Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

"Your System is Infected"

Started by mariijane , Apr 25 2011 10:01 AM

Please log in to reply

#16
mariijane

Posted 27 April 2011 - 08:15 PM

Member

Topic Starter
Member
20 posts

Many thanks again! Followed the above instructions: please find the attached zip.

Attached Files

avptool_sysinfo.zip 20.89KB 126 downloads

#17
Essexboy

Posted 28 April 2011 - 10:22 AM

GeekU Moderator

Retired Staff
69,964 posts

OK could we be on the home stretch ?

What are your current problems ?

Could you re-run ASWMbr for me please - save the log and post that

Then run a fresh OTL scan with the following parameters

Run OTL
Select All Users
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
CREATERESTOREPOINT
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Post both logs

#18
mariijane

Posted 28 April 2011 - 02:37 PM

Member

Topic Starter
Member
20 posts

Hi! I REALLY appreciate all your help!

Before running the scans, I pulled up Windows as normally & attempted to poke around a bit to see if anything was still acting up. It actually looks like nearly everything is running normal. Just a couple things I noticed:

- When I click on the Desktop tab under Display Properties, the background options are still greyed out and "critical_warning" is still listed as a background file (although I'm unable to click on anything).

- When I attempt to download McAfee directly from the website, it still gives me the same error message I was getting earlier when the virus was full force & was blocking certain exe files. However, I was able to download and install the updated Firefox with no issues.

First log listed is for ASWMbr and second, OTL. Oddly enough, it didn't open an "extras" document (I also checked the folder where it originally saved to, and I didn't see it).

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-28 13:33:02
-----------------------------
13:33:02.234    OS Version: Windows 5.1.2600 Service Pack 3
13:33:02.234    Number of processors: 1 586 0xD08
13:33:02.234    ComputerName: BIG_BOSS  UserName: Charlie
13:33:03.468    Initialize success
13:33:43.968    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4
13:33:43.984    Disk 0 Vendor: SAMSUNG_HM060HC YJ100-15 Size: 57231MB BusType: 3
13:33:46.000    Disk 0 MBR read successfully
13:33:46.000    Disk 0 MBR scan
13:33:48.000    Disk 0 scanning sectors +117194175
13:33:48.109    Disk 0 scanning C:\WINDOWS\system32\drivers
13:33:54.703    Service scanning
13:33:55.843    Disk 0 trace - called modules:
13:33:55.859    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS 
13:33:55.859    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8372fab8]
13:33:55.859    3 CLASSPNP.SYS[f75c7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x83763940]
13:33:55.859    Scan finished successfully

OTL logfile created on: 2011/04/28 13:38:28 - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Charlie\Desktop\vi
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000411 | Country: Japan | Language: JPN | Date Format: yyyy/MM/dd

759.00 Mb Total Physical Memory | 451.00 Mb Available Physical Memory | 59.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.47 Gb Total Space | 9.15 Gb Free Space | 17.43% Space Free | Partition Type: NTFS

Computer Name: BIG_BOSS | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/25 12:52:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\vi\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 04:28:02 | 000,329,104 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe
PRC - [2008/03/25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2007/09/07 19:01:54 | 000,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2007/04/05 22:35:40 | 001,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2006/08/03 20:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/07/16 23:29:54 | 000,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/03/25 01:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

========== Modules (SafeList) ==========

MOD - [2011/04/25 12:52:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\vi\OTL.exe
MOD - [2008/04/13 20:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2003/05/08 12:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Auto | Stopped] -- -- (mfevtp)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2007/04/05 22:35:40 | 001,543,614 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2006/08/03 20:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Running] -- -- (mfehidk)
DRV - [2011/04/27 18:22:33 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzuwmjc4.sys -- (uzuwmjc4)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\35137662.sys -- (35137662)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\35137661.sys -- (35137661)
DRV - [2008/06/20 07:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006/11/02 17:40:17 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/25 09:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/25 01:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 14:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/02 21:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 13:24:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/28 13:24:51 | 000,000,000 | ---D | M]

[2008/09/23 12:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Extensions
[2007/09/04 09:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\thikbzvr.default\extensions
[2011/04/28 13:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/08/15 20:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/25 10:58:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD )
O3 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Charlie\Start Menu\Programs\Startup\GameSpot Download Manager.lnk = File not found
O4 - Startup: C:\Documents and Settings\Charlie\Start Menu\Programs\Startup\Last.fm Helper.lnk = File not found
O4 - Startup: C:\Documents and Settings\marmar\Start Menu\Programs\Startup\Last.fm Helper.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 17:26:58 | 000,002,444 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56871500212338688)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 13:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\My Documents\Downloads
[2011/04/26 17:22:22 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\3513766.sys
[2011/04/26 17:22:22 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\35137661.sys
[2011/04/26 17:22:22 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\35137662.sys
[2011/04/26 17:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\Virus Removal Tool
[2011/04/26 17:20:36 | 110,097,832 | ---- | C] ( ) -- C:\Documents and Settings\Charlie\Desktop\setup_9.0.0.722_27.04.2011_02-17.exe
[2011/04/26 17:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\vi
[2011/04/25 18:19:39 | 000,000,000 | --SD | C] -- C:\Gotcha
[2011/04/25 14:41:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/25 14:07:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/25 14:07:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/25 14:07:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/25 14:07:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/25 14:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/25 14:07:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/25 13:29:39 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe.79e1.deleteme
[2011/04/25 11:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\new
[2011/04/25 10:58:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/24 20:11:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/24 20:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/24 20:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/24 20:11:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/24 20:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/24 19:40:42 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/04/24 18:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\backups
[2011/04/24 18:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\mcafee

========== Files - Modified Within 30 Days ==========

[2011/04/28 13:34:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\MBR.dat
[2011/04/28 13:24:55 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 13:24:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/28 13:18:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 13:17:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 13:17:54 | 796,327,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 18:22:33 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzuwmjc4.sys
[2011/04/26 20:03:36 | 110,097,832 | ---- | M] ( ) -- C:\Documents and Settings\Charlie\Desktop\setup_9.0.0.722_27.04.2011_02-17.exe
[2011/04/26 18:31:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 14:41:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/25 13:48:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\gaopdxnirmdxub.sys
[2011/04/25 13:48:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\gaopdxltqlhhbl.sys

========== Files Created - No Company Name ==========

[2011/04/28 13:34:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\MBR.dat
[2011/04/28 13:24:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/04/27 18:23:43 | 796,327,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/27 18:22:33 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzuwmjc4.sys
[2011/04/25 14:41:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/25 14:41:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/25 14:07:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/25 14:07:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/25 14:07:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/25 14:07:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/25 14:07:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/07/02 17:04:45 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\UACeobrxgckhiiqlgpdu.dat
[2009/07/02 17:04:43 | 000,006,427 | ---- | C] () -- C:\WINDOWS\System32\uacinit.dll
[2009/02/19 14:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gaopdxnirmdxub.sys
[2009/01/22 14:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gaopdxltqlhhbl.sys
[2008/01/09 07:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/11 15:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/08 10:21:43 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/22 21:15:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/06 20:07:06 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/08/06 20:05:13 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007/08/06 20:05:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/08/06 20:05:01 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/08/06 20:03:48 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2007/06/29 19:13:15 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/03/06 10:00:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/12 10:12:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/01/15 13:05:08 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/15 13:05:08 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\4D653ADD3D.sys
[2007/01/09 22:58:20 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/12/25 11:46:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/25 11:38:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/25 09:42:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/25 09:11:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\fusioncache.dat
[2006/11/02 17:59:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/02 17:50:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/02 17:40:41 | 000,000,154 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/02 17:39:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/02 17:34:32 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/02 17:09:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/02 17:09:24 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/11/02 17:09:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/02 17:09:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/02 17:09:10 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,400,090 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,061,590 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2007/11/08 12:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Findley Designs
[2007/08/06 20:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/08/06 20:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/04/24 20:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/02 17:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/12/30 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/06/14 09:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\acccore
[2008/01/06 00:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\BitTorrent
[2007/07/14 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\LucasArts
[2011/04/26 18:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\MEGAUPLOADTOOLBAR
[2008/12/25 18:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\Red Alert 3
[2007/07/29 19:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\acccore
[2007/12/23 20:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Amazon
[2007/12/09 11:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\BitTorrent
[2008/04/23 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\BitTorrent DNA
[2007/09/08 00:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Canon
[2009/01/29 12:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\DNA
[2007/08/06 20:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\InterTrust
[2007/02/12 13:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Leadertech
[2007/11/25 13:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Megaupload
[2007/11/25 13:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\MegauploadToolbar
[2007/08/06 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\NewSoft
[2007/08/06 20:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\ScanSoft
[2007/10/07 12:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Viewpoint
[2008/11/04 04:30:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2001/05/24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 07:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 07:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 07:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 07:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/04/14 12:26:03 | 000,711,672 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/04/14 12:25:41 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: %systemroot%\system32\shmgrate.exe OCInstallReinstallIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallHideIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: %systemroot%\system32\shmgrate.exe OCInstallShowIE [2008/04/13 20:12:35 | 000,045,056 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "%programfiles%\Internet Explorer\iexplore.exe" [2008/04/13 20:12:22 | 000,093,184 | ---- | M] (Microsoft Corporation)

< End of report >

#19
Essexboy

Posted 28 April 2011 - 02:45 PM

GeekU Moderator

Retired Staff
69,964 posts

OK we appear to have killed the drivers as some more files are now visible for killing - on completion of this could you re-run Combofix , allowing it to update if it asks

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
[2011/04/25 13:48:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\gaopdxnirmdxub.sys
[2011/04/25 13:48:01 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\gaopdxltqlhhbl.sys
[2009/07/02 17:04:45 | 000,000,310 | ---- | C] () -- C:\WINDOWS\System32\UACeobrxgckhiiqlgpdu.dat
[2009/07/02 17:04:43 | 000,006,427 | ---- | C] () -- C:\WINDOWS\System32\uacinit.dll
[2009/02/19 14:47:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gaopdxnirmdxub.sys
[2009/01/22 14:36:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gaopdxltqlhhbl.sys

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#20
mariijane

Posted 28 April 2011 - 04:25 PM

Member

Topic Starter
Member
20 posts

Here are the results as below. This time it actually allowed me to run Combofix all the way through (after updating)!

Something of note:

After Combofix rebooted everything, I noticed the little pop up on the taskbar "Your computer might be at risk," Antivirus software might not be installed. Click this balloon to fix this problem," appeared. I'm not sure if this is the legitimate Windows message or the one from the original virus.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoSetActiveDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
C:\WINDOWS\system32\drivers\gaopdxnirmdxub.sys moved successfully.
C:\WINDOWS\system32\drivers\gaopdxltqlhhbl.sys moved successfully.
C:\WINDOWS\system32\UACeobrxgckhiiqlgpdu.dat moved successfully.
C:\WINDOWS\system32\uacinit.dll moved successfully.
File C:\WINDOWS\System32\drivers\gaopdxnirmdxub.sys not found.
File C:\WINDOWS\System32\drivers\gaopdxltqlhhbl.sys not found.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >[/color]
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Charlie\Desktop\vi\cmd.bat deleted successfully.
C:\Documents and Settings\Charlie\Desktop\vi\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Charlie
->Temp folder emptied: 18002100 bytes
->Temporary Internet Files folder emptied: 211732 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20292715 bytes
->Flash cache emptied: 405 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: marmar
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Owner
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 152216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 12521992 bytes
 
Total Files Cleaned = 49.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Charlie
->Flash cache emptied: 0 bytes
 
User: Default User
 
User: LocalService
 
User: marmar
->Flash cache emptied: 0 bytes
 
User: NetworkService
 
User: Owner
 
Total Flash Files Cleaned = 0.00 mb
 
Restore point Set: OTL Restore Point (0)
 
OTL by OldTimer - Version 3.2.22.3 log created on 04282011_150605

Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\marmar\Local Settings\Temp\hsperfdata_marmar\3544 scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\Perflib_Perfdata_72c.dat scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OTL logfile created on: 2011/04/28 15:12:26 - Run 5
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Documents and Settings\Charlie\Desktop\vi
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000411 | Country: Japan | Language: JPN | Date Format: yyyy/MM/dd
 
759.00 Mb Total Physical Memory | 434.00 Mb Available Physical Memory | 57.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.47 Gb Total Space | 9.14 Gb Free Space | 17.42% Space Free | Partition Type: NTFS
 
Computer Name: BIG_BOSS | User Name: Charlie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2011/04/25 12:52:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\vi\OTL.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/25 04:28:02 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
PRC - [2008/01/03 12:15:06 | 000,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2007/09/07 19:01:54 | 000,043,008 | ---- | M] () -- C:\Program Files\BitTorrent\bittorrent.exe
PRC - [2007/05/25 13:16:08 | 000,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/04/05 22:35:40 | 001,543,614 | ---- | M] () -- C:\Program Files\iPod Access for Windows\iPAHelper.exe
PRC - [2006/08/03 20:50:46 | 000,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2006/07/16 23:29:54 | 000,389,120 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe
PRC - [2006/03/25 01:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/09/24 00:05:26 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2003/09/10 04:24:00 | 000,020,480 | ---- | M] () -- C:\Program Files\NetWaiting\netwaiting.exe
PRC - [2003/05/08 12:00:58 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2011/04/25 12:52:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Charlie\Desktop\vi\OTL.exe
MOD - [2008/04/13 20:12:51 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
MOD - [2003/05/08 12:00:46 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE2.0\OpHookSE2.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] --  -- (Viewpoint Manager Service)
SRV - File not found [Auto | Stopped] --  -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2007/04/05 22:35:40 | 001,543,614 | ---- | M] () [Auto | Running] -- C:\Program Files\iPod Access for Windows\iPAHelper.exe -- (iPAHelper.exe)
SRV - [2006/08/03 20:50:46 | 000,380,928 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011/04/27 18:22:33 | 000,011,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\uzuwmjc4.sys -- (uzuwmjc4)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\35137662.sys -- (35137662)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\35137661.sys -- (35137661)
DRV - [2008/06/20 07:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2006/11/02 17:40:17 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/08/25 09:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/25 01:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 14:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/02 21:24:34 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/08/12 19:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/22 05:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 05:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 05:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6061102
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/28 13:24:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/28 13:24:51 | 000,000,000 | ---D | M]
 
[2008/09/23 12:19:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Extensions
[2007/09/04 09:26:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Profiles\thikbzvr.default\extensions
[2011/04/28 13:24:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2007/08/15 20:05:00 | 000,049,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
 
O1 HOSTS File: ([2011/04/28 15:06:11 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD                                   )
O3 - HKLM\..\Toolbar: (FlashGet Bar) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll (Amaze Soft)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\..\Toolbar\WebBrowser: (Megaupload Toolbar) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (MEGAUPLOAD                                   )
O3 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [BitTorrent] C:\Program Files\BitTorrent\bittorrent.exe ()
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Charlie\Start Menu\Programs\Startup\GameSpot Download Manager.lnk =  File not found
O4 - Startup: C:\Documents and Settings\Charlie\Start Menu\Programs\Startup\Last.fm Helper.lnk =  File not found
O4 - Startup: C:\Documents and Settings\marmar\Start Menu\Programs\Startup\Last.fm Helper.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-4008763428-1199046705-24455348-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Charlie\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/02 17:26:58 | 000,002,444 | ---- | M] () - C:\autorun.PNF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2011/04/28 13:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\My Documents\Downloads
[2011/04/26 17:22:22 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\3513766.sys
[2011/04/26 17:22:22 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\35137661.sys
[2011/04/26 17:22:22 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\35137662.sys
[2011/04/26 17:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\Virus Removal Tool
[2011/04/26 17:20:36 | 110,097,832 | ---- | C] (                                                            ) -- C:\Documents and Settings\Charlie\Desktop\setup_9.0.0.722_27.04.2011_02-17.exe
[2011/04/26 17:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\vi
[2011/04/25 18:19:39 | 000,000,000 | --SD | C] -- C:\Gotcha
[2011/04/25 14:41:08 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/25 14:07:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/25 14:07:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/25 14:07:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/25 14:07:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/25 14:07:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/25 14:07:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/25 11:13:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\new
[2011/04/25 10:58:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/24 20:11:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/24 20:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/24 20:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/24 20:11:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/24 20:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/24 19:40:42 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/04/24 18:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\backups
[2011/04/24 18:35:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Charlie\Desktop\mcafee
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2011/04/28 15:08:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/28 15:07:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/28 15:07:35 | 796,327,936 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 15:06:11 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/28 14:57:56 | 000,003,212 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_27.04.2011_02-17drv.spi
[2011/04/28 13:34:28 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Charlie\Desktop\MBR.dat
[2011/04/28 13:24:55 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Charlie\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/28 13:24:55 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/27 18:22:33 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\uzuwmjc4.sys
[2011/04/26 20:03:36 | 110,097,832 | ---- | M] (                                                            ) -- C:\Documents and Settings\Charlie\Desktop\setup_9.0.0.722_27.04.2011_02-17.exe
[2011/04/26 18:31:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/25 14:41:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2011/04/28 13:55:27 | 000,003,212 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_27.04.2011_02-17drv.spi
[2011/04/28 13:34:28 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Charlie\Desktop\MBR.dat
[2011/04/28 13:24:54 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox
[2011/04/27 18:23:43 | 796,327,936 | -HS- | C] () -- C:\hiberfil.sys
[2011/04/27 18:22:33 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\uzuwmjc4.sys
[2011/04/25 14:41:16 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/25 14:41:10 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/25 14:07:37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/25 14:07:37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/25 14:07:37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/25 14:07:37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/25 14:07:37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/01/09 07:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/11 15:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/10/08 10:21:43 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/08/22 21:15:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/08/06 20:07:06 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/08/06 20:05:13 | 000,000,105 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2007/08/06 20:05:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL
[2007/08/06 20:05:01 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll
[2007/08/06 20:03:48 | 000,000,074 | ---- | C] () -- C:\WINDOWS\PMINI.ini
[2007/06/29 19:13:15 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/03/06 10:00:52 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/12 10:12:12 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2007/01/15 13:05:08 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/15 13:05:08 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\4D653ADD3D.sys
[2007/01/09 22:58:20 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/12/25 11:46:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/25 11:38:00 | 000,001,168 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/25 09:42:13 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/12/25 09:11:33 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Charlie\Local Settings\Application Data\fusioncache.dat
[2006/11/02 17:59:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/11/02 17:50:24 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/02 17:40:41 | 000,000,154 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/02 17:39:16 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/11/02 17:34:32 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/11/02 17:09:42 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/11/02 17:09:24 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/11/02 17:09:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/11/02 17:09:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/11/02 17:09:10 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 19:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,400,090 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,061,590 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2007/11/08 12:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Findley Designs
[2007/08/06 20:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2007/08/06 20:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2011/04/24 20:43:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/02 17:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/12/30 22:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2007/06/14 09:49:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\acccore
[2008/01/06 00:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\BitTorrent
[2007/07/14 21:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\LucasArts
[2011/04/26 18:12:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\MEGAUPLOADTOOLBAR
[2008/12/25 18:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Charlie\Application Data\Red Alert 3
[2007/07/29 19:12:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\acccore
[2007/12/23 20:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Amazon
[2007/12/09 11:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\BitTorrent
[2008/04/23 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\BitTorrent DNA
[2007/09/08 00:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Canon
[2009/01/29 12:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\DNA
[2007/08/06 20:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\InterTrust
[2007/02/12 13:36:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Leadertech
[2007/11/25 13:26:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Megaupload
[2007/11/25 13:23:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\MegauploadToolbar
[2007/08/06 20:03:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\NewSoft
[2007/08/06 20:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\ScanSoft
[2007/10/07 12:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\marmar\Application Data\Viewpoint
[2008/11/04 04:30:00 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

ComboFix 11-04-28.01 - Charlie 2011/04/28  15:24:36.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.81.1033.18.759.421 [GMT -4:00]
Running from: c:\documents and settings\Charlie\Desktop\vi\Gotcha.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\marmar\Start Menu\Programs\WhenU
c:\documents and settings\marmar\Start Menu\Programs\WhenU\Customer Support.lnk
c:\documents and settings\marmar\Start Menu\Programs\WhenU\Learn More About WhenU Save.url
c:\documents and settings\marmar\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url
c:\documents and settings\marmar\Start Menu\Programs\WhenU\Uninstall Instructions.lnk
c:\documents and settings\marmar\Start Menu\Programs\WhenU\WhenU.com Website.url
c:\documents and settings\marmar\WINDOWS
c:\program files\BrowserCtl
c:\program files\BrowserCtl\BrowserCtl.sys
c:\program files\myglobalsearch
c:\program files\myglobalsearch\bar\1.bin\M9FFXTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9NTSTBR.JAR
c:\program files\myglobalsearch\bar\1.bin\M9PLUGIN.DLL
c:\program files\myglobalsearch\bar\1.bin\NPMYGLSH.DLL
c:\program files\myglobalsearch\bar\Cache\0020479C
c:\program files\myglobalsearch\bar\Cache\002058A3
c:\program files\myglobalsearch\bar\Cache\00205BC0.bin
c:\program files\myglobalsearch\bar\Cache\00206064.bin
c:\program files\myglobalsearch\bar\Cache\files.ini
c:\program files\myglobalsearch\bar\History\search
c:\program files\myglobalsearch\bar\Settings\prevcfg.htm
c:\program files\Save
c:\program files\Save\ACM.dll
c:\program files\Save\ffext.mod
c:\program files\Save\save.cch
c:\program files\Save\save.db
c:\program files\Save\Save.exe
c:\program files\Save\save.htm
c:\program files\Save\SaveUninst.exe
c:\program files\Save\store.db
C:\resycled
c:\windows\934fdfg34fgjf23
c:\windows\dat.txt
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\lowsec\user.ds.lll
.
c:\windows\system32\proquota.exe was missing 
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DRV
-------\Legacy_gaopdxserv.sys
-------\Legacy_UACd.sys
-------\Service_drv
-------\Service_gaopdxserv.sys
.
.
(((((((((((((((((((((((((   Files Created from 2011-03-28 to 2011-04-28  )))))))))))))))))))))))))))))))
.
.
2011-04-28 19:28 . 2008-04-14 00:12	50176	----a-w-	c:\windows\system32\proquota.exe
2011-04-28 19:28 . 2008-04-14 00:12	50176	----a-w-	c:\windows\system32\dllcache\proquota.exe
2011-04-28 17:24 . 2011-04-14 16:26	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-28 17:24 . 2011-04-14 16:25	16856	----a-w-	c:\program files\Mozilla Firefox\plugin-container.exe
2011-04-28 17:24 . 2011-04-14 16:25	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-04-28 17:24 . 2011-04-14 16:25	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-04-28 17:24 . 2011-04-14 16:25	719832	----a-w-	c:\program files\Mozilla Firefox\mozcpp19.dll
2011-04-28 17:24 . 2011-04-14 16:25	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-04-28 17:24 . 2011-04-14 16:25	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-04-28 17:24 . 2011-04-14 16:25	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-04-28 17:24 . 2010-01-01 08:00	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-04-28 17:24 . 2010-01-01 08:00	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-04-27 22:22 . 2011-04-27 22:22	11264	----a-w-	c:\windows\system32\drivers\uzuwmjc4.sys
2011-04-26 21:22 . 2009-10-22 17:54	37392	----a-w-	c:\windows\system32\drivers\35137662.sys
2011-04-26 21:22 . 2009-10-10 03:31	315408	----a-w-	c:\windows\system32\drivers\3513766.sys
2011-04-26 21:22 . 2009-09-25 21:59	128016	----a-w-	c:\windows\system32\drivers\35137661.sys
2011-04-25 14:58 . 2011-04-25 14:58	--------	d-----w-	C:\_OTL
2011-04-25 00:11 . 2010-12-20 22:09	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-04-25 00:11 . 2011-04-25 00:11	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-04-25 00:11 . 2011-04-25 14:04	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-04-25 00:11 . 2010-12-20 22:08	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-04-28 17:24	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-17 389120]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-01-03 50528]
"BitTorrent"="c:\program files\BitTorrent\bittorrent.exe" [2007-09-07 43008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-09 761947]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2005-12-19 1347584]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-25 282624]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
.
c:\documents and settings\marmar\Start Menu\Programs\Startup\
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A]
.
c:\documents and settings\Charlie\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - c:\program files\GameSpot\GDM_TrayApp.exe [N/A]
Last.fm Helper.lnk - c:\program files\Last.fm\LastFMHelper.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-11-2 24576]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-4 81920]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8241:TCP"= 8241:TCP:BitComet 8241 TCP
"8241:UDP"= 8241:UDP:BitComet 8241 UDP
.
R0 35137662;35137662 Boot Guard Driver;c:\windows\system32\drivers\35137662.sys [2011/04/26 17:22 37392]
R1 35137661;35137661;c:\windows\system32\drivers\35137661.sys [2011/04/26 17:22 128016]
R1 uzuwmjc4;AVZ-RK Kernel Driver;c:\windows\system32\drivers\uzuwmjc4.sys [2011/04/27 18:22 11264]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 utuwmjc4;AVZ Kernel Driver;\??\c:\windows\system32\Drivers\utuwmjc4.sys --> c:\windows\system32\Drivers\utuwmjc4.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
drv	REG_MULTI_SZ   	drv
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2008-11-04 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-10 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.dell.com
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/learnmore/learnmore.asp?close=true&lcode=en-us
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Charlie\Application Data\Mozilla\Firefox\Profiles\thikbzvr.default\
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.10
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
AddRemove-KainUninstallKey - c:\windows\sleun.exe
AddRemove-WhenUSaveMsg - c:\program files\Save\SaveUninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-28 15:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4008763428-1199046705-24455348-1007\Software\SecuROM\License information*]
"datasecu"=hex:05,ca,10,26,50,e4,d7,2b,ec,1c,2b,8f,9c,21,a0,f5,08,24,ce,d7,f8,
   c0,85,be,b3,15,a5,fb,c9,be,cd,80,85,c5,d1,f5,49,61,b5,e6,26,7f,bf,27,90,28,\
"rkeysecu"=hex:dd,bb,53,63,57,fc,bd,dc,09,d9,92,5f,bf,3b,24,c3
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3576)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\iPod Access for Windows\iPAHelper.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\wscntfy.exe
c:\windows\stsystra.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2011-04-28  15:36:47 - machine was rebooted
ComboFix-quarantined-files.txt  2011-04-28 19:36
.
Pre-Run: 9,766,854,656 bytes free
Post-Run: 13,212,413,952 bytes free
.
- - End Of File - - 808FF5ED33778D606CFBE128A5F531D4

#21
Essexboy

Posted 29 April 2011 - 08:26 AM

GeekU Moderator

Retired Staff
69,964 posts

That is from windows saying that no antivirus is installed - do you have a favoutrite one you wish to use ?

What problems are outstanding now ?

Posted Image

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

#22
mariijane

Posted 29 April 2011 - 05:48 PM

Member

Topic Starter
Member
20 posts

Downloaded & installed! Please see below for the log.

Also, I tried to re-download and install McAfee but it's still giving me the same error message as before (Download Cannot Continue: There's a problem with your internet connection). I know, prior, there's nothing wrong with my web connection as I can download the file from the website, just updated MAM & so forth. Not sure if it's related to the previous issues or something else.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6475

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2011/04/29 16:49:27
mbam-log-2011-04-29 (16-49-27).txt

Scan type: Quick scan
Objects scanned: 155572
Time elapsed: 3 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 12
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB} (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37B85A21-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{37B85A29-692B-4205-9CAD-2626E4993404} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127AD2-394B-70F5-C650-B97867BAA1F7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494E6CEC-7483-A4EE-0938-895519A84BC7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\ACM.DLL (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenU) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\drv (Trojan.Agent) -> Value: drv -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#23
mariijane

Posted 29 April 2011 - 06:29 PM

Member

Topic Starter
Member
20 posts

I re-scanned everything out of sheer curiosity and it presented another 11 infected files. As I was restarting, I noticed a couple runtime errors as Windows was shutting down. Log as below.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6475

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2011/04/29 17:37:49
mbam-log-2011-04-29 (17-37-49).txt

Scan type: Full scan (C:\|)
Objects scanned: 209815
Time elapsed: 31 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 11

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\program files\myglobalsearch\bar\1.bin\m9plugin.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\myglobalsearch\bar\1.bin\npmyglsh.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Save\acm.dll.vir (Adware.WhenU) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Save\save.exe.vir (Adware.WhenU) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\program files\Save\saveuninst.exe.vir (Adware.WhenU) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP1\A0000012.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP4\A0001402.exe (Adware.WhenU) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP4\A0001397.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP4\A0001398.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP4\A0001400.dll (Adware.WhenU) -> Quarantined and deleted successfully.
c:\system volume information\_restore{202550a8-7a33-4bca-9586-051d24ddbf8f}\RP4\A0001401.exe (Adware.WhenU) -> Quarantined and deleted successfully.

#24
Essexboy

Posted 30 April 2011 - 04:16 AM

GeekU Moderator

Retired Staff
69,964 posts

Those last files were either in quarantine or in system restore - so at this stage they are not a problem

Could you try windows updates for me please to see if that works

Also can you uninstall and then download a fresh copy of McAfee and see if that installs OK

#25
mariijane

Posted 30 April 2011 - 08:26 AM

Member

Topic Starter
Member
20 posts

Windows Update appeared to have installed everything except Microsoft Internet Explorer 8.

When I attempted McAfee again, it gives the same error message and refuses to install. Although, it appears the virus is completely gone!

#26
Essexboy

Posted 30 April 2011 - 09:13 AM

GeekU Moderator

Retired Staff
69,964 posts

OK McAfee could you go to this page and download the McAfee removal tool to uninstall it completely. Once done reboot and then try to install it again

Could you also install IE8 from here

Once done and you are happy I will remove my tools and tidy you up

#27
mariijane

Posted 01 May 2011 - 09:26 PM

Member

Topic Starter
Member
20 posts

Righty-o! I was able to install IE with no issues at all.

I also removed McAfee but oddly enough, as I was running the tool, pop-ups with various error messages flashed across the screen. (Unfortunately they were so fast I wasn't able to catch what any of them were.) It appeared to have removed everything: upon trying to re-install, it still won't seem to do so. I'm not sure why. Everything else looks great!

#28
Essexboy

Posted 02 May 2011 - 03:59 AM

GeekU Moderator

Retired Staff
69,964 posts

What error do you get when it tries to install ?

As a stopgap download and install this free antivirus then once I can sort out the McAfee problem we will uninstall it and then put McAfee back

#29
mariijane

Posted 02 May 2011 - 08:35 AM

Member

Topic Starter
Member
20 posts

Thank you, a dozen times!

I'm installing the freebie right now: the specific error for Mcafee is "Download cannot continue, your Mcafee software cannot continue because there's a problem with your internet connection or the Mcafee download server is unavailable."

I also noticed, as I run the .exe file, a pop up to update in the right corner for Java comes up.

#30
Essexboy

Posted 02 May 2011 - 08:45 AM

GeekU Moderator

Retired Staff
69,964 posts

also noticed, as I run the .exe file, a pop up to update in the right corner for Java comes up.

This was the McAfee installer ?
As you do not have Java on your system - mayhap the new version requires it, I will check that out

Did the Avast install OK ?

What other problems do you have at the moment ?