Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected PC - had 800 threats detected by Male..Byte [Solved]

Started by mseymour , Feb 26 2013 07:33 PM

  • This topic is locked This topic is locked

#1
mseymour
Posted 26 February 2013 - 07:33 PM

mseymour

    Member

  • Member
  • PipPipPip
  • 363 posts
Hi, my aunt asked me to look at her PC because it was running slow. I took it home and was having a hard time opening anything. I was finally able to run TFC, and then I was able to install and run MalewareBytes and it found 797 threats, which I had MB remove. I also had to stop all the programs that were trying to run from Startup, as this was a major resource hog. I then tried to install Microsoft Security Essentials. I first uninstalled Norton Anti-virus (which was just partially installed) by using the Norton Removal Tool. I then tried to install MSE, but it stops at the "Preparing to Install ..." window (I have left this for 2 hours, with no change). I am sure with almost 800 threats that were previously on this PC, as well as services and programs that are trying to run, something is still on there. I appreciate your help with this. Below is the OTL logs

OTL logfile created on: 2/26/2013 6:18:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.53 Mb Total Physical Memory | 98.39 Mb Available Physical Memory | 20.52% Memory free
1.10 Gb Paging File | 0.82 Gb Available in Paging File | 74.83% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 15.99 Gb Total Space | 5.06 Gb Free Space | 31.63% Space Free | Partition Type: NTFS
Drive D: | 39.91 Gb Total Space | 36.38 Gb Free Space | 91.17% Space Free | Partition Type: NTFS
Drive G: | 26.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: VALUED-20606295 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/26 17:59:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2013/02/09 20:08:56 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/27 11:11:06 | 000,947,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/06/03 12:20:13 | 000,161,736 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2008/04/13 17:12:38 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\verclsid.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/20 15:42:40 | 000,059,392 | -H-- | M] () -- C:\WINDOWS\system32\clipress.dll
MOD - [2013/02/09 20:08:56 | 002,397,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/09 20:08:56 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/09 17:34:09 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/03 12:20:13 | 000,161,736 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2008/11/19 19:23:16 | 000,217,088 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2008/03/25 21:27:36 | 000,135,168 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2002/03/13 10:59:02 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Family\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Family\LOCALS~1\Temp\Amsmpu4p.sys -- (Amsmpu4p)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50)
DRV - [2010/06/23 18:12:50 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2002/04/25 15:07:13 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2002/04/16 16:32:22 | 000,594,668 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Smbe.sys -- (SMBE)
DRV - [2002/04/06 17:38:02 | 000,187,776 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/03/29 16:34:00 | 000,807,917 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem)
DRV - [2002/03/28 13:08:16 | 000,175,232 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis7012.sys -- (SiS7012)
DRV - [2002/03/17 16:23:52 | 000,005,760 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2002/02/24 17:19:58 | 000,030,650 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SonyWBMS.sys -- (SONYWBMS)
DRV - [2001/12/31 17:12:40 | 000,045,312 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2000/12/05 16:18:02 | 000,003,952 | R--- | M] (Sony Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DMICall.sys -- (DMICall)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...=124514_jewl_gc
IE - HKCU\..\URLSearchHook: {a8625cb7-85fe-4936-92a4-b2a7c925209e} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{3d29c02b-bf3e-4d3b-8a7a-e0e7d0f6dbab}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/02/09 20:08:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2012/11/09 15:14:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2013/02/09 20:08:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/02/09 20:08:56 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/24 10:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/24 10:50:17 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/02/25 17:33:38 | 000,002,783 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 69.72.252.252 www.google.com
O1 - Hosts: 69.72.252.252 google.com
O1 - Hosts: 69.72.252.252 google.com.au
O1 - Hosts: 69.72.252.252 www.google.com.au
O1 - Hosts: 69.72.252.252 google.be
O1 - Hosts: 69.72.252.252 www.google.be
O1 - Hosts: 69.72.252.252 google.com.br
O1 - Hosts: 69.72.252.252 www.google.com.br
O1 - Hosts: 69.72.252.252 google.ca
O1 - Hosts: 39 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll File not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\Program Files\AppGraffiti\AppGraffiti.dll (Omega Partners Ltd)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A899079D-206F-43A6-BE6A-07E0FA648EA0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - http://tbedits.gamin...2012052318&cv=1 File not found
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O16 - DPF: {0000000A-9980-0010-8000-00AA00389B71} http://download.micr...42/wmsp9dmo.cab (Reg Error: Key error.)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...etup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.micr...01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.micr...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcaf...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C111F9D3-1375-4C69-B8A2-65568F0CB469}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\VAIO Serenus Wallpaper TrueColor 1024x768.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO Serenus Wallpaper TrueColor 1024x768.bmp
O27 - HKLM IFEO\install.exe: Debugger - C:\WINDOWS\System32\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/02/27 19:11:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\Shell - "" = AutoRun
O33 - MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: runosort - (C:\WINDOWS\system32\clipress.dll) - C:\WINDOWS\system32\clipress.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/26 12:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/02/26 09:27:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/02/25 18:52:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Malwarebytes
[2013/02/25 18:50:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/25 18:50:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2013/02/25 18:49:51 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/25 18:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/25 18:32:30 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/25 18:32:17 | 003,255,248 | ---- | C] (Javacool Software LLC ) -- C:\Documents and Settings\User\Desktop\spywareblastersetup46.exe
[2013/02/25 18:32:14 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\TFC.exe
[2013/02/20 17:05:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Desktop\Documants
[2013/02/20 16:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2013/02/20 15:43:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\1CA0533AC2F1D00700001CA036A0D651
[2013/02/09 20:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/26 17:54:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/26 17:54:44 | 502,894,592 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/26 14:32:53 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/26 14:00:20 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2013/02/26 13:11:52 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/26 12:00:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/26 11:13:33 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2013/02/26 06:56:51 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2013/02/25 23:28:02 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2013/02/25 18:50:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/25 17:57:59 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2013/02/25 17:36:36 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B695AA59-351C-4A2D-A3C1-2D840D027CD6}.job
[2013/02/25 17:33:38 | 000,002,783 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/02/24 21:09:42 | 003,255,248 | ---- | M] (Javacool Software LLC ) -- C:\Documents and Settings\User\Desktop\spywareblastersetup46.exe
[2013/02/24 21:06:48 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\User\Desktop\mbam-setup-1.70.0.1100.exe
[2013/02/24 21:02:58 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Desktop\TFC.exe
[2013/02/20 16:52:48 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2013/02/20 15:51:48 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2013/02/20 15:51:48 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2013/02/20 15:51:46 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2013/02/20 15:42:40 | 000,059,392 | -H-- | M] () -- C:\WINDOWS\System32\clipress.dll
[2013/02/20 13:19:49 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/20 12:53:03 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2013/02/20 12:53:03 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/02/20 12:53:03 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/02/19 06:30:50 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2013/02/19 06:30:50 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2013/02/19 06:30:50 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2013/02/19 06:30:50 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2013/02/19 06:30:50 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2013/02/18 20:40:06 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2013/02/18 18:06:03 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2013/02/18 10:58:13 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/02/17 10:11:59 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/02/17 10:10:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2013/02/14 06:31:52 | 000,115,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 21:46:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/13 21:39:45 | 000,433,108 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 21:39:45 | 000,067,938 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/28 12:47:33 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2013/01/28 12:47:33 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2013/01/28 12:42:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[1 C:\Documents and Settings\User\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\User\Local Settings\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/26 13:53:45 | 502,894,592 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/26 12:12:29 | 000,000,384 | -H-- | C] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/02/26 12:02:34 | 000,001,698 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/02/25 18:50:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/20 15:42:40 | 000,059,392 | -H-- | C] () -- C:\WINDOWS\System32\clipress.dll
[2013/01/28 12:47:33 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2013/01/28 12:47:33 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2012/11/05 18:03:52 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2012/02/15 20:52:25 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/03 18:12:13 | 000,000,216 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2011/10/29 14:55:55 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2010/11/29 18:18:50 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\User\Application Data\start
[2010/11/29 18:07:24 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\User\Application Data\completescan
[2010/11/29 18:01:42 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\User\Application Data\install
[2010/11/22 18:00:55 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2008/11/09 15:28:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 17:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 05:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 17:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/20 15:50:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1CA0533AC2F1D00700001CA036A0D651
[2010/11/21 11:18:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\218d22
[2011/03/11 05:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Affinegy
[2011/03/11 05:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Belkin
[2007/08/15 14:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/11/20 15:43:46 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\ISDCS
[2012/01/16 12:01:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/05/20 21:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/01/15 23:19:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AppGraffiti
[2012/06/19 17:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameRanger
[2002/04/25 15:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterTrust
[2012/06/03 12:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Oracle
[2012/06/01 09:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\searchquband
[2012/08/09 13:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Solaris Skunkwerks
[2012/04/14 12:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Toolbar4

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\WINDOWS:DA63560191FD240F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
  • 0

Advertisements

#2
maliprog
Posted 27 February 2013 - 12:38 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello mseymour and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 2

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    FF - prefs.js..browser.startup.homepage: "http://www.searchnu.com/406"
    O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
    O33 - MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\Shell - "" = AutoRun
    O33 - MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
    O36 - AppCertDlls: runosort - (C:\WINDOWS\system32\clipress.dll) - C:\WINDOWS\system32\clipress.dll ()

    :Files
    C:\WINDOWS\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 3

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 4

Please don't forget to include these items in your reply:

  • adwCleaner log
  • OTL fix log
  • VRT log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
mseymour
Posted 27 February 2013 - 12:44 AM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
I thought I would make my post a little clearer as I was writting it from the "sick" PC and was trying to rush before it would freeze on me. Below are the steps I did:

1. Ran TFC
2. Ran MaleWarebytes - there were 797 threats detected. I had Malewarebytes remove them
3. Ran MaleWarebytes 3 more times until it came back clean (it would keep finding 1-2 threats, by the third time it was clean)
4. Tried to uninstall Norton Antivirus to install Microsoft Security Essentials, could not do it through Add/Remove programs. I tried to get out on the internet to download Norton's removal tool, but internet browsing was extremely slow
5. Through msconfig - I disabled all Startup programs. I was then able to download Norton's removal tool and remove Norton Antivirus
6. Tried to install Microsoft Security Essentials. Got to the point were the window says "Preparing to install" and the progress bar was running like it was installing the program. I left it going for 2 hours at this window, but it kept doing the same thing and never completed so I ended up stopping it
7. I now show the Microsoft Security Essentials icon in the system tray. It is red and says PC at risk. When I try to start it after clicking on the icon, it says it can't be started as the service is not installed
8. The OTL logs are below in my orginal post

Any help would be greatly appreciated. Thanks.
  • 0

#4
mseymour
Posted 27 February 2013 - 12:46 AM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
Hello maliprog, I just saw your post after I added my reply. I will follow your instructions and update you. Thanks.
  • 0

#5
mseymour
Posted 27 February 2013 - 07:31 AM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
AdwCleaner Logs:

# AdwCleaner v2.113 - Logfile created 02/27/2013 at 06:19:03
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - VALUED-20606295
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\My Documents\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\DOCUME~1\User\LOCALS~1\Temp\searchqutoolbar-manifest.xml
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\AppGraffiti
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Family\Application Data\AppGraffiti
Folder Deleted : C:\Documents and Settings\Family\Application Data\Inbox Toolbar
Folder Deleted : C:\Documents and Settings\Family\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\Family\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\Family\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\User\Application Data\AppGraffiti
Folder Deleted : C:\Documents and Settings\User\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\User\Application Data\Toolbar4
Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\Program Files\Inbox Toolbar
Folder Deleted : C:\Program Files\MyWebSearch

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A899079D-206F-43A6-BE6A-07E0FA648EA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8DAAA30-6CAA-4B58-9603-8E54238219E2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{042DA63B-0933-403D-9395-B49307691690}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37540F19-DD4C-478B-B2DF-C19281BCAF27}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4730EBE-43A6-443E-9776-36915D323AD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\inbox
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB02BC6B-B0F0-4074-99E6-884B70FCB6AE}
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\FocusInteractive
Key Deleted : HKLM\Software\Fun Web Products
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\Inbox Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DATAMNGR
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{612AD33D-9824-4E87-8396-92374E91C4BB}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\Software\MyWebSearch
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{A899079D-206F-43A6-BE6A-07E0FA648EA0}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.mywebsearch.com/index.jhtml?n=77DE8857&ptnrS=Z7xdm296YYus&ptb=29D7CC7B-001A-4AD3-B6A9-C1406EA0B890&si=124514_jewl_gc --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\tzycb2v3.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\lf02bg42.default\prefs.js

Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406");

*************************

AdwCleaner[S1].txt - [8891 octets] - [27/02/2013 06:19:04]

########## EOF - C:\AdwCleaner[S1].txt - [8951 octets] ##########
  • 0

#6
mseymour
Posted 27 February 2013 - 07:59 AM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
OTL Fix Log:

All processes killed
========== OTL ==========
Prefs.js: "http://www.searchnu.com/406" removed from browser.startup.homepage
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\inbox\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40edbb8c-2137-11e1-bc47-00e01893ea8c}\ not found.
File I:\LaunchU3.exe -a not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\runosort deleted successfully.
C:\WINDOWS\system32\clipress.dll moved successfully.
========== FILES ==========
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.VALUED-20606295
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Family
->Temp folder emptied: 1674708 bytes
->Temporary Internet Files folder emptied: 33207 bytes
->FireFox cache emptied: 917446 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3244181 bytes
->Flash cache emptied: 492 bytes

User: NetworkService
->Temp folder emptied: 1318 bytes
->Temporary Internet Files folder emptied: 19791958 bytes
->Flash cache emptied: 626 bytes

User: User
->Temp folder emptied: 110533724 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 2244164 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 339286 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 132.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02272013_063340

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\ULQ6D6JV\adopt[1]. not found!
File\Folder C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\ULQ6D6JV\ShowFolder[1]. not found!
File\Folder C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\MTDOETK5\login[1]. not found!
File\Folder C:\Documents and Settings\Family\Local Settings\Temporary Internet Files\Content.IE5\GYXCK70R\ShowFolder[1]. not found!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\aceUAC[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\afr[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\andes_c[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\aye-ga-tracker[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\buttons[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\css[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\css[2].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\custom[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\if[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\jquery.carouFredSel-4.3.3-packed[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\jquery.min[5].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\jquery.prettyPhoto[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\kansas-city-voters-approve-tax-increase-to-finance-streetcar-system[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\pd[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\I6VOY9VW\superfish[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\1361402298068_21135218137417[4].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\afr[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\bv[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\core[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\core[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\drupal[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\ext[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\ext[2].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\fonts[1].css moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\foodrecipe[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\html5[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\jquery.bxslider.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\jquery.min[3].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\kansas-city-voters-approve-tax-increase-to-finance-streetcar-system[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\magic-21-jackpot[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\mypodstudios_com[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\mypodstudios_com[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\plusone[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\results[9].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\swfobject[3].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FQS10WC5\UBD[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\26[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\66[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\afr[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\broadwaytv_js[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\CFInstall.min[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\eco[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\facebox-1.3[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\gv[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\init[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\jquery.chrome_frame[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\jquery.min[2].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\jquery.tabify[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\jquery.tipTip.minified[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\lana-del-rey-jaguar-launch-lady-734137[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\recipe-corner-review-smoked-olive-oil-and-brown-sugar[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\vanessa-hudgens-covers-untitled-october-2012[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\7ZMEJZCA\video[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\25[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\abx-2012-pella-doors-and-windows[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\afr[1].php moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\bv[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\clkurl=;ord=124235984[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\ddc[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\emily[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\ext[1].html moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\fb-login[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\getAds[1].jsp moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\h[1].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\h[2].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\h[3].txt moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\ie-html5[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\jquery.easing.1.3[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\liftrtb_4[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\load[1] moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\pd[1].htm moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\PlayerSeed[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\script[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\site-132782[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\s_code[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\tabs[1].js moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\6KLUXYG8\widgets[1].js moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#7
mseymour
Posted 27 February 2013 - 11:08 AM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
VRT Log:

I could not get the Virus Removal Tool to install. It would get to the point where it says "Kaspersky Virus Removal Tool is being installed ... Please Wait ..." I left it at this window for 2 hours before finally quitting. I tried installing again, and left it at the window for 1 1/2 hours before quitting.

This is also what was happening to me when I tried to install Microsoft Security Essentials before I seeked your assistance.
  • 0

#8
mseymour
Posted 27 February 2013 - 10:17 PM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
I was able to run VRT in Safe Mode. Here is the log you requested. I am manually typing this log out as now the PC is running very slow and the Internet Browsing seems to freeze. I copied the logs down and am posting this from a different PC.

Status Deleted (events 2)

2/27/2013 5:00:33 PM Deleted Trojan program Trojan-Dropper.Win32.TDSS.awvy C:\Documnets and Settings\Family\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\20\119fd994-64ff94c7 High

2/27/2013 6:24:47 PM Deleted Trojan program Trojan.Win32.Hosts2.gen C:\_OTL\MovedFiles\02272013_0633401\C_WINDOWS\System32\drivers\etc\hosts High
  • 0

#9
maliprog
Posted 28 February 2013 - 12:49 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mseymour,

Can you try and run Combofix in Safe mode too. Post log after the scan.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *

IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion just reboot your system once, that will cure it.


Please make sure you include the combo fix log in your next reply
  • 0

#10
mseymour
Posted 28 February 2013 - 09:30 AM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
I ran Combofix from the desktop, and it seemed to run fine. There was no log produced that I could see. I checked in C:\ and the desktop
  • 0

Advertisements

#11
mseymour
Posted 01 March 2013 - 09:24 AM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
The internet browser (Mozilla) just sits there and continues to "clock"

Edited by mseymour, 01 March 2013 - 02:10 PM.

  • 0

#12
maliprog
Posted 02 March 2013 - 12:07 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi mseymour,

Can you restart your system and check for C:\Combofix.txt again.

If you can't find it please run Combofix one more time and hopefully we will get log this time.
  • 0

#13
mseymour
Posted 02 March 2013 - 01:19 AM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
I ran it again, but still do not see C:\Combofix.txt file. I had to run this in "Normal" mode as I can not boot into "Safe mode" now. Everytime I try, it keeps booting back to the screen where I can pick the different safe modes, normal modes, or last known good configuration -- I can boot into normal mode though.
Also, one thing I found interesting is that when I have booted into Safe mode in the past and watched the drivers/files/etc. load, I always noticed that mup.sys was the last one loaded before I was able to get into safe mode, now I show one other file (it is something like 50515817.sys <-- can't remember exactly what it is).
  • 0

#14
mseymour
Posted 03 March 2013 - 11:23 PM

mseymour

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 363 posts
FYI - I re-downloaded combofix from another PC, burned it to CD, and renamed it to abc. I copied it to the infected PC's desktop, and now when I run it, it brings up a MS-DOS window (which it didn't before) and is doing a lot more then it did before. Hopefully, we will get a log file and I will post once I do.

Thanks.
  • 0

#15
maliprog
Posted 04 March 2013 - 12:07 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That's good news. Wait until it finish the scan and post log for me. Hopefully we will have it this time.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP