Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Virus?

blue321

By blue321
in Spyware-Malware Removal Help!

Recommended Posts

blue321 Newbie

blue321

Posted
Posted

Hello.

Thanks in advance for helping me. I have been redirected to unwanted web sites from when I use a search engine. some My computer is slow and there is generally problems with the web as some pages dont load.

Here is my logs as requested:-

IObit Security 360

 

OS:Windows XP

Version:1.5.0.10

Define Version:2029

Time Elapsed:02:51:14

Objects Scanned:78035

Threats Found:13

 

|Name|Type|Description|ID|

Tracking Cookies - Removed, Cookies, Cookie:carl@ar.atwola.com/html, 7-1653

Tracking Cookies - Removed, Cookies, Cookie:carl@ar.atwola.com/adlytics, 7-1653

Tracking Cookies - Removed, Cookies, Cookie:carl@quantserve.com/, 7-2072

Tracking Cookies - Removed, Cookies, Cookie:carl@tacoda.at.atwola.com/, 7-1653

Tracking Cookies - Removed, Cookies, Cookie:carl@uk.at.atwola.com/, 7-1653

Tracking Cookies - Removed, Cookies, Cookie:carl@bs.serving-sys.com/, 7-1515

Tracking Cookies - Removed, Cookies, Cookie:carl@doubleclick.net/, 7-1379

Tracking Cookies - Removed, Cookies, Cookie:carl@atdmt.com/, 7-1541

Tracking Cookies - Removed, Cookies, Cookie:carl@advertising.com/, 7-12

Tracking Cookies - Removed, Cookies, Cookie:carl@serving-sys.com/, 7-1515

Trojan.Agent - Quarantined, File, D:\Seagate Backup\CARL-PC\C\ProgramData\AOL Downloads\waol\0.4334.34.1\comps\unagi\ampx.english.exe, 11-19115

Trojan.Agent - Quarantined, File, D:\Seagate Backup\CARL-PC\C\ProgramData\AOL Downloads\waol\0.4334.34.14\comps\unagi\ampx.english.exe, 11-19115

Trojan.Agent - Quarantined, File, D:\Seagate Backup\NICHOLA\C\Documents and Settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\unagi\ampx.english.exe, 11-19115

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

dds

 

DDS (Ver_10-11-10.01) - NTFSx86

Run by Carl at 18:29:20.01 on 10/12/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.204 [GMT 0:00]

 

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

 

============== Running Processes ===============

 

C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe

C:\Program Files\IObit\IObit Security 360\IS360srv.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\WINDOWS\system32\mfevtps.exe

C:\Program Files\Acer\Acer VCM\RS_Service.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Launch Manager\LManager.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\PLFSetL.exe

C:\Program Files\Carbonite\CarbonitePreinstaller.exe

C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe

C:\Program Files\Common Files\AOL\1291858028\ee\AOLSoftware.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\IObit\IObit Security 360\IS360tray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe

C:\Program Files\AOL Desktop 9.6\waol.exe

C:\Program Files\Acer\Acer VCM\AcerVCM.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe

C:\DOCUME~1\Carl\LOCALS~1\Temp\RtkBtMnt.exe

C:\WINDOWS\system32\wbem\unsecapp.exe

C:\Program Files\AOL Desktop 9.6\shellmon.exe

C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\AOL Desktop 9.6\AOLBrowser\aolbrowser.exe

C:\Program Files\IObit\IObit Security 360\is360.exe

C:\WINDOWS\system32\wuauclt.exe

c:\PROGRA~1\mcafee.com\agent\McUpdate.exe

c:\PROGRA~1\mcafee\msc\mcupdmgr.exe

C:\Program Files\McAfee\VirusScan\mcods.exe

C:\Documents and Settings\Carl\Desktop\dds.pif

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

============== Pseudo HJT Report ===============

 

uStart Page = hxxp://www.aol.com

uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1210&m=ao531h

uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1210&m=ao531h

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101209180657.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [ProductReg] "c:\program files\acer\wr_popup\ProductReg.exe"

uRun: [AOL Fast Start] "c:\program files\aol desktop 9.6\AOL.EXE" -b

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [LManager] c:\program files\launch manager\LManager.exe

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [snp2uvc] rundll32.exe c:\windows\system32\csnp2uvc.dll,ResetCIDS

mRun: [PLFSetL] c:\windows\PLFSetL.exe

mRun: [NotificationCenterLauncher] c:\program files\acer\acer erecovery management\NotificationLauncher.exe

mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900

mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"

mRun: [HostManager] c:\program files\common files\aol\1291858028\ee\AOLSoftware.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h

mRun: [iObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart

mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1291841822355

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291861051765

TCP: {335D77F2-B49B-411B-B59B-14CD1B80E65C} = 156.154.70.22,156.154.71.22

TCP: {DE11A742-52CD-412A-AFBE-8C01DF6153ED} = 156.154.70.22,156.154.71.22

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\carl\applic~1\mozilla\firefox\profiles\fiubb6yc.default\

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

 

============= SERVICES / DRIVERS ===============

 

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-12-9 386840]

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2010-9-10 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-9-10 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-9-10 25240]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-12-9 84072]

R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo geekbuddy\CLPSLS.exe [2010-11-19 151432]

R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2010-9-10 1901056]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]

R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2010-12-9 312152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-26 198432]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-9 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-9 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-12-9 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-12-9 171168]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-12-9 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-12-9 141792]

R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-2-26 237568]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-12-9 55840]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-12-9 152960]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-12-9 52104]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-12-9 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-12-9 88544]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-12-9 84264]

S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-2-26 24064]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-12-9 88544]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\rts5121.sys --> c:\windows\system32\drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]

 

=============== Created Last 30 ================

 

2010-12-10 15:39:18 -------- d-----w- c:\windows\system32\XPSViewer

2010-12-10 15:37:52 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-10 15:37:13 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-12-10 15:37:13 117760 ------w- c:\windows\system32\prntvpt.dll

2010-12-10 15:37:12 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-12-10 15:37:12 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-12-10 15:37:12 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-12-10 15:37:12 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-12-10 15:37:11 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-12-10 15:37:11 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-12-09 21:02:23 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-12-09 21:02:22 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-12-09 18:21:12 -------- d-----w- c:\docume~1\carl\applic~1\IObit

2010-12-09 18:21:04 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit

2010-12-09 18:20:58 -------- d-----w- c:\program files\IObit

2010-12-09 18:14:35 -------- d--h--w- C:\VritualRoot

2010-12-09 18:13:07 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-12-09 18:09:25 -------- d-----w- c:\docume~1\alluse~1\applic~1\Comodo

2010-12-09 18:09:21 -------- d-----w- c:\program files\COMODO

2010-12-09 18:09:20 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2010-12-09 18:09:20 1060864 ----a-w- c:\windows\system32\mfc71.dll

2010-12-09 18:06:57 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

2010-12-09 18:06:56 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-12-09 18:06:44 141792 ----a-w- c:\windows\system32\mfevtps.exe

2010-12-09 18:06:42 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-12-09 18:06:42 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-12-09 18:06:42 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-12-09 18:06:42 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-12-09 18:06:42 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-12-09 18:06:42 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-12-09 18:06:42 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-12-09 18:06:42 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-12-09 18:06:42 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-12-09 17:44:44 2078344 ----a-w- c:\program files\mozilla firefox\plugins\NPSWF32.dll

2010-12-09 17:44:44 128648 ----a-w- c:\program files\mozilla firefox\plugins\GetFlash.exe

2010-12-09 15:33:12 -------- d-----w- c:\docume~1\carl\locals~1\applic~1\Mozilla

2010-12-09 15:33:05 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe

2010-12-09 15:33:02 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll

2010-12-09 15:33:02 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll

2010-12-09 15:33:01 66520 ----a-w- c:\program files\mozilla firefox\plugins\npnul32.dll

2010-12-09 15:33:00 245208 ----a-w- c:\program files\mozilla firefox\updater.exe

2010-12-09 15:33:00 19416 ----a-w- c:\program files\mozilla firefox\xpcom.dll

2010-12-09 15:33:00 11744216 ----a-w- c:\program files\mozilla firefox\xul.dll

2010-12-09 14:59:18 -------- d-----w- c:\docume~1\carl\applic~1\ElevatedDiagnostics

2010-12-09 14:29:50 -------- d-sh--w- c:\documents and settings\carl\IECompatCache

2010-12-09 14:29:19 -------- d-sh--w- c:\documents and settings\carl\PrivacIE

2010-12-09 14:26:37 -------- d-sh--w- c:\documents and settings\carl\IETldCache

2010-12-09 14:09:28 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-12-09 14:08:33 -------- d-----w- c:\windows\ie8updates

2010-12-09 14:08:17 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-09 14:08:16 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-09 14:08:16 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-09 14:08:16 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-09 14:08:15 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-09 14:08:15 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-09 14:08:15 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-09 14:07:11 -------- dc-h--w- c:\windows\ie8

2010-12-09 03:04:21 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-09 03:02:15 293376 ------w- c:\windows\system32\browserchoice.exe

2010-12-09 02:29:58 -------- d-----w- c:\windows\system32\PreInstall

2010-12-09 01:30:10 -------- d-----w- c:\docume~1\carl\applic~1\AOL

2010-12-09 01:29:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Viewpoint

2010-12-09 01:29:21 -------- d-----w- c:\program files\Viewpoint

2010-12-09 01:29:19 58696 ----a-w- c:\windows\system32\AOLParconLink.exe

2010-12-09 01:28:04 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys

2010-12-09 01:27:38 -------- d-----w- c:\docume~1\carl\locals~1\applic~1\AOL

2010-12-09 01:26:50 -------- d-----w- c:\program files\common files\AOL

2010-12-09 01:26:49 -------- d-----w- c:\program files\common files\aolshare

2010-12-09 01:26:49 -------- d-----w- c:\program files\AOL Desktop 9.6

2010-12-08 20:59:13 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2010-12-08 20:59:13 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2010-12-08 20:59:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2010-12-08 20:59:12 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2010-12-08 20:59:12 -------- d-----w- c:\windows\system32\SoftwareDistribution

2010-12-08 19:50:10 -------- d-----w- c:\program files\Seagate

2010-12-08 19:50:10 -------- d-----w- c:\docume~1\alluse~1\applic~1\Seagate

2010-12-08 19:48:34 -------- d-----w- c:\docume~1\carl\locals~1\applic~1\Downloaded Installations

2010-12-08 19:48:03 -------- d-----w- c:\program files\Carbonite

2010-12-08 19:48:02 -------- d-sh--w- c:\windows\ftpcache

2010-12-08 19:41:34 -------- d-----w- c:\docume~1\carl\locals~1\applic~1\Adobe

2010-12-08 14:20:31 819200 ----a-w- c:\program files\windows media player\wmsetsdk.exe

2010-12-08 14:20:31 47616 ----a-w- c:\program files\windows media player\msoobci.dll

2010-12-08 14:19:39 -------- d-----w- c:\windows\RegisteredPackages

2010-12-08 14:18:50 626688 ----a-w- c:\windows\Image.dll

2010-12-08 14:18:50 4838 ----a-w- c:\windows\Suyin.reg

2010-12-08 14:18:49 319488 ----a-w- c:\windows\Acer Crystal Eye webcam.exe

2010-12-08 14:17:55 94208 ----a-w- c:\windows\PLFSetL.exe

2010-12-08 14:17:55 28160 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2010-12-08 14:17:55 196608 ----a-w- c:\windows\system32\csnp2uvc.dll

2010-12-08 14:17:55 1769984 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2010-12-08 14:17:54 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll

2010-12-08 14:17:52 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll

2010-12-08 14:17:51 -------- d-----w- c:\program files\common files\SNP2UVC

2010-12-08 14:16:42 1346464 ----a-w- c:\windows\system32\drivers\athw.sys

2010-12-08 14:16:42 1346464 ----a-w- c:\windows\system32\athw.sys

2010-12-08 14:16:42 -------- d-----w- c:\windows\Options

2010-12-08 14:16:42 -------- d-----w- c:\program files\Atheros

2010-12-08 14:16:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\Atheros

2010-12-08 14:15:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-12-08 14:15:40 -------- d-----w- c:\program files\Synaptics

2010-12-08 14:15:30 205104 ----a-w- c:\windows\system32\drivers\SynTP.sys

2010-12-08 14:15:28 206120 ----a-w- c:\windows\system32\SynCtrl.dll

2010-12-08 14:15:28 169256 ----a-w- c:\windows\system32\SynCOM.dll

2010-12-08 14:15:28 161064 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-12-08 14:15:28 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2010-12-08 14:15:26 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-11-24 19:40:53 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-24 19:40:53 348160 ----a-w- c:\windows\system32\msvcr71.dll

 

==================== Find3M ====================

 

2010-12-08 14:19:17 2567 ----a-w- c:\windows\CLEANUP.CMD

2010-09-18 12:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

 

============= FINISH: 18:39:48.07 ===============

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

attach

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-11-10.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 08/12/2010 14:11:11

System Uptime: 12/10/2010 15:15:56 (1419 hours ago)

 

Motherboard: Acer | |

Processor: Intel® Atom CPU N270 @ 1.60GHz | CPU | 1596/533mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 141 GiB total, 125.597 GiB free.

D: is FIXED (NTFS) - 932 GiB total, 480.377 GiB free.

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP1: 08/12/2010 14:11:15 - System Checkpoint

RP2: 08/12/2010 14:12:37 - Configured Atheros Communications Inc.® AR8121/AR8113/AR8114 G�

RP3: 08/12/2010 14:15:57 - Installed Windows XP Wdf01007.

RP4: 08/12/2010 14:16:41 - Installed Atheros for Acer Driver v7.6.1.221_Foxconn Installatio�

RP5: 08/12/2010 14:17:46 - Installed WebCam

RP6: 08/12/2010 14:18:48 - Installed Acer Crystal Eye webcam 2.2.0.2

RP7: 08/12/2010 14:21:27 - Installed Acer eRecovery Management

RP8: 08/12/2010 14:23:35 - Installed Acer Product Registration

RP9: 08/12/2010 19:49:52 - Installed Seagate Manager Installer

RP10: 09/12/2010 02:29:05 - Software Distribution Service 3.0

RP11: 09/12/2010 03:00:33 - Software Distribution Service 3.0

RP12: 09/12/2010 03:15:10 - Software Distribution Service 3.0

RP13: 09/12/2010 13:38:59 - Software Distribution Service 3.0

RP14: 09/12/2010 14:57:45 - Installed %1 %2.

RP15: 09/12/2010 15:14:16 - Software Distribution Service 3.0

RP16: 09/12/2010 18:10:07 - Installed COMODO Internet Security

RP17: 10/12/2010 12:46:31 - Software Distribution Service 3.0

RP18: 10/12/2010 13:15:53 - Software Distribution Service 3.0

RP19: 10/12/2010 15:19:56 - Software Distribution Service 3.0

 

==== Installed Programs ======================

 

Acer Crystal Eye webcam 2.2.0.2

Acer eRecovery Management

Acer Product Registration

Acer ScreenSaver

Acer VCM

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Reader 9.4.1

AOL Uninstaller (Choose which Products to Remove)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

Atheros for Acer Driver v7.6.1.221_Foxconn Installation Program

Carbonite Online Backup Setup

Choice Guard

COMODO GeekBuddy

COMODO Internet Security

Compatibility Pack for the 2007 Office system

eSobi v2

Google Desktop

Google Toolbar for Internet Explorer

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB932716-v2)

Hotfix for Windows XP (KB949764)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB976002-v5)

Intel® Graphics Media Accelerator Driver

Intel® Matrix Storage Manager

IObit Security 360

JMicron Flash Media Controller Driver

Junk Mail filter update

Launch Manager

McAfee SecurityCenter

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Works

Mozilla Firefox (3.6.12)

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Realtek High Definition Audio Driver

Seagate Manager Installer

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2289158)

Security Update for 2007 Microsoft Office System (KB2344875)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft Office Excel 2007 (KB2345035)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB982158)

Security Update for Microsoft Office PowerPoint Viewer (KB2413381)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Segoe UI

Synaptics Pointing Device Driver

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB898461)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973815)

USB2.0 Card Reader Software

Viewpoint Media Player

WebCam

WebFldrs XP

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Media Format Runtime

Windows Media Player 10

Windows PowerShell 1.0

 

==== Event Viewer Messages From Past Week ========

 

10/12/2010 12:50:31, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Excel 2007 (KB2345035).

10/12/2010 12:50:20, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2344875).

10/12/2010 12:50:12, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB969618).

10/12/2010 12:50:06, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2345043).

10/12/2010 12:49:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for the 2007 Microsoft Office System (KB2288621).

10/12/2010 12:49:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2413381).

10/12/2010 12:49:42, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070652: Security Update for Microsoft Office Word 2007 (KB2344993).

10/12/2010 01:12:00, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the McNaiAnn service.

10/12/2010 01:09:20, error: Service Control Manager [7034] - The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2010 01:08:02, error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/12/2010 01:08:02, error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/12/2010 01:08:02, error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/12/2010 01:08:02, error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/12/2010 01:08:02, error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/12/2010 01:08:02, error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

10/12/2010 01:08:00, error: Service Control Manager [7034] - The IS360service service terminated unexpectedly. It has done this 1 time(s).

10/12/2010 01:08:00, error: Service Control Manager [7034] - The COMODO livePCsupport Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2010 01:07:59, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2010 01:07:55, error: Service Control Manager [7034] - The Intel® Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).

10/12/2010 01:07:54, error: Service Control Manager [7034] - The Raw Socket Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2010 01:07:54, error: Service Control Manager [7034] - The McAfee SiteAdvisor Service service terminated unexpectedly. It has done this 1 time(s).

10/12/2010 01:07:53, error: Service Control Manager [7034] - The Seagate Service service terminated unexpectedly. It has done this 1 time(s).

09/12/2010 14:26:24, error: Dhcp [1002] - The IP address lease 192.168.0.2 for the Network Card with network address 00238BA223A5 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).

09/12/2010 03:18:01, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB2158563).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB982665).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB982214).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB981997).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB981322).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB980436).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB979687).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB975558).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2347290).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2296011).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2259922).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2121546).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2115168).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB2079403).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB2277947).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Works 9 (KB2092914).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office Word 2007 (KB2251419).

09/12/2010 03:16:57, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for Internet Explorer 7 for Windows XP (KB2360131).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft Office OneNote 2007 (KB980729).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB981349).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB980232).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB979482).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB979309).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB978601).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB978542).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB978338).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB977816).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB975562).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP3 (KB978695).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB982331).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB982312).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB976321).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office PowerPoint 2007 (KB982158).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office InfoPath 2007 (KB979441).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office Excel 2007 (KB982308).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Microsoft Browser Choice Screen Update for EEA Users of Windows XP (KB976002).

09/12/2010 03:16:56, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Cumulative Security Update for ActiveX Killbits for Windows XP (KB980195).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB955759).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for the 2007 Microsoft Office System (KB981715).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Microsoft XML Core Services 4.0 Service Pack 2 (KB973688).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB978706).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB978037).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB977914).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB975713).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB975560).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB973904).

09/12/2010 03:16:55, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB972270).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Update for Windows XP (KB968389).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP Service Pack 3 (KB952069).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB974392).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB974318).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB969059).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB958869).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB974234).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB972581).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office Visio Viewer 2007 (KB973709).

09/12/2010 03:16:54, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Office 2007 (KB951550).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB975025).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB974571).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB974112).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB973815).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB971657).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB960859).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB956844).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows Media Format Runtime 9, 9.5 & 11 for Windows XP SP 3 (KB954155).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Jscript 5.7 for Windows XP (KB971961).

09/12/2010 03:16:53, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Internet Explorer 8 for Windows XP.

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: The 2007 Microsoft Office Suite Service Pack 2 (SP2).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP Service Pack 3 (KB973540).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB973869).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB973507).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB961501).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Windows XP (KB956744).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for the 2007 Microsoft Office System (KB969559).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Security Update for Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package (KB973923).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: PowerPoint Viewer 2007 Service Pack 2 (SP2).

09/12/2010 03:16:50, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706ba: Microsoft Office Compatibility Pack Service Pack 2 (SP2).

09/12/2010 03:16:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB960803).

09/12/2010 03:16:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB959426).

09/12/2010 03:16:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB956572).

09/12/2010 03:16:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB952004).

09/12/2010 03:16:48, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800706be: Update for the 2007 Microsoft Office System (KB967642).

09/12/2010 03:16:40, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Update for Windows XP (KB967715).

09/12/2010 03:16:40, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB923561).

09/12/2010 03:16:40, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows Live Sign-In Assistant (KB 967912).

08/12/2010 19:32:20, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)

 

==== End Of File ===========================

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

The DDS log shows that you're running two Anti-Virus programs on your computer; COMODO Antivirus and McAfee Anti-Virus and Anti-Spyware. Running two or more AV programs can cause all kinds of problems including slowdowns. One will have to be disabled or removed. You're also running two Firewalls with the same results. One will have to be disabled or removed.

**************************************************

You have Viewpoint installed.

 

Viewpoint Media Player/Manager/Toolbar is considered as Foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad".

 

More information:

 

* ViewMgr.exe - Useless

* Viewpoint to Plunge Into Adware

 

It is suggested to remove the program now. Go to Start > Control Panel > Add/Remove Programs - (Vista & Win7 is Programs and Features) and remove the following programs if present.

 

* Viewpoint

* Viewpoint Manager

* Viewpoint Media Player

* Viewpoint Toolbar

* Viewpoint Experience Technology

*********************************************

SUPERAntiSpyware

 

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

 

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

 

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

 

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

Please leave the others unchecked

 

•Click the Close button to leave the control center screen.

 

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

 

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

 

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

 

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

 

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

****************************************

 

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

 

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

************************************************

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and links posted for each one)

 

* Copy the file path in the below Code box:

 

C:\DOCUME~1\Carl\LOCALS~1\Temp\RtkBtMnt.exe

 

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

Did not copy. Try in 2 parts

 

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

 

Generated 12/12/2010 at 02:35 PM

 

Application Version : 4.46.1000

 

Core Rules Database Version : 5991

Trace Rules Database Version: 3803

 

Scan type : Complete Scan

Total Scan Time : 07:13:50

 

Memory items scanned : 593

Memory threats detected : 0

Registry items scanned : 6032

Registry threats detected : 2

File items scanned : 228976

File threats detected : 231

 

Adware.Tracking Cookie

C:\Documents and Settings\Carl\Cookies\carl@weborama[1].txt

C:\Documents and Settings\Carl\Cookies\carl@in.getclicky[1].txt

C:\Documents and Settings\Carl\Cookies\carl@ar.atwola[1].txt

C:\Documents and Settings\Carl\Cookies\carl@content.yieldmanager[3].txt

C:\Documents and Settings\Carl\Cookies\carl@advertise[1].txt

C:\Documents and Settings\Carl\Cookies\carl@matrix-media[2].txt

C:\Documents and Settings\Carl\Cookies\carl@eas.apm.emediate[1].txt

C:\Documents and Settings\Carl\Cookies\carl@ar.atwola[2].txt

C:\Documents and Settings\Carl\Cookies\carl@specificclick[2].txt

C:\Documents and Settings\Carl\Cookies\carl@tribalfusion[2].txt

C:\Documents and Settings\Carl\Cookies\carl@tacoda.at.atwola[1].txt

C:\Documents and Settings\Carl\Cookies\carl@uk.at.atwola[2].txt

C:\Documents and Settings\Carl\Cookies\carl@adserver.adtechus[1].txt

C:\Documents and Settings\Carl\Cookies\carl@bs.serving-sys[1].txt

C:\Documents and Settings\Carl\Cookies\carl@questionmarket[2].txt

C:\Documents and Settings\Carl\Cookies\carl@ad.yieldmanager[2].txt

C:\Documents and Settings\Carl\Cookies\carl@doubleclick[1].txt

C:\Documents and Settings\Carl\Cookies\carl@ru4[2].txt

C:\Documents and Settings\Carl\Cookies\carl@statse.webtrendslive[2].txt

C:\Documents and Settings\Carl\Cookies\carl@adserving.ezanga[2].txt

C:\Documents and Settings\Carl\Cookies\carl@invitemedia[1].txt

C:\Documents and Settings\Carl\Cookies\carl@myroitracking[1].txt

C:\Documents and Settings\Carl\Cookies\carl@adbrite[2].txt

C:\Documents and Settings\Carl\Cookies\carl@revsci[2].txt

C:\Documents and Settings\Carl\Cookies\carl@adecn[1].txt

C:\Documents and Settings\Carl\Cookies\carl@atdmt[2].txt

C:\Documents and Settings\Carl\Cookies\carl@ads.raasnet[1].txt

C:\Documents and Settings\Carl\Cookies\carl@optimize.indieclick[1].txt

C:\Documents and Settings\Carl\Cookies\carl@www.qsstats[3].txt

C:\Documents and Settings\Carl\Cookies\carl@media6degrees[2].txt

C:\Documents and Settings\Carl\Cookies\carl@www.qsstats[1].txt

C:\Documents and Settings\Carl\Cookies\carl@advertising[2].txt

C:\Documents and Settings\Carl\Cookies\carl@apmebf[1].txt

C:\Documents and Settings\Carl\Cookies\carl@adviva[1].txt

C:\Documents and Settings\Carl\Cookies\carl@vdwp.solution.weborama[2].txt

C:\Documents and Settings\Carl\Cookies\carl@tradedoubler[2].txt

C:\Documents and Settings\Carl\Cookies\carl@ads.pubmatic[2].txt

C:\Documents and Settings\Carl\Cookies\carl@ads.uknetguide.co[1].txt

C:\Documents and Settings\Carl\Cookies\carl@clicksor[1].txt

C:\Documents and Settings\Carl\Cookies\carl@serving-sys[1].txt

C:\Documents and Settings\Carl\Cookies\carl@yieldmanager[1].txt

C:\Documents and Settings\Carl\Cookies\carl@himedia.individuad[1].txt

.advertise.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.bestquickfind.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

clicks.bestquickfind.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.http://www.burstnet.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.burstnet.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.burstnet.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.doubleclick.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.chitika.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

http://www.burstnet.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.myroitracking.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

bridge2.admarketplace.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.admarketplace.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.apmebf.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.mediaplex.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.mediaplex.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.bs.serving-sys.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

clicks.fastgetonline.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.dmtracker.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.toplist.cz [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.imrworldwide.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.imrworldwide.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

in.getclicky.com [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.advertise.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.bestquickfind.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

clicks.bestquickfind.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.http://www.burstnet.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.burstnet.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.burstnet.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.doubleclick.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.chitika.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

http://www.burstnet.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.myroitracking.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.clicksor.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

bridge2.admarketplace.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.admarketplace.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.apmebf.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.mediaplex.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.mediaplex.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.bs.serving-sys.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.serving-sys.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

clicks.fastgetonline.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.dmtracker.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.toplist.cz [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.imrworldwide.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.imrworldwide.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

in.getclicky.com [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

.revsci.net [ D:\Seagate Backup\ACER-AEF39C1D21\C\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\cookies.sqlite ]

spe.atdmt.com [ D:\Seagate Backup\NICHOLA\C\Documents and Settings\Carl\Application Data\Macromedia\Flash Player\#SharedObjects\GUM3K94K ]

stat.easydate.biz [ D:\Seagate Backup\NICHOLA\C\Documents and Settings\Carl\Application Data\Macromedia\Flash Player\#SharedObjects\GUM3K94K ]

media.kyte.tv [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Application Data\Macromedia\Flash Player\#SharedObjects\GUM3K94K ]

spe.atdmt.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Application Data\Macromedia\Flash Player\#SharedObjects\GUM3K94K ]

stat.easydate.biz [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Application Data\Macromedia\Flash Player\#SharedObjects\GUM3K94K ]

.server.cpmstar.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.server.cpmstar.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

http://www.icityfind.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

uk.findstuff.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adinterax.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adinterax.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.http://www.burstnet.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

konac.kontera.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.microsoftwindows.112.2o7.net [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.bestquickfind.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

clicks.bestquickfind.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.bestquickfind.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.clicksor.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.clicksor.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.clicksor.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.clicksor.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.doubleclick.net [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.myroitracking.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adserving.ezanga.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adserving.ezanga.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.advertise.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.247realmedia.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adxpose.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.2o7.net [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

http://www.epoclick.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.clicksor.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.clicksor.com [ D:\Seagate Backup\NICHOLA\History\Level2\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.server.cpmstar.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.server.cpmstar.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tradedoubler.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tradedoubler.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

http://www.icityfind.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

uk.findstuff.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.zedo.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adinterax.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.adinterax.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.insightexpressai.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.http://www.burstnet.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.sexintheuk.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

konac.kontera.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.mediaplex.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.content.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.doubleclick.net [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.atdmt.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.microsoftwindows.112.2o7.net [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.interclick.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.apmebf.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.tribalfusion.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.media6degrees.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

ad.yieldmanager.com [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

.fastclick.net [ D:\Seagate Backup\NICHOLA\History\Level3\C\Documents and Settings\Carl\Local Settings\Application Data\Google\Chrome\User Data\Default\Cookies ]

 

Disabled.SecurityCenterOption

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY

HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

mbam

 

Malwarebytes' Anti-Malware 1.50

http://www.malwarebytes.org

 

Database version: 5300

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

12/12/2010 23:54:03

mbam-log-2010-12-12 (23-54-03).txt

 

Scan type: Full scan (C:\|D:\|)

Objects scanned: 374913

Time elapsed: 7 hour(s), 19 minute(s), 46 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\system volume information\_restore{dc8cf520-3614-47d2-9b23-d0fc7a60c4cc}\RP16\A0006542.exe (Rootkit.Agent) -> Quarantined and deleted successfully.

c:\documents and settings\Carl\application data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Please download ComboFix http://img7.imageshack.us/img7/4930/combofix.gif from BleepingComputer.com

 

Alternate link: GeeksToGo.com

 

Rename ComboFix.exe to commy.exe before you save it to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here

Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

http://img.photobucket.com/albums/v666/sUBs/Query_RC.gif

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif

 

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

 

If you have problems with ComboFix usage, see How to use ComboFix

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Download the program from another computer and transfer it to your computer.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs.
Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

part 1

 

ComboFix 10-12-14.01 - Carl 14/12/2010 21:35:35.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.595 [GMT 0:00]

Running from: c:\documents and settings\Carl\Desktop\Commy.exe

AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: COMODO Firewall *Disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

 

((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))

.

 

2010-12-12 16:06 . 2010-11-30 11:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-12-12 16:06 . 2010-12-12 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-12-12 16:06 . 2010-11-30 11:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-12-12 16:06 . 2010-12-12 16:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-12-12 00:21 . 2010-12-12 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-12-12 00:20 . 2010-12-12 00:20 -------- d-----w- c:\program files\MetaStream

2010-12-12 00:20 . 2010-12-12 00:21 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-12-12 00:19 . 2010-12-12 00:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2010-12-11 10:36 . 2010-12-11 10:37 -------- d-----w- c:\documents and settings\Nick

2010-12-10 15:39 . 2010-12-10 15:39 -------- d-----w- c:\windows\system32\XPSViewer

2010-12-10 15:39 . 2010-12-10 15:39 -------- d-----w- c:\program files\MSBuild

2010-12-10 15:38 . 2010-12-10 15:38 -------- d-----w- c:\program files\Reference Assemblies

2010-12-10 15:37 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2010-12-10 15:37 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2010-12-10 15:37 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2010-12-10 15:37 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2010-12-10 15:37 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-12-10 15:37 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2010-12-10 15:37 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe

2010-12-10 15:37 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2010-12-10 15:37 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-12-10 12:50 . 2010-12-10 12:50 -------- d-----w- c:\program files\Common Files\Adobe

2010-12-09 21:02 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-12-09 18:21 . 2010-12-09 18:21 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit

2010-12-09 18:20 . 2010-12-09 18:20 -------- d-----w- c:\program files\IObit

2010-12-09 18:14 . 2010-12-09 18:14 -------- d-----w- C:\VritualRoot

2010-12-09 18:13 . 2010-12-14 21:06 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2010-12-09 18:09 . 2010-12-09 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo

2010-12-09 18:09 . 2010-12-13 20:18 -------- d-----w- c:\program files\COMODO

2010-12-09 18:09 . 2010-12-09 18:09 1700352 ----a-w- c:\windows\system32\gdiplus.dll

2010-12-09 18:09 . 2010-12-09 18:09 1060864 ----a-w- c:\windows\system32\mfc71.dll

2010-12-09 18:06 . 2010-10-13 22:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-12-09 18:06 . 2010-10-13 22:28 141792 ----a-w- c:\windows\system32\mfevtps.exe

2010-12-09 18:06 . 2010-10-13 22:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-12-09 18:06 . 2010-10-13 22:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-12-09 18:06 . 2010-10-13 22:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-12-09 18:06 . 2010-10-13 22:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-12-09 18:06 . 2010-10-13 22:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-12-09 18:06 . 2010-10-13 22:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-12-09 18:06 . 2010-10-13 22:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-12-09 18:06 . 2010-10-13 22:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-12-09 18:06 . 2010-10-13 22:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-12-09 14:27 . 2010-12-09 14:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-12-09 14:09 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-12-09 14:08 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-12-09 14:08 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-12-09 14:08 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-12-09 14:08 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-12-09 14:08 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-12-09 14:08 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-12-09 14:08 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-12-09 14:07 . 2010-12-09 14:08 -------- dc-h--w- c:\windows\ie8

2010-12-09 03:04 . 2010-08-26 12:52 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-12-09 03:02 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-12-09 01:30 . 2010-12-09 01:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL

2010-12-09 01:29 . 2010-12-09 01:29 -------- d-----w- c:\program files\Viewpoint

2010-12-09 01:29 . 2010-12-09 01:24 58696 ----a-w- c:\windows\system32\AOLParconLink.exe

2010-12-09 01:28 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys

2010-12-09 01:27 . 2010-12-09 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP

2010-12-09 01:26 . 2010-12-13 20:07 -------- d-----w- c:\program files\Common Files\AOL

2010-12-09 01:26 . 2010-12-09 13:35 -------- d-----w- c:\program files\AOL Desktop 9.6

2010-12-09 01:26 . 2010-12-09 01:28 -------- d-----w- c:\program files\Common Files\aolshare

2010-12-09 01:26 . 2010-12-09 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL

2010-12-09 01:21 . 2010-12-09 01:21 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads

2010-12-08 20:59 . 2009-08-06 19:24 21728 ----a-w- c:\windows\system32\wucltui.dll.mui

2010-12-08 20:59 . 2009-08-06 19:24 44768 ----a-w- c:\windows\system32\wups2.dll

2010-12-08 20:59 . 2009-08-06 19:24 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui

2010-12-08 20:59 . 2009-08-06 19:24 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2010-12-08 20:59 . 2009-08-06 19:24 15064 ----a-w- c:\windows\system32\wuapi.dll.mui

2010-12-08 19:50 . 2010-12-08 19:50 -------- d-----w- c:\program files\Seagate

2010-12-08 19:50 . 2010-12-08 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate

2010-12-08 19:48 . 2010-12-08 19:48 -------- d-----w- c:\program files\Carbonite

2010-12-08 19:48 . 2010-12-08 19:48 -------- d-sh--w- c:\windows\ftpcache

2010-12-08 19:33 . 2010-12-09 13:39 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore

2010-12-08 14:20 . 2004-08-11 01:45 819200 ----a-w- c:\program files\Windows Media Player\wmsetsdk.exe

2010-12-08 14:20 . 2004-08-11 01:45 47616 ----a-w- c:\program files\Windows Media Player\msoobci.dll

2010-12-08 14:18 . 2008-12-12 11:41 626688 ----a-w- c:\windows\Image.dll

2010-12-08 14:18 . 2008-02-25 11:13 4838 ----a-w- c:\windows\Suyin.reg

2010-12-08 14:18 . 2008-12-12 20:20 319488 ----a-w- c:\windows\Acer Crystal Eye webcam.exe

2010-12-08 14:17 . 2008-11-03 19:00 196608 ----a-w- c:\windows\system32\csnp2uvc.dll

2010-12-08 14:17 . 2008-07-03 15:58 94208 ----a-w- c:\windows\PLFSetL.exe

2010-12-08 14:17 . 2007-10-01 14:59 1769984 ----a-w- c:\windows\system32\drivers\snp2uvc.sys

2010-12-08 14:17 . 2007-05-09 15:16 28160 ----a-w- c:\windows\system32\drivers\sncduvc.sys

2010-12-08 14:17 . 2006-11-07 09:17 286720 ----a-w- c:\windows\system32\vsnp2uvc.dll

2010-12-08 14:17 . 2007-04-02 12:40 172032 ----a-w- c:\windows\system32\rsnp2uvc.dll

2010-12-08 14:17 . 2010-12-08 14:17 -------- d-----w- c:\program files\Common Files\SNP2UVC

2010-12-08 14:16 . 2010-12-08 14:16 -------- d-----w- c:\windows\Options

2010-12-08 14:16 . 2010-12-08 14:16 -------- d-----w- c:\program files\Atheros

2010-12-08 14:16 . 2008-12-30 04:02 1346464 ----a-w- c:\windows\system32\drivers\athw.sys

2010-12-08 14:16 . 2008-12-30 04:02 1346464 ----a-w- c:\windows\system32\athw.sys

2010-12-08 14:16 . 2010-12-08 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Atheros

2010-12-08 14:15 . 2008-03-21 13:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll

2010-12-08 14:15 . 2010-12-08 14:15 -------- d-----w- c:\program files\Synaptics

2010-12-08 14:15 . 2009-01-22 10:09 205104 ----a-w- c:\windows\system32\drivers\SynTP.sys

2010-12-08 14:15 . 2009-01-22 10:08 161064 ----a-w- c:\windows\system32\SynTPAPI.dll

2010-12-08 14:15 . 2009-01-22 10:08 120104 ----a-w- c:\windows\system32\SynTPCo4.dll

2010-12-08 14:15 . 2009-01-22 10:08 206120 ----a-w- c:\windows\system32\SynCtrl.dll

2010-12-08 14:15 . 2009-01-22 10:08 169256 ----a-w- c:\windows\system32\SynCOM.dll

2010-12-08 14:15 . 2008-07-08 02:55 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2010-12-08 14:11 . 2010-12-10 13:15 -------- d-----w- c:\documents and settings\Carl

2010-11-24 19:40 . 2010-11-24 19:40 499712 ----a-w- c:\windows\system32\msvcp71.dll

2010-11-24 19:40 . 2010-11-24 19:40 348160 ----a-w- c:\windows\system32\msvcr71.dll

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-12-08 14:19 . 2008-09-09 10:51 2567 ----a-w- c:\windows\CLEANUP.CMD

2010-09-18 12:23 . 2009-02-27 02:18 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2009-02-27 02:18 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2009-02-27 02:18 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2009-02-27 02:18 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-10-13 22:28 . 2010-12-09 18:06 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

"AOL Fast Start"="c:\program files\AOL Desktop 9.6\AOL.EXE" [2010-11-24 42320]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-09-12 182808]

"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]

"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-07-17 53248]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]

"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-20 817672]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-02-26 24064]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-22 1422632]

"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-03 196608]

"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]

"NotificationCenterLauncher"="c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe" [2008-12-22 225280]

"CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]

"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-25 185640]

"HostManager"="c:\program files\Common Files\AOL\1291858028\ee\AOLSoftware.exe" [2010-03-08 41800]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]

"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2010-06-11 1280344]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-2-26 565248]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

part 2

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1291858028\\ee\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

 

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10/09/2010 23:40 15592]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/09/2010 23:40 239240]

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/09/2010 23:40 25240]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [09/12/2010 18:06 84072]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 18:25 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 18:41 67656]

R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [25/09/2009 23:32 189736]

R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [09/12/2010 18:21 312152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [26/02/2009 19:55 198432]

R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [09/12/2010 18:06 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [09/12/2010 18:06 271480]

R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [09/12/2010 18:07 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [09/12/2010 18:06 141792]

R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [26/02/2009 20:00 237568]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [09/12/2010 18:06 55840]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [09/12/2010 18:06 313288]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [09/12/2010 18:06 88544]

S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [26/02/2009 19:40 24064]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [09/12/2010 18:06 88544]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [09/12/2010 18:06 84264]

S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]

S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]

 

--- Other Services/Drivers In Memory ---

 

*Deregistered* - mfeavfk01

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com

uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=1210&m=ao531h

TCP: {335D77F2-B49B-411B-B59B-14CD1B80E65C} = 156.154.70.22,156.154.71.22

TCP: {DE11A742-52CD-412A-AFBE-8C01DF6153ED} = 156.154.70.22,156.154.71.22

FF - ProfilePath - c:\documents and settings\Carl\Application Data\Mozilla\Firefox\Profiles\fiubb6yc.default\

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor

FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-12-14 22:03

Windows 5.1.2600 Service Pack 3 NTFS

 

detected NTDLL code modification:

ZwClose, ZwOpenFile

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

 

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(868)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

 

- - - - - - - > 'lsass.exe'(1372)

c:\windows\system32\guard32.dll

 

- - - - - - - > 'explorer.exe'(2956)

c:\windows\system32\WININET.dll

c:\windows\system32\guard32.dll

c:\program files\McAfee\SiteAdvisor\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\COMODO\COMODO Internet Security\cmdagent.exe

c:\windows\system32\wdfmgr.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\Common Files\McAfee\SystemCore\mcshield.exe

c:\windows\system32\wscntfy.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\igfxext.exe

c:\program files\AOL Desktop 9.6\waol.exe

c:\docume~1\Carl\LOCALS~1\Temp\RtkBtMnt.exe

c:\program files\Common Files\AOL\ACS\AOLacsd.exe

c:\program files\AOL Desktop 9.6\shellmon.exe

c:\program files\IObit\IObit Security 360\is360.exe

c:\program files\Common Files\AOL\1291858028\ee\aolupdates.exe

c:\program files\IObit\IObit Security 360\is360.exe

.

**************************************************************************

.

Completion time: 2010-12-14 22:11:12 - machine was rebooted

ComboFix-quarantined-files.txt 2010-12-14 22:11

 

Pre-Run: 134,230,712,320 bytes free

Post-Run: 134,328,049,664 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - 600F1563E7AF028485867A34A0C040E3

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Please go to Jotti's malware scan

(If more than one file needs scanned they must be done separately and links posted for each one)

 

* Copy the file path in the below Code box:

 

c:\windows\CLEANUP.CMD

 

* At the upload site, click once inside the window next to Browse.

* Press Ctrl+V on the keyboard (both at the same time) to paste the file path into the window.

* Next click Submit file

* Your file will possibly be entered into a queue which normally takes less than a minute to clear.

* This will perform a scan across multiple different virus scanning engines.

* Important: Wait for all of the scanning engines to complete.

* Once the scan is finished, Copy and then Paste the link in the address bar into your next reply.

**********************************

Re-running ComboFix to remove infections:

 

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::
     
    File::
    c:\windows\Suyin.reg
     
  • Save this as CFScript.txt, in the same location as ComboFix.exe
     
    http://img19.imageshack.us/img19/5660/cfscriptb4.gif
     
  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I don't need to see this log.

*************************************

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was

    extracted to. Open the text file and copy/paste the log here.

.

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

syspot part 1

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys

Service Name: ---

Module Base: A9DD7000

Module End: A9EB1000

Hidden: Yes

 

Module Name: \??\C:\commy\catchme.sys

Service Name: catchme

Module Base: ED7C6000

Module End: ED7CE000

Hidden: Yes

 

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Service Name: ---

Module Base: F7C45000

Module End: F7C47000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwAdjustPrivilegesToken

Address: AA2387B6

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwConnectPort

Address: AA237D66

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwCreateFile

Address: AA23841C

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwCreateKey

Address: AA23902A

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwCreatePort

Address: AA237C42

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwCreateSection

Address: AA23B0E8

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwCreateSymbolicLinkObject

Address: AA23B46E

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwCreateThread

Address: AA23762E

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwDeleteKey

Address: AA2389A2

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwDeleteValueKey

Address: AA238BA2

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwDuplicateObject

Address: AA237434

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwEnumerateKey

Address: AA239768

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwEnumerateValueKey

Address: AA2399BE

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwLoadDriver

Address: AA23AAF8

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwMakeTemporaryObject

Address: AA237FFE

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwOpenFile

Address: AA2385F8

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwOpenKey

Address: AA23901A

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwOpenProcess

Address: AA237062

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwOpenSection

Address: AA2382A2

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwOpenThread

Address: AA237266

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

suspot part 2

 

Function Name: ZwQueryKey

Address: AA239BCC

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwQueryMultipleValueKey

Address: AA23A020

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwQueryValueKey

Address: AA239DDE

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwRenameKey

Address: AA239580

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwRequestWaitReplyPort

Address: AA23A590

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwSecureConnectPort

Address: AA23A844

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwSetSecurityObject

Address: AA238DF2

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwSetSystemInformation

Address: AA23ADF0

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwSetValueKey

Address: AA2392F8

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwShutdownSystem

Address: AA237F98

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwSystemDebugControl

Address: AA23818E

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwTerminateProcess

Address: AA237A44

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

Function Name: ZwTerminateThread

Address: AA237832

Driver Base: AA22E000

Driver End: AA267000

Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

 

******************************************************************************************

******************************************************************************************

Kernel Hooks:

Hooked Function: ZwSetSecurityObject

At Address: 805DFB3F

Jump To: F747D152

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenThread

At Address: 80584849

Jump To: F747D0BC

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

Hooked Function: ZwOpenProcess

At Address: 8057F592

Jump To: F747D0A8

Module Name: C:\WINDOWS\system32\drivers\mfehidk.sys

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted
Do you think all is well and its cleaned?

I would have to say YES. The DDS log shows that you're not receiving your MS updates. Could you please check this? Go to Start, Control Panel and double-click on Automatic Updates. Make sure that it is set to Automatic. Now click on Windows Update Web Site down at the bottom. MS will check your computer to see if you need updates. Download them and see if they install. Please let me know how this works out.

Link to comment
Share on other sites
blue321 Newbie

blue321

Posted
  • Author
Posted

I have checked the automatic updates in the control panel and it was already set to update every day at 3.00 pm.

I also tried to download the latest updates and it said there was none with the last update installing on the 16th December.

I am so gratefull that you have taken the time to help me. I cannot thank you enough!

 

Carl

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...