Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP Antivirus 2012 OTL report included for assistance


  • Please log in to reply

#1
lynnk

lynnk

    New Member

  • Member
  • Pip
  • 4 posts
I accidentally started this in the Introductions forum. Sorry; I panicked!

I have the fake XP Antivirus 2012 that I see others have, too. I have run the following programs to try to get rid of it: Hijack this, AnitMalwareBytes (?), exehelper, rkill, and OTL as recommended by the site.

HIjack This and AnitMalwareBytes(?) both ran fine. They both found a bunch of files which I then removed. Then I restarted my computer. The virus was still there. And the second time I ran the AntiMalware thing, it found a repeat of one of the files I had already removed. That's when I found you (somehow through Hijack This I was able to get online.).

Once here, I ran exehelper which didn't seem to do anything but did create a log. Next I ran rkill, which created a log, and terminated my menu bar and desktop icons completely, but I am now able to search the web at my leisure. I thought I should restart, but then I had to run exehelper and rkill all over again. By the way I couldn't run rkill until after I ran exehelper, so I guess it did something, after all.

While I was waiting for someone to get back to me, I also ran a dfrag program. Mine was outdated so I downloaded a new version. That didn't seem to find anything.

I then waited for a response to my first post (Again, sorry it was in the wrong place.) The moderator told me to follow steps 1-3 on a page about Malware. I ran OTL and got the following text:

OTL logfile created on: 6/25/2011 7:37:03 PM - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = D:\Documents and Settings\St. Mary Chardon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.90 Mb Total Physical Memory | 450.96 Mb Available Physical Memory | 44.48% Memory free
2.38 Gb Paging File | 2.01 Gb Available in Paging File | 84.42% Paging File free
Paging file location(s): D:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 2.00 Gb Total Space | 0.91 Gb Free Space | 45.37% Space Free | Partition Type: NTFS
Drive D: | 72.44 Gb Total Space | 58.56 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: ROOM102 | User Name: St. Mary Chardon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/25 19:36:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\St. Mary Chardon\Desktop\OTL.exe
PRC - [2011/06/22 16:31:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/22 17:44:18 | 000,453,400 | ---- | M] () -- D:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
PRC - [2009/10/22 17:44:14 | 001,088,800 | ---- | M] (Promethean Technologies Group Ltd) -- D:\Program Files\Activ Software\ActivDriver\ActivControl2.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- D:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
PRC - [2007/05/10 11:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) -- D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
PRC - [2002/09/10 22:26:26 | 000,368,706 | ---- | M] () -- D:\Program Files\BroadJump\Client Foundation\CFD.exe


========== Modules (SafeList) ==========

MOD - [2011/06/25 19:36:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\St. Mary Chardon\Desktop\OTL.exe
MOD - [2011/06/25 18:19:53 | 000,063,488 | ---- | M] () -- D:\Documents and Settings\All Users\Application Data\Activ Software\ActivApplications\ActivFocusHook.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/01/26 16:48:24 | 000,020,480 | ---- | M] (AG Interactive) [Disabled | Stopped] -- D:\Program Files\AGI\core\4.2.0.10752\AGCoreService.exe -- (AGCoreService)
SRV - [2008/11/21 19:42:04 | 000,010,240 | ---- | M] () [Disabled | Stopped] -- D:\Program Files\AGI\common\win32\PythonService.exe -- (AGWinService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/05/10 11:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- D:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe -- (STacSV)
SRV - [2003/05/21 01:27:46 | 000,610,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2003/05/21 01:22:36 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - [2010/10/18 04:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/10/18 04:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- D:\Program Files\Common Files\Symantec Shared\VirusDefs\20101018.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/09/16 15:28:32 | 000,073,496 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/06/17 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/06/13 08:15:24 | 000,080,896 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\afea.sys -- (afea)
DRV - [2009/10/05 18:56:52 | 000,006,144 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\activmouse.sys -- (prmvmouse)
DRV - [2009/05/05 18:25:12 | 000,055,936 | ---- | M] (Promethean Technologies Ltd) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\activhidsermini.sys -- (ActivHidSerMini)
DRV - [2008/10/24 19:00:32 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2007/12/23 18:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)
DRV - [2007/05/10 11:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2003/05/02 21:08:22 | 000,030,208 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navapel.sys -- (NAVAPEL)
DRV - [2003/05/02 21:08:18 | 000,224,256 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Navap.sys -- (NAVAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50545

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.hotmail.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..keyword.URL: "http://www.crawler.c...bid=60644&qkw="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50545
FF - prefs.js..network.proxy.type: 0


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/06/23 08:27:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/06/22 19:02:36 | 000,000,000 | ---D | M]

[2009/09/27 07:47:58 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\St. Mary Chardon\Application Data\Mozilla\Extensions
[2009/09/27 07:47:58 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\St. Mary Chardon\Application Data\Mozilla\Extensions\[email protected]
[2011/06/25 18:07:55 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\St. Mary Chardon\Application Data\Mozilla\Firefox\Profiles\5pxnhfl5.default\extensions
[2010/02/13 07:53:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Documents and Settings\St. Mary Chardon\Application Data\Mozilla\Firefox\Profiles\5pxnhfl5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/25 12:25:17 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- D:\Documents and Settings\St. Mary Chardon\Application Data\Mozilla\Firefox\Profiles\5pxnhfl5.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2011/03/02 13:32:22 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
[2009/07/04 09:29:07 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2007/07/26 14:05:16 | 000,001,329 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010/11/18 18:22:41 | 000,425,847 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14672 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No CLSID value found.
O4 - HKLM..\Run: [ActivControl] D:\Program Files\Activ Software\ActivDriver\ActivControl2.exe (Promethean Technologies Group Ltd)
O4 - HKLM..\Run: [BJCFD] D:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [Motive SmartBridge] D:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] D:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [vptray] D:\Program Files\Symantec_Client_Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [2372739559] D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\hgb.exe ()
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///D:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - D:\WINDOWS\system32\NavLogon.dll - D:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/21 11:57:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4fe571c4-8c58-11e0-b7e0-0021709bccfd}\Shell - "" = AutoRun
O33 - MountPoints2\{4fe571c4-8c58-11e0-b7e0-0021709bccfd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4fe571c4-8c58-11e0-b7e0-0021709bccfd}\Shell\AutoRun\command - "" = F:\autorunner.exe "EPI-USE.HTML"
O33 - MountPoints2\{844a7804-c1c6-11df-b72a-0021709bccfd}\Shell\AutoRun\command - "" = F:\Setup.Exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 19:36:30 | 000,579,072 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\St. Mary Chardon\Desktop\OTL.exe
[2011/06/25 19:18:36 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/06/25 19:18:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/06/25 19:15:19 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Defraggler
[2011/06/25 19:13:10 | 000,000,000 | ---D | C] -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\Temp
[2011/06/25 19:11:30 | 003,260,888 | ---- | C] (Piriform Ltd) -- D:\Documents and Settings\St. Mary Chardon\Desktop\dfsetup205.exe
[2011/06/25 18:31:04 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- D:\Documents and Settings\St. Mary Chardon\Desktop\mbam-setup.exe
[2011/06/22 19:02:52 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/22 19:02:28 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/22 19:02:17 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\Apple Computer
[2011/06/22 19:01:27 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2011/06/22 19:01:06 | 000,000,000 | ---D | C] -- D:\Program Files\Bonjour
[2011/06/22 17:47:13 | 000,000,000 | ---D | C] -- D:\Documents and Settings\St. Mary Chardon\Desktop\curricla
[2011/06/20 15:51:25 | 000,000,000 | ---D | C] -- D:\Documents and Settings\St. Mary Chardon\My Documents\blog
[2011/06/19 16:41:21 | 000,000,000 | ---D | C] -- D:\Program Files\MSECache
[2011/06/19 15:30:00 | 000,000,000 | ---D | C] -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\Hellmansoft
[2011/06/19 15:29:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\Planbook
[2011/06/19 15:29:40 | 000,000,000 | ---D | C] -- D:\Program Files\Hellmansoft
[2011/06/19 15:29:40 | 000,000,000 | ---D | C] -- D:\Documents and Settings\St. Mary Chardon\Application Data\Hellmansoft
[2011/06/19 11:32:58 | 000,000,000 | ---D | C] -- D:\Documents and Settings\St. Mary Chardon\My Documents\interactive notebooks
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/25 19:36:36 | 000,579,072 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\St. Mary Chardon\Desktop\OTL.exe
[2011/06/25 19:18:36 | 000,001,813 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/25 19:18:36 | 000,001,791 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/25 19:18:14 | 000,000,906 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 19:18:00 | 000,000,902 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 19:15:19 | 000,001,580 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/06/25 19:12:03 | 003,260,888 | ---- | M] (Piriform Ltd) -- D:\Documents and Settings\St. Mary Chardon\Desktop\dfsetup205.exe
[2011/06/25 18:41:01 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/25 18:33:45 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- D:\Documents and Settings\St. Mary Chardon\Desktop\mbam-setup.exe
[2011/06/25 18:20:18 | 000,016,748 | -HS- | M] () -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/25 18:20:18 | 000,016,748 | -HS- | M] () -- D:\Documents and Settings\All Users\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/25 18:20:09 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/06/25 18:19:50 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2011/06/25 18:13:00 | 001,007,120 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\rkill.exe
[2011/06/25 18:11:24 | 000,294,400 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\exeHelper.com
[2011/06/25 13:05:35 | 000,348,160 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\hgb.exe
[2011/06/25 12:39:43 | 000,984,497 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\My Documents\classroomtimesavers.pdf
[2011/06/25 10:09:43 | 000,156,886 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\banner.bmp
[2011/06/25 08:54:04 | 000,839,325 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\Mini-Officesfor website1.pdf
[2011/06/24 18:10:20 | 000,002,475 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\ActivInspire.lnk
[2011/06/23 23:37:26 | 000,000,580 | -H-- | M] () -- D:\WINDOWS\tasks\Norton Security Scan for St. Mary Chardon.job
[2011/06/23 19:53:21 | 000,002,515 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/06/23 18:12:21 | 000,001,620 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 17:58:05 | 000,002,497 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\Microsoft Office Word 2003.lnk
[2011/06/23 10:37:09 | 000,000,257 | ---- | M] () -- D:\register
[2011/06/23 10:37:09 | 000,000,111 | ---- | M] () -- D:\index
[2011/06/23 10:06:59 | 000,002,557 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\Activstudio Professional Edition V3.lnk
[2011/06/23 06:55:22 | 000,692,864 | ---- | M] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/22 18:34:06 | 000,000,120 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\CNN.url
[2011/06/21 14:00:02 | 000,050,564 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\USATF Logo.png
[2011/06/21 09:37:05 | 004,349,055 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\esanchor.pdf
[2011/06/21 09:34:30 | 000,059,893 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\smile-purple.jpg
[2011/06/21 09:32:32 | 000,752,866 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\Modern-Binder-Covers-Freebie.pdf
[2011/06/21 09:26:26 | 000,197,328 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\kidsatwork.png
[2011/06/21 09:22:56 | 000,116,045 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\hundredchart.png
[2011/06/19 10:52:17 | 000,000,213 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\Bloom's.url
[2011/06/17 21:01:32 | 000,049,709 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\My Documents\alphabet book.pdf
[2011/06/11 13:28:50 | 000,016,922 | ---- | M] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\istockphoto_9551181-safe-combination-lock.jpg
[2011/06/10 09:16:53 | 000,432,924 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat
[2011/06/10 09:16:53 | 000,067,714 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat
[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/25 19:18:36 | 000,001,813 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/06/25 19:18:36 | 000,001,791 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/06/25 19:15:19 | 000,001,580 | ---- | C] () -- D:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/06/25 19:13:07 | 000,000,906 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/25 19:13:07 | 000,000,902 | ---- | C] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/25 18:12:49 | 001,007,120 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\rkill.exe
[2011/06/25 18:11:25 | 000,294,400 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\exeHelper.com
[2011/06/25 13:05:35 | 000,348,160 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\hgb.exe
[2011/06/25 13:05:35 | 000,016,748 | -HS- | C] () -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/25 13:05:35 | 000,016,748 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\5ck18628083b8y8gi4y3dlivvx1u4n7pkvj5y1
[2011/06/25 12:39:09 | 000,984,497 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\My Documents\classroomtimesavers.pdf
[2011/06/25 10:09:43 | 000,156,886 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\banner.bmp
[2011/06/25 08:53:49 | 000,839,325 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\Mini-Officesfor website1.pdf
[2011/06/23 18:12:27 | 000,002,515 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/06/23 18:12:21 | 000,001,620 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/06/23 10:09:58 | 000,000,257 | ---- | C] () -- D:\register
[2011/06/23 10:09:58 | 000,000,111 | ---- | C] () -- D:\index
[2011/06/22 18:33:56 | 000,000,120 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\CNN.url
[2011/06/21 14:00:02 | 000,050,564 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\USATF Logo.png
[2011/06/21 09:37:05 | 004,349,055 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\esanchor.pdf
[2011/06/21 09:34:36 | 000,059,893 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\smile-purple.jpg
[2011/06/21 09:32:32 | 000,752,866 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\Modern-Binder-Covers-Freebie.pdf
[2011/06/21 09:26:26 | 000,197,328 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\kidsatwork.png
[2011/06/21 09:22:55 | 000,116,045 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\hundredchart.png
[2011/06/19 10:49:36 | 000,000,213 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\Bloom's.url
[2011/06/17 21:01:32 | 000,049,709 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\My Documents\alphabet book.pdf
[2011/06/11 13:13:32 | 000,016,922 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Desktop\istockphoto_9551181-safe-combination-lock.jpg
[2011/04/16 19:38:34 | 000,235,810 | -HS- | C] () -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\pvg.exe
[2011/04/16 19:38:34 | 000,017,534 | -HS- | C] () -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\l068fp6ptd5np2lt166sas867
[2011/04/16 19:38:34 | 000,017,534 | -HS- | C] () -- D:\Documents and Settings\All Users\Application Data\l068fp6ptd5np2lt166sas867
[2011/01/13 04:02:26 | 000,000,118 | ---- | C] () -- D:\WINDOWS\System32\MRT.INI
[2010/12/08 08:55:37 | 000,000,238 | ---- | C] () -- D:\WINDOWS\wininit.ini
[2010/12/08 07:59:30 | 000,025,594 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Application Data\33BE.274
[2010/09/16 23:12:30 | 000,000,000 | ---- | C] () -- D:\WINDOWS\vpc32.INI
[2010/06/13 08:15:22 | 000,080,896 | ---- | C] () -- D:\WINDOWS\System32\afea.sys
[2010/05/14 11:05:29 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2010/05/14 11:05:29 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2010/05/14 11:05:29 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2010/05/14 11:05:29 | 000,077,312 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2010/05/14 11:05:29 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2009/12/21 15:01:23 | 000,043,387 | ---- | C] () -- D:\WINDOWS\browser.exe
[2009/12/21 14:53:19 | 000,006,550 | ---- | C] () -- D:\WINDOWS\jautoexp.dat
[2009/10/22 17:44:36 | 000,223,016 | ---- | C] () -- D:\WINDOWS\libactivboardex.dll
[2009/10/22 17:44:16 | 000,252,696 | ---- | C] () -- D:\WINDOWS\ActivDRV.dll
[2009/09/05 10:54:33 | 000,000,000 | ---- | C] () -- D:\WINDOWS\iPlayer.INI
[2009/05/06 09:08:59 | 000,004,608 | ---- | C] () -- D:\Documents and Settings\St. Mary Chardon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/21 19:41:47 | 000,339,968 | ---- | C] () -- D:\WINDOWS\System32\pythoncom25.dll
[2008/11/21 19:41:47 | 000,114,688 | ---- | C] () -- D:\WINDOWS\System32\pywintypes25.dll
[2008/11/21 12:39:08 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2008/11/21 12:37:57 | 001,843,784 | ---- | C] () -- D:\WINDOWS\System32\igklg400.dll
[2008/11/21 12:37:57 | 001,399,880 | ---- | C] () -- D:\WINDOWS\System32\igklg450.dll
[2008/11/21 12:37:57 | 000,147,456 | ---- | C] () -- D:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008/11/21 12:37:57 | 000,104,636 | ---- | C] () -- D:\WINDOWS\System32\igmedcompkrn.dll
[2008/11/21 12:37:43 | 000,143,360 | ---- | C] () -- D:\WINDOWS\System32\preflib.dll
[2008/11/21 12:37:43 | 000,024,064 | ---- | C] () -- D:\WINDOWS\System32\WLTRYSVC.EXE
[2008/11/21 12:37:42 | 000,753,664 | ---- | C] () -- D:\WINDOWS\System32\bcm1xsup.dll
[2008/11/21 12:36:15 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2008/11/21 12:00:47 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat
[2008/11/21 11:55:25 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2008/11/21 06:51:53 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2008/11/21 06:50:48 | 000,692,864 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2006/09/12 12:08:38 | 006,172,672 | ---- | C] () -- D:\WINDOWS\System32\HwRecogK.dll
[2006/08/14 10:56:52 | 007,946,240 | ---- | C] () -- D:\WINDOWS\System32\HWRecogT.dll
[2006/08/13 18:48:58 | 015,147,008 | ---- | C] () -- D:\WINDOWS\System32\HWRecog.dll
[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2004/08/12 09:28:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2004/08/12 09:26:07 | 000,432,924 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2004/08/12 09:26:05 | 000,067,714 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2004/08/12 09:24:57 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2004/08/12 09:18:32 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin
[2003/08/07 17:01:50 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\lame_enc.dll
[2003/05/21 01:19:00 | 000,045,056 | ---- | C] () -- D:\WINDOWS\System32\NavLogon.dll
[2003/03/24 07:03:00 | 000,279,552 | ---- | C] () -- D:\WINDOWS\System32\FGWVB32.DLL
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[1998/03/26 02:12:00 | 000,053,248 | ---- | C] () -- D:\WINDOWS\System32\zlib.dll

========== LOP Check ==========

[2009/12/03 16:33:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Activ Software
[2010/02/11 12:27:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\agi
[2008/11/24 13:30:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Bomgar-SCC-492AE2D2
[2010/05/13 11:01:39 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4BEC1453
[2010/05/13 11:01:51 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Bomgar-SCC-4BEC145F
[2009/06/14 21:18:14 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\EEA
[2009/06/11 19:36:32 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\PopCap
[2009/09/26 08:39:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Promethean
[2009/06/20 06:58:19 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SonyPicturesGames
[2009/09/27 07:49:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TomTom
[2011/06/22 19:03:17 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/03 16:34:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\ACTIV Software
[2010/02/11 12:27:23 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\agi
[2010/08/16 07:47:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/03 13:49:42 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\Delicious IE Extension
[2011/06/19 15:29:40 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\Hellmansoft
[2010/09/16 13:36:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\PIV
[2009/11/04 10:23:09 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\Promethean
[2009/09/27 07:47:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\TomTom
[2008/11/21 19:46:46 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St. Mary Chardon\Application Data\Webshots
[2011/06/25 18:18:53 | 000,032,454 | ---- | M] () -- D:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Please, please help. Thank you in advance.

Lynn

Edited by lynnk, 25 June 2011 - 06:01 PM.

  • 0

Advertisements


#2
lynnk

lynnk

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
UPDATE: I continued to try other things as I waited, and I was (mostly) successful! I downloaded a new version of Malwarebytes, and ran a new scan. It found 11 things and I removed and restarted. I still have that annoying little red shield thing in the tray and a popping sound, but I can get online, no more pop-ups, and I can run all my programs! YAY! :)

You people rock! I'm pretty proficient, but it's great to know you and your help pages are here! Thank you, thank you, thank you!!!!!! :unsure:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP