Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Multiple issue (EMET, Script, Unable to rebot/shutdown normally)

Started by docret96 , Mar 19 2013 03:17 PM

  • Please log in to reply

#1
docret96
Posted 19 March 2013 - 03:17 PM

docret96

    Member

  • Member
  • PipPip
  • 15 posts
Its been a while since I have post on the web site. If I need to redirect to another section please let me know. Anyway here goes.

1.Several weeks ago (+) I had a sporadic problem with script error msg's. "A script on the page may be busy, or it may have stopped responding. You can stop the script now or you can continue to see if the script will complete:" Followed by one of the following.
Scrip: resource;//gre/modules/pcomutils.jsm3231
chrome://browser/content/santize.js:133
google://browser/content/snatize.js135
chrome://browser/content/offlineapproach.jsm:16
If I pressed the continue tab most times it just would not do anything. If I selected the cancel tab, the screen would disappear and I would continue on with what I was doing on the internet.

2.Also while on the internet I would get a popup window from time to time that would display the msg "You (or a program) have requested information from www._____.com/net. Which connection do you want to use.
connection
fastaccess dsl

setting Current cancel
I would simply hit cancel and continue on.

3. I cannot shut down or rebot via normal channel. If I need to rebot for a program udate then I have to force shut down using the power switch. When I do try to shut down or restart(rebot) normally I get several diferent msg's stating this or that program is not responding. Lately I have been getting the following.
Server Busy
This action canot be completed because the other program is busy. "Choose switch to" tab to activate the busy program and correct problem.
When press the switch to tab, a box pops up with text "clearing History".
Assuming (we know what that can mean)that it was the internet history, I opened that folder which was empty.
I tried again to shut down or rebot. After a number of minutes (10-15) the same msg would appear. the msg in the box read, "start menu popups" ???? At this time I would force the shut down/rebot using the power switch. Sometime even going back to restore points I would have to do this several time to get the mouse to work.

4. I tried to stall the EMET program about a week ago. Believing that I know how to follow directions the program did not install correctly. When I tried to uninstal I keep getting the msg, " Unable to unistall - Not Authorized."

I have run Eset scanner for antiviruses, SuperAntispyware, McAfee Security Program which is the security program on my computer. Although I'm looking to find another security system. Eset has found virus and cleaned them that McAfee misses.

My computer is a Dell with Windows home xp upgrade or xp pro
Security system is McAfee.
My internet access in through AT&T Uverse.
Attached to the OTL scan that I ran several days ago.

I would like to thank you at this time for any assistance or direction you may give.Attached File  OTL.Txt   96.4KB   82 downloads
  • 0

Advertisements

#2
Jintan
Posted 26 March 2013 - 04:45 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Hello docret96,


Sorry about the delayed response. Though you need to post your logs here, in your forum thread, I did check the one you attached (which I'll post now as well). Some past adware changes that may be involved with things, but let's check further.


OTL logfile created on: 3/12/2013 10:31:25 AM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\gerald murphy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 231.34 Mb Available Physical Memory | 45.27% Memory free
2.91 Gb Paging File | 2.21 Gb Available in Paging File | 75.85% Paging File free
Paging file location(s): C:\pagefile.sys 2500 2500 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 41.83 Gb Free Space | 56.18% Space Free | Partition Type: NTFS

Computer Name: GERALD-9VY47B6P | User Name: gerald murphy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - [2013/02/22 00:37:37 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/01/30 14:27:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\gerald murphy\My Documents\Downloads\OTL.exe
PRC - [2013/01/14 19:00:22 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/12/26 11:09:06 | 000,171,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
PRC - [2012/12/26 11:05:32 | 000,168,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2012/12/26 11:03:22 | 000,203,400 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2012/09/12 12:21:28 | 001,137,032 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\MSC\mcupdmgr.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2012/01/31 19:18:49 | 000,180,552 | ---- | M] (Solid Documents, LLC) -- C:\WINDOWS\Installer\MSI16D.tmp
PRC - [2011/03/25 11:35:16 | 003,404,136 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\gerald murphy\Desktop\McAfee VR Tools\procexp.exe
PRC - [2010/09/13 21:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/28 22:11:59 | 000,258,048 | ---- | M] (iISoftware) -- C:\Program Files\iISystem Wiper\SystemWiper.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/21 03:21:46 | 000,027,976 | ---- | M] () -- C:\WINDOWS\system32\solidlocalmon.dll
MOD - [2009/02/13 12:44:56 | 000,071,696 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009/02/13 12:44:52 | 000,207,376 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009/02/13 12:44:52 | 000,117,264 | ---- | M] () -- c:\Program Files\McAfee\SiteAdvisor\apengine.dll
MOD - [2005/10/20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005/10/20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Program Files\HP\Digital Imaging\bin\crm\xmlparse.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/03/08 12:32:34 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/27 15:11:11 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/22 00:37:37 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/12/26 11:09:06 | 000,171,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2012/12/26 11:05:32 | 000,168,880 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/12/26 11:03:22 | 000,203,400 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/12/04 11:54:14 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/09/28 19:12:44 | 000,832,664 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\Temp\0220861362733148mcinst.exe -- (0220861362733148mcinstcleanup)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/01/31 19:18:49 | 000,180,552 | ---- | M] (Solid Documents, LLC) [Auto | Running] -- C:\WINDOWS\Installer\MSI16D.tmp -- (SCPDFReadSpool)
SRV - [2010/09/13 21:02:44 | 000,399,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Documents and Settings\gerald murphy\Desktop\Utilities\SABKUTIL.sys -- (SABKUTIL)
DRV - File not found [Kernel | System | Stopped] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{733600D2-41A5-42A7-B700-80A39F78E8EA}\MpKsl9c93ef32.sys -- (MpKsl9c93ef32)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\DOCUME~1\GERALD~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/12/26 11:12:06 | 000,060,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2012/12/26 11:08:44 | 000,091,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/12/26 11:07:54 | 000,092,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/12/26 11:06:54 | 000,565,416 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/12/26 11:06:04 | 000,084,464 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2012/12/26 11:06:04 | 000,084,464 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2012/12/26 11:05:52 | 000,362,640 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/12/26 11:05:22 | 000,065,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/12/26 11:05:02 | 000,234,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/12/26 11:04:34 | 000,132,976 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/05/19 14:20:36 | 000,013,632 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OMCI.sys -- (OMCI)
DRV - [2009/10/22 02:23:18 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/10/22 02:23:18 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007/07/27 19:50:36 | 000,517,632 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2005/01/08 16:09:10 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/04/02 23:35:08 | 000,043,392 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/04/02 23:32:20 | 000,024,576 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2002/10/02 18:47:04 | 000,025,674 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/10/02 18:46:58 | 000,030,406 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/10/02 18:46:52 | 000,134,426 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2002/10/02 18:43:20 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/10/02 18:42:00 | 000,240,640 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/09/27 19:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/08/30 12:29:02 | 001,293,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P16X.sys -- (P16X)
DRV - [2001/08/17 14:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_v124.sys -- (V124)
DRV - [2001/08/17 14:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_tone.sys -- (Tones)
DRV - [2001/08/17 14:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_msft.sys -- (hsf_msft)
DRV - [2001/08/17 14:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_spkp.sys -- (SpeakerPhone)
DRV - [2001/08/17 14:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_samp.sys -- (Rksample)
DRV - [2001/08/17 14:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_k56k.sys -- (K56)
DRV - [2001/08/17 14:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_fall.sys -- (Fallback)
DRV - [2001/08/17 14:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_faxx.sys -- (SoftFax)
DRV - [2001/08/17 14:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hsf_fsks.sys -- (Fsks)
DRV - [2001/08/17 14:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsf_bsc2.sys -- (basic2)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = InfoSpace
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://ypng.infospac...y*&qs=&x=36&y=5
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3DD3A2BF-4E02-4FCE-A205-32148A6F0451}: "URL" = http://ypng.infospac...y*&qs=&x=36&y=5
IE - HKCU\..\SearchScopes\{77284518-4F73-4F13-AA24-65CE54C68F8E}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B05f6a7ea-896b-11da-8bde-f66bad1e3f3a%7D:0.3.1
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.6.110
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7BD19CA586-DD6C-4a0a-96F8-14644F340D60%7D:14.4.1
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B4ED1F68A-5463-4931-9384-8FFF5ED91D92%7D:3.6.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "http://search.yahoo....h?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\gerald murphy\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012/12/20 14:31:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/03/08 04:58:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 12:32:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/08 12:31:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2012/10/28 14:07:40 | 000,000,000 | ---D | M]

[2011/05/25 15:56:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Extensions
[2013/02/23 17:44:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\709yey7t.default\extensions
[2013/02/23 17:44:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\709yey7t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/02/22 16:17:43 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\709yey7t.default\extensions\[email protected]
[2011/10/29 16:30:53 | 000,005,800 | ---- | M] () (No name found) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\709yey7t.default\extensions\{05f6a7ea-896b-11da-8bde-f66bad1e3f3a}.xpi
[2013/02/12 01:55:59 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\709yey7t.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2013/03/08 12:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 12:31:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/03/08 12:31:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/03/08 04:58:12 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES\COMMON FILES\MCAFEE\SYSTEMCORE
[2012/12/20 14:31:38 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2009/09/04 03:00:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/03/08 12:32:40 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2012/09/01 17:23:30 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/13 14:46:46 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2013/02/27 14:30:11 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Secure Search ()
CHR - default_search_provider: search_url = http://search.yahoo....p={SearchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com

O1 HOSTS File: ([2011/02/24 11:31:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120624021552.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [blspcloader] C:\Program Files\ATT Internet Tools\blsloader.exe (AT&T Corporation)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe (iISoftware)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: download.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: update.microsoft.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: windowsupdate.microsoft.com ([]http in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsou...oad/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} http://download.mcaf...ed/MGBrwFld.cab (BrowseFolderPopup Class)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.co...76/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1272936391718 (MUCatalogWebControl Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} http://amiuptodate.m...pdatePortal.cab (McUpdatePortalFactory Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupd...b?1098735743562 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1133118825937 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.co...,16/mcgdmgr.cab (DwnldGroupMgr Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FB298ECE-4D17-414A-A5E8-FABC938796B2} http://www.kohlerplu...awingViewer.cab (ActiveWebParts Illustration Viewer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B2498E3-B54C-40AF-8F4C-A7C779CE4E30}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/26 22:27:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 90 Days ==========

[2013/03/08 12:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/03/08 04:57:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/03/07 21:02:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2013/02/23 17:34:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gerald murphy\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
[2013/02/23 17:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\EMET
[2013/02/22 00:41:47 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/22 00:41:30 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/22 00:40:49 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/22 00:40:49 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/22 00:40:48 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/14 17:18:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/31 11:12:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Sun
[2013/01/24 10:41:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/12/15 09:11:33 | 000,084,464 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2013/03/12 10:10:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/12 01:00:00 | 000,000,418 | ---- | M] () -- C:\WINDOWS\tasks\vtscheduletask.job
[2013/03/11 12:16:04 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2013/03/07 17:14:33 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\Outlook 2007.lnk
[2013/02/27 15:11:07 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/27 15:11:07 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/26 16:20:18 | 000,000,647 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\Shortcut to autoruns.lnk
[2013/02/26 15:33:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/26 15:32:42 | 535,871,488 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/26 13:42:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/22 00:37:55 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013/02/22 00:37:21 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013/02/22 00:37:21 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013/02/22 00:37:21 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013/02/22 00:37:20 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013/02/22 00:37:16 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013/02/22 00:37:09 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013/02/20 16:36:50 | 000,001,607 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\McAfee SecurityCenter.lnk
[2013/02/15 09:31:28 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\Word 2007.lnk
[2013/02/15 05:38:35 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/15 04:45:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/02/15 04:14:12 | 000,512,838 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/15 04:14:12 | 000,097,538 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/15 03:08:29 | 000,000,876 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\Shortcut to OnlineScannerApp.lnk
[2013/02/04 12:34:06 | 000,281,275 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\Time Clock Op Manual - Cross Country.pdf
[2013/02/04 12:29:44 | 000,108,646 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\MQOP Fall Social CJ-0000343522.pdf
[2013/02/04 12:23:23 | 000,266,042 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\MaryQueenofPeaceAd-Proof-11 8 12.pdf
[2013/01/30 14:43:38 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\gerald murphy\Desktop\Shortcut to OTL.exe.lnk
[2013/01/25 23:55:44 | 000,552,448 | --S- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll
[2013/01/10 15:33:34 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/01/08 16:34:58 | 006,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/01/06 21:19:45 | 002,148,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2013/01/06 21:16:02 | 002,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntoskrnl.exe
[2013/01/06 21:16:02 | 002,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2013/01/06 20:37:01 | 002,027,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2013/01/06 20:36:58 | 002,069,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntkrnlpa.exe
[2013/01/06 20:36:58 | 002,069,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2013/01/03 21:20:00 | 001,867,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\win32k.sys
[2013/01/03 21:20:00 | 001,867,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32k.sys
[2013/01/02 02:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2013/01/02 02:49:10 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax
[2013/01/02 02:49:10 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2012/12/26 16:16:29 | 001,212,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2012/12/26 16:16:29 | 000,916,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2012/12/26 16:16:29 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2012/12/26 16:16:29 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2012/12/26 16:16:29 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2012/12/26 16:16:29 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2012/12/26 16:16:29 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2012/12/26 16:16:29 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2012/12/26 16:16:29 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2012/12/26 16:16:29 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2012/12/26 16:16:29 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2012/12/26 16:16:29 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2012/12/26 16:16:28 | 011,111,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2012/12/26 16:16:28 | 002,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2012/12/26 16:16:28 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2012/12/26 16:16:28 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2012/12/26 16:16:28 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2012/12/26 16:16:28 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/12/26 16:16:28 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2012/12/26 16:16:28 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2012/12/26 16:16:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2012/12/26 16:16:28 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2012/12/26 16:16:28 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2012/12/26 16:16:28 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2012/12/26 16:16:28 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2012/12/26 16:16:28 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2012/12/26 11:12:06 | 000,060,480 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2012/12/26 11:08:44 | 000,091,200 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2012/12/26 11:08:06 | 000,009,648 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2012/12/26 11:07:54 | 000,092,192 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2012/12/26 11:06:54 | 000,565,416 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2012/12/26 11:06:04 | 000,084,464 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2012/12/26 11:05:52 | 000,362,640 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2012/12/26 11:05:22 | 000,065,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2012/12/26 11:05:02 | 000,234,824 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2012/12/26 11:04:34 | 000,132,976 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2012/12/24 02:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2012/12/24 02:41:10 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2012/12/24 02:40:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2012/12/16 08:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012/12/16 08:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[2012/12/14 11:31:00 | 002,069,778 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Mechanical Plan 3 of 4.PDF
[2012/12/14 11:31:00 | 001,682,330 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Mechanical Plan 2 of 4.PDF
[2012/12/14 11:31:00 | 001,544,186 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Mechanical Plan 1 of 4.PDF
[2012/12/14 11:31:00 | 001,187,938 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Mechanical Plan 4 of 4.PDF
[2012/12/14 11:29:00 | 001,236,570 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Electrical Plan 3 of 3.PDF
[2012/12/14 11:29:00 | 001,187,282 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Electrical Plan 2 of 3.PDF
[2012/12/14 11:29:00 | 001,134,034 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Electrical Plan 1 of 3.PDF
[2012/12/14 11:26:00 | 001,995,722 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 4 of 7 Rev A.PDF
[2012/12/14 11:26:00 | 001,943,026 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 6 of 7 Rev A.PDF
[2012/12/14 11:26:00 | 001,255,898 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 7 of 7 Rev A.PDF
[2012/12/14 11:26:00 | 001,153,258 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 5 of 7 Rev A.PDF
[2012/12/14 11:25:44 | 002,924,633 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 3 of 7 Rev A.pdf
[2012/12/14 11:25:09 | 001,916,148 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 2 of 7 Rev A.pdf
[2012/12/14 11:24:19 | 002,074,292 | ---- | M] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 1 of 7 Rev A.pdf
[3 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/26 16:20:17 | 000,000,647 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Desktop\Shortcut to autoruns.lnk
[2013/02/20 16:36:50 | 000,001,607 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Desktop\McAfee SecurityCenter.lnk
[2013/02/15 03:08:29 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Desktop\Shortcut to OnlineScannerApp.lnk
[2013/02/04 12:34:06 | 000,281,275 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\Time Clock Op Manual - Cross Country.pdf
[2013/02/04 12:29:35 | 000,108,646 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\MQOP Fall Social CJ-0000343522.pdf
[2013/02/04 12:23:22 | 000,266,042 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\MaryQueenofPeaceAd-Proof-11 8 12.pdf
[2013/01/30 14:43:38 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Desktop\Shortcut to OTL.exe.lnk
[2012/12/14 11:31:00 | 002,069,778 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Mechanical Plan 3 of 4.PDF
[2012/12/14 11:31:00 | 001,682,330 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Mechanical Plan 2 of 4.PDF
[2012/12/14 11:31:00 | 001,544,186 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Mechanical Plan 1 of 4.PDF
[2012/12/14 11:31:00 | 001,187,938 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Mechanical Plan 4 of 4.PDF
[2012/12/14 11:29:00 | 001,236,570 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Electrical Plan 3 of 3.PDF
[2012/12/14 11:29:00 | 001,187,282 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Electrical Plan 2 of 3.PDF
[2012/12/14 11:29:00 | 001,134,034 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Electrical Plan 1 of 3.PDF
[2012/12/14 11:26:00 | 001,995,722 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 4 of 7 Rev A.PDF
[2012/12/14 11:26:00 | 001,943,026 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 6 of 7 Rev A.PDF
[2012/12/14 11:26:00 | 001,255,898 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 7 of 7 Rev A.PDF
[2012/12/14 11:26:00 | 001,153,258 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 5 of 7 Rev A.PDF
[2012/12/14 11:25:44 | 002,924,633 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 3 of 7 Rev A.pdf
[2012/12/14 11:25:09 | 001,916,148 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 2 of 7 Rev A.pdf
[2012/12/14 11:24:19 | 002,074,292 | ---- | C] () -- C:\Documents and Settings\gerald murphy\My Documents\DHS Architectural 1 of 7 Rev A.pdf
[2012/02/14 23:13:36 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 19:18:59 | 000,027,976 | ---- | C] () -- C:\WINDOWS\System32\solidlocalmon.dll
[2012/01/31 19:18:59 | 000,019,272 | ---- | C] () -- C:\WINDOWS\System32\solidlocalui.dll
[2011/03/26 14:32:24 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\A0388F
[2011/03/23 12:28:09 | 000,000,034 | ---- | C] () -- C:\WINDOWS\t2_x21.dat
[2010/05/19 15:24:13 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\mcs.rma
[2009/01/19 23:41:22 | 000,037,299 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\Comma Separated Values (Windows).ADR
[2006/03/20 20:54:55 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/29 11:28:12 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\fusioncache.dat
[2003/03/27 00:04:57 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\PFP100JPR.{PB
[2003/03/27 00:04:57 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\gerald murphy\Application Data\PFP100JCM.{PB

========== ZeroAccess Check ==========

[2005/12/29 10:56:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/01/07 18:20:52 | 001,497,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

#3
Jintan
Posted 26 March 2013 - 04:47 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

---------

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

  • 0

#4
docret96
Posted 05 April 2013 - 10:31 AM

docret96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Sorry that it took me so long I had to run the one program a couple of times. I was able to down load finally the gmer program but the log it created is out in cyber lala land I think. Either that or my fat thumbs hit a button that I wasn't/should have. Anyway here is the other logs.

# AdwCleaner v2.200 - Logfile created 04/04/2013 at 20:16:34
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : gerald murphy - GERALD-9VY47B6P
# Boot Mode : Normal
# Running from : C:\Documents and Settings\gerald murphy\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
Folder Found : C:\Documents and Settings\Administrator.GERALD-9VY47B6P\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\709yey7t.default\jetpack
Folder Found : C:\Documents and Settings\gerald murphy\Application Data\SearchProtect
Folder Found : C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Conduit
Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287822
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\gerald murphy\Application Data\Mozilla\Firefox\Profiles\709yey7t.default\prefs.js

Found : user_pref("CT3287822_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287822&octid=CT328782[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "MixiDJ V8 Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=mcafee&p=");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287822");
Found : user_pref("browser.search.defaultthis.engineName", "MixiDJ V8 Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&CUI[...]
Found : user_pref("browser.search.selectedEngine", "MixiDJ V8 Customized Web Search");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287822&SearchSource=2&CU[...]

File : C:\Documents and Settings\Administrator.GERALD-9VY47B6P\Application Data\Mozilla\Firefox\Profiles\uqwlrh3c.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3201 octets] - [04/04/2013 20:16:34]

########## EOF - C:\AdwCleaner[R1].txt - [3261 octets] ##########

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : gerald murphy [Admin rights]
Mode : Scan -- Date : 04/04/2013 19:59:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] SMessaging.exe -- C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 7 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Documents and Settings\gerald murphy\Application Data\SearchProtect\bin\cltmng.exe) -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Run : SMessaging ("C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Strongvault Online Backup\SMessaging.exe") [7] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-746137067-73586283-682003330-1004[...]\Run : SearchProtect (C:\Documents and Settings\gerald murphy\Application Data\SearchProtect\bin\cltmng.exe) -> FOUND
[STARTUP][SUSP PATH] StrongVaultApp.lnk @gerald murphy : C:\Documents and Settings\gerald murphy\Local Settings\Application Data\Strongvault\StrongVaultApp.exe [7] -> FOUND
[HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BB-75CAA0 +++++
--- User ---
[MBR] 214a0ea60655085b3446fb0b3bae47a1
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 76245 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: HP Officejet Pro L7 USB Device +++++
Error reading User MBR!
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_04042013_02d1959.txt >>
RKreport[1]_S_04042013_02d1959.txt
  • 0

#5
Jintan
Posted 05 April 2013 - 05:36 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Are you sure you completely disabled McAfee when you ran the Gmer scan? Really only adware changes showing here so far.



Be sure to continue to temporarily disable any protective software when running the scan tools we use here.



Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan


•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

If it prompts for a reboot, go ahead and agree to it.

---------

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Download the latest version of Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.65.0.1400.exe to install the application.

Follow all prompts, and check off all boxes except the one to load the Trial version. I just expires and causes confusion in a few weeks.

* If an update is found, it will download and install the latest version.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications

Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
  • 0

#6
docret96
Posted 20 April 2013 - 06:32 PM

docret96

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Jantin,

I am still trying to follow your directions. Apparently, somehow I have/had download a program called Offsite Safe File Vault and Conduit. This was no doubt operator error. I apparently didn't uncheck a box when trying to download Gemr from CNet.com. It has taken me SEVERAL attempts to delete these programs. I had to go file by file to eventually eradicate these programs from several different areas on my hard drive. I'm sending this from my laptop.
Hopefully in the next couple of days I'll be able to send what you need from my desktop. Please don't dump me yet. Again thank you for your time and assistance.

Jerry
  • 0

#7
Jintan
Posted 20 April 2013 - 06:53 PM

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Why didn't you download Gmer from the link I provided? CNet is crap, and adds it's own adware installer to downloads. For some reason not enough people have caught on to just stop using it, and close it down.

But for now I suggest you rerun AdwCleaner, and then follow the steps I have posted.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP