1505.02

Event Record #/Type13708 / Warning
Event Submitted/Written: 02/17/2008 05:37:44 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PhillipsPC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PhillipsPC27 can't undo changes that you allow.

For more information please see the following:
%PhillipsPC275

Scan ID: {C7FE7DDF-14F3-4934-9B47-1E8F24B7C746}

User: PhillipsPC\Rareform

Name: %PhillipsPC271

ID: %PhillipsPC272

Severity ID: %PhillipsPC273

Category ID: %PhillipsPC274

Path Found: %PhillipsPC276

Alert Type: %PhillipsPC278

Detection Type: 1.1.1505.02

Event Record #/Type13707 / Warning
Event Submitted/Written: 02/17/2008 05:37:44 PM
Event ID/Source: 3004 / WinDefend
Event Description:
%PhillipsPC27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %PhillipsPC27 can't undo changes that you allow.

For more information please see the following:
%PhillipsPC275

Scan ID: {1296C774-693E-43AD-869A-FE74A78E3498}

User: PhillipsPC\Rareform

Name: %PhillipsPC271

ID: %PhillipsPC272

Severity ID: %PhillipsPC273

Category ID: %PhillipsPC274

Path Found: %PhillipsPC276

Alert Type: %PhillipsPC278

Detection Type: 1.1.1505.02



-- End of Deckard's System Scanner: finished at 2008-02-17 17:38:28 ------------
  • 0

#4
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.

Also I am removing 32Vegas Casino becuase it is a rouge casino application.
See Here
You can redownload it if you choose but I do not recommend it.
===================================================================
Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    C:\Windows\mrofinu1002397.exe
    C:\Windows\mrofinu1002397.exe.tmp
    C:\Program Files\YourSiteBar
    C:\Users\Rareform\AppData\Roaming\SurfAccuracy
    C:\Program Files\32Vegas Casino
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1
    purity

  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
VforVctory

VforVctory

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Thanks! The 32 vegas ann Arse Galaxy was what started all this. (never let friends stay at your house and use your computer) here are the reports

[Custom Input]
< C:\Windows\mrofinu1002397.exe >
C:\Windows\mrofinu1002397.exe moved successfully.
< C:\Windows\mrofinu1002397.exe.tmp >
File/Folder C:\Windows\mrofinu1002397.exe.tmp not found.
< C:\Program Files\YourSiteBar >
C:\Program Files\YourSiteBar moved successfully.
< C:\Users\Rareform\AppData\Roaming\SurfAccuracy >
File/Folder C:\Users\Rareform\AppData\Roaming\SurfAccuracy not found.
< C:\Program Files\32Vegas Casino >
C:\Program Files\32Vegas Casino moved successfully.
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 >
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\runner1 deleted successfully.
< purity >
C:\Program Files\ѕуstem32 moved successfully.

OTMoveIt2 v1.0.20 log created on 02172008_183624

ComboFix 08-02-18.1 - Rareform 2008-02-17 18:49:25.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.789 [GMT -5:00]
Running from: C:\Users\Rareform\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.

2008-02-17 18:36 . 2008-02-17 18:36 <DIR> d-------- C:\_OTMoveIt
2008-02-17 17:36 . 2008-02-17 17:36 <DIR> d-------- C:\Deckard
2008-02-13 18:46 . 2008-02-13 18:46 194,560 --a------ C:\WINDOWS\System32\WebClnt.dll
2008-02-13 18:46 . 2008-02-13 18:46 110,080 --a------ C:\WINDOWS\System32\drivers\mrxdav.sys
2008-02-13 18:41 . 2008-02-13 18:41 4,247,552 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-02-11 23:19 . 2008-02-11 23:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-11 23:08 . 2005-08-25 18:19 115,920 --a------ C:\WINDOWS\System32\MSINET.OCX
2008-02-11 22:41 . 2008-02-11 22:47 <DIR> d-------- C:\Program Files\Ares Galaxy P2P Plus

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 03:35 --------- d-----w C:\Program Files\McAfee
2008-02-17 02:10 --------- d-----w C:\Users\Rareform\AppData\Roaming\Full Tilt Poker
2008-02-13 23:41 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 23:38 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 23:38 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 23:38 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 23:38 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-09 01:35 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 00:40 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 00:40 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-09 00:40 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 00:40 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-04 00:40 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-04 00:39 --------- d-----w C:\Program Files\Microsoft Works
2008-01-04 00:16 184 ----a-w C:\Users\Sillykalua\AppData\Roaming\wklnhst.dat
2008-01-03 23:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-30 03:10 --------- d-----w C:\Users\Rareform\AppData\Roaming\ArcSoft
2007-12-30 03:08 --------- d-----w C:\Users\Rareform\AppData\Roaming\SampleView
2007-12-29 03:05 20 ---h--w C:\Users\All Users\PKP_DLds.DAT
2007-12-29 03:05 20 ---h--w C:\ProgramData\PKP_DLds.DAT
2007-12-29 03:05 --------- d-----w C:\Users\Sillykalua\AppData\Roaming\Nikon
2007-12-29 03:05 --------- d-----w C:\Program Files\Common Files\Nikon
2007-12-29 03:04 20 ---h--w C:\Users\All Users\PKP_DLec.DAT
2007-12-29 03:04 20 ---h--w C:\ProgramData\PKP_DLec.DAT
2007-12-29 03:04 --------- d-----w C:\ProgramData\Ultima_T15
2007-12-29 03:04 --------- d-----w C:\ProgramData\EnterNHelp
2007-12-29 02:27 --------- d-----w C:\Program Files\PictureProject In Touch Downloader
2007-12-29 02:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-29 02:25 --------- d-----w C:\Users\Rareform\AppData\Roaming\Nikon
2007-12-29 02:25 --------- d-----w C:\ProgramData\Nikon
2007-12-29 02:25 --------- d-----w C:\Program Files\Nikon
2007-12-29 02:25 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2007-12-29 02:24 --------- d-----w C:\ProgramData\Digital Light
2007-12-29 02:24 --------- d-----w C:\ProgramData\Apple Computer
2007-12-29 02:22 --------- d-----w C:\Program Files\ArcSoft
2007-12-23 01:18 --------- d-----w C:\Users\Sillykalua\AppData\Roaming\Template
2007-12-20 22:09 --------- d-----w C:\Users\Rareform\AppData\Roaming\CyberLink
2007-12-20 22:09 --------- d-----w C:\ProgramData\CyberLink
2007-12-20 03:36 --------- d-----w C:\Program Files\PHTO6
2007-12-20 02:45 --------- d-----w C:\Program Files\Google
2007-12-20 02:18 --------- d-----w C:\Users\Sillykalua\AppData\Roaming\Apple Computer
2007-12-20 01:26 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-19 05:06 --------- d-----w C:\Users\Rareform\AppData\Roaming\Apple Computer
2007-12-19 05:05 --------- d-----w C:\Program Files\iTunes
2007-12-19 05:05 --------- d-----w C:\Program Files\iPod
2007-12-19 05:04 --------- d-----w C:\Program Files\QuickTime
2007-12-19 05:03 --------- d-----w C:\Program Files\Apple Software Update
2007-12-19 05:01 --------- d-----w C:\ProgramData\Apple
2007-12-19 05:01 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-19 04:23 --------- d-----w C:\Users\Rareform\AppData\Roaming\InstallShield Installation Information
2007-12-19 01:54 --------- d-----w C:\Program Files\Canon
2007-12-19 01:50 --------- d--h--w C:\ProgramData\CanonBJ
2007-12-19 01:48 --------- d--h--w C:\Program Files\CanonBJ
2007-12-19 01:46 --------- d-----w C:\ProgramData\McAfee
2007-12-19 01:32 --------- d-----w C:\Users\Sillykalua\AppData\Roaming\SampleView
2007-12-19 01:30 174 --sha-w C:\Program Files\desktop.ini
2007-12-19 01:27 --------- d-----w C:\Program Files\Windows Defender
2007-12-19 01:27 --------- d-----w C:\Program Files\Windows Calendar
2007-12-19 01:12 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-19 01:12 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2007-12-19 01:12 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2007-12-19 01:10 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2007-12-19 01:10 376,320 ----a-w C:\Windows\System32\winsrv.dll
2007-12-19 01:08 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-19 01:07 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-19 01:07 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-19 01:07 414,208 ----a-w C:\Windows\System32\msscp.dll
2007-12-19 01:07 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-19 01:07 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-19 01:06 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-19 01:06 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-12-19 01:06 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-19 01:06 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-19 01:06 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-19 01:06 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-12-19 01:06 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-19 01:06 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-19 01:06 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-12-19 01:05 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2007-12-19 01:05 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-19 01:03 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-19 01:02 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-19 01:02 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-19 01:01 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2007-12-19 01:01 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2007-12-19 01:01 39,936 ----a-w C:\Windows\System32\slcinst.dll
2007-12-19 01:01 351,232 ----a-w C:\Windows\System32\SLUI.exe
2007-12-19 01:01 33,280 ----a-w C:\Windows\System32\slwmi.dll
2007-12-19 01:01 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2007-12-19 01:01 223,232 ----a-w C:\Windows\System32\SLC.dll
2007-12-19 01:01 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2007-12-19 01:01 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2007-12-19 01:01 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2007-12-19 00:57 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-19 00:57 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-19 00:57 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2007-12-19 00:57 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-19 00:57 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-19 00:55 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-12-19 00:54 974,336 ----a-w C:\Windows\System32\crypt32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 07:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-18 20:09 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2006-12-28 22:11 4317184 C:\WINDOWS\RtHDVCpl.exe]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-12 13:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-12 13:03 106496]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2006-12-12 13:02 81920]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 17:10 56928]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2006-11-29 14:22 58928]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-10 19:10 240640]
"MskAgentexe"="C:\Program Files\McAfee\MSK\MskAgent.exe" [2006-10-19 21:42 161360]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2006-10-16 20:40 1197648]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\bigfix.exe [2007-07-10 19:15:02 2348584]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2007-12-28 21:25:25 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 13:49]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 02:30]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 06:24:41 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-01 06:00:04 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 18:51:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
  • 0

#6
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)
=====================
As a final check please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#7
VforVctory

VforVctory

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
It seems my problem has gotten worst since I rebooted before I did the Panda scan.Instead of taking about 30 seconds to load between pages. It now takes minutes. Pandascan has been loading/downloading for about 15min and it's only at 9%. Is this Normal? Thanks again for your time and Patience
  • 0

#8
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=================================================================
Then After that try the Panda scan again please.
  • 0

#9
VforVctory

VforVctory

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay,The ATF cleaner didn't help with the Panda scan. It takes about 1/2 hour to get to 20% then kicks me off with an Error code.
  • 0

#10
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Ok try this one:

Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#11
VforVctory

VforVctory

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Sorry for the delay. Again,thanks for all your help!

KASPERSKY ONLINE SCANNER REPORT
Friday, February 22, 2008 9:03:56 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/02/2008
Kaspersky Anti-Virus database records: 574324
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 87215
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:01:04

Infected Object Name / Virus Name / Last Action
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\gather-now.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\ie7conflict.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\notes.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\partner-700.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\subscrip-2000.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\survey.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\updates-300.dat Object is locked skipped
C:\Program Files\BigFix\__Data\BigFix\__Local\Tmp\urgent-800.dat Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}\Setup.ilg Object is locked skipped
C:\ProgramData\McAfee\MNA\NAData Object is locked skipped
C:\ProgramData\McAfee\MPF\data\log.edb Object is locked skipped
C:\ProgramData\McAfee\MSC\McUsers.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\APH.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\RBLDB.dat Object is locked skipped
C:\ProgramData\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\ProgramData\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Sillykalua.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbc2e.ht1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbdam Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbdao Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbeam Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbeao Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbm Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbu2d.ht1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbvm.cf1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\dbvmh.ht1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\fii.cf1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\fiih.ht1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\hp Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\hpt2i.ht1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\rpm.cf1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\rpm1m.cf1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\rpm1mh.ht1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Google\Google Desktop\b050b6ec0cb8\rpmh.ht1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008022220080223\index.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\UsrClass.dat{7fe195a4-add1-11dc-b78d-001921fa20ba}.TM.blf Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\UsrClass.dat{7fe195a4-add1-11dc-b78d-001921fa20ba}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows\UsrClass.dat{7fe195a4-add1-11dc-b78d-001921fa20ba}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows Defender\FileTracker\{4AF6FEE4-5DB2-4C89-BA39-1C6E74DC98BC} Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows Mail\edb.log Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows Mail\edbtmp.log Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows Mail\tmp.edb Object is locked skipped
C:\Users\Rareform\AppData\Local\Microsoft\Windows Mail\WindowsMail.MSMessageStore Object is locked skipped
C:\Users\Rareform\AppData\Local\Temp\~DF51DE.tmp Object is locked skipped
C:\Users\Rareform\AppData\Local\Temp\~DF7528.tmp Object is locked skipped
C:\Users\Rareform\AppData\Local\Temp\~DF9F3A.tmp Object is locked skipped
C:\Users\Rareform\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Rareform\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Rareform\ntuser.dat Object is locked skipped
C:\Users\Rareform\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Rareform\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Rareform\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Users\Rareform\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Rareform\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Debug\sam.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.log Object is locked skipped
C:\WINDOWS\Logs\CBS\CBS.persist.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setupact.log Object is locked skipped
C:\WINDOWS\Logs\DPX\setuperr.log Object is locked skipped
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setupact.log Object is locked skipped
C:\WINDOWS\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\WINDOWS\security\database\secedit.sdb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\WINDOWS\System32\catroot2\edb.log Object is locked skipped
C:\WINDOWS\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\WINDOWS\System32\config\components Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\default Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\sam Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SAM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\security Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SECURITY.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\software Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\system Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\WINDOWS\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\WINDOWS\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\WINDOWS\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\System32\restore\MachineGuid.txt Object is locked skipped
C:\WINDOWS\System32\spool\SpoolerETW.etl Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\WINDOWS\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\WINDOWS\System32\wbem\AutoRecover\E478A5DB75C9721E744C05D78DBACFD3.mof Object is locked skipped
C:\WINDOWS\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\WINDOWS\System32\wbem\repository\INDEX.BTR Object is locked skipped
C:\WINDOWS\System32\wbem\repository\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\repository\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\System32\wbem\repository\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\WINDOWS\System32\winevt\Logs\System.evtx Object is locked skipped
C:\WINDOWS\Tasks\McDefragTask.job Object is locked skipped
C:\WINDOWS\Tasks\McQcTask.job Object is locked skipped
C:\WINDOWS\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.
  • 0

#12
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Great looks clean just a few more steps and you will be on your way. :)
You are welcome.

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    [list]
  • Posted Image

The above procedure will delete and do the following:

  • ComboFix and its associated files and folders.
  • VundoFix backups, if present
  • The C:\Deckard folder, if present
  • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete\uninstall anything that we used that is left over.
=============================================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0

#13
VforVctory

VforVctory

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Okay! Thanks again. you guys rock!
  • 0

#14
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome :)


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

#15
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP