Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Infected desktop

Unread postby baylormum » March 20th, 2011, 8:05 pm

I went back thru the directions, but can't find anything I skipped. Got the Windows Update Remover installed, but when I double click on it, it pops up with "No Windows Update back-up folders found". I never saw anywhere to choose "updates prior to 2010" or "remove backup folder".
Oh, where did I go wrong??!!
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm
Advertisement
Register to Remove

Re: Infected desktop

Unread postby askey127 » March 20th, 2011, 8:51 pm

The program is just not working for you. It's not your fault.

You can do this manually.
Take a look here at what is involved: http://www.ehow.com/how_6130647_delete- ... files.html
You can do a bunch of these and save a lot of space.

Be sure to use TFC.exe, or empty the Recycle bin afterward.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 23rd, 2011, 3:37 pm

Sorry to be so long. Just haven't had time to even turn computer on since Sunday.

The ehow link did not bring up any files to do with uninstall. I also did a file search (with the show hidden files & the hide protected windows files both clicked as directed in an earlier post from you) using just the $ sign. It came up with nothing about uninstall, but all but 1 of the 608 files is from before 2010. Some go back to April 1999. Some are highlighted in blue, some are not.

And the you tube videos seem to be working today.

Thanks. Shellie
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby baylormum » March 23rd, 2011, 6:58 pm

And P.S. Google Chrome is crashing about every 30 minutes today!!
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 24th, 2011, 8:10 am

baylormum,
A string of things I want you to do. Just take one at a time.
You may want to print this out first. (You can use Print Preview and only print the page(s) you want).
All your problems, including crashes, are related to insufficient Drive space on C:
Let's move your My Documents folder and all its contents to the D: drive.
-----------------------------------------------------
Move My Documents
Please follow this carefully, but it should be easy.
Go to Start, right click My Documents, and choose Properties
On the Target tab, choose Move
In the Destination dialog, click the (+) sign next My Computer, and double click on the D: drive
Click Make New Folder, name it My Documents and click OK
You will be back to the original My Documents Properties Dialog, you should now see D:\My Documents as the target.
Click Apply.
If it complains it can't move everything, that's OK.
-----------------------------------------------------------
Reduce Recycle Bin Size
Right Click the Recycle Bin and choose Properties
In the Global tab, move the slider to the left so it shows 2% Maximum Size of Recycle Bin, click Apply and OK.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Secure Remote Support - Get Support Now! LogMeIn, Inc. 6.2.340
TBS WMP Plug-in CNN 1.00.518
Wise Disk Cleaner 5.33 WiseCleaner.com
Recuva Piriform 1.39

Take extra care in answering questions posed by any Uninstaller.
----------------------------------------------
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the contents of the following Code Box:
    Code: Select all
    :processes
    killallprocesses
    
    :Files
    C:\Program Files\AvantGo Connect
    C:\Program Files\AWS
    C:\Program Files\BroadJump
    C:\Program Files\LogMeIn Rescue Calling Card
    C:\Program Files\Movie Maker
    C:\Program Files\MSN Gaming Zone
    C:\Program Files\Recuva
    C:\Program Files\SUPERAntiSpyware
    C:\Program Files\Wise Disk Cleaner
    
    :Commands
    [EMPTYTEMP]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Let Me know about your Free Space now please.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 24th, 2011, 5:41 pm

OK. C Drive:
Used Space: 9.88 GB
Free Space: 13.3 GB

2 text docs came up on notebook after reboot, so am including them in case they are needed.

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Program Files\AvantGo Connect\AvantGo folder moved successfully.
C:\Program Files\AvantGo Connect folder moved successfully.
C:\Program Files\AWS\WeatherBug folder moved successfully.
C:\Program Files\AWS folder moved successfully.
C:\Program Files\BroadJump folder moved successfully.
File\Folder C:\Program Files\LogMeIn Rescue Calling Card not found.
C:\Program Files\Movie Maker\shared\profiles folder moved successfully.
C:\Program Files\Movie Maker\shared folder moved successfully.
C:\Program Files\Movie Maker\MUI\0409 folder moved successfully.
C:\Program Files\Movie Maker\MUI folder moved successfully.
Folder move failed. C:\Program Files\Movie Maker scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MSN Gaming Zone\Windows scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MSN Gaming Zone scheduled to be moved on reboot.
File\Folder C:\Program Files\Recuva not found.
C:\Program Files\SUPERAntiSpyware folder moved successfully.
File\Folder C:\Program Files\Wise Disk Cleaner not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Amanda
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Mom & Dad
->Temp folder emptied: 959881 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 101590312 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 3505 bytes

User: NetworkService
->Temp folder emptied: 11150 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33892 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 98.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 03242011_134016

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\Movie Maker scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MSN Gaming Zone\Windows scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MSN Gaming Zone\Windows scheduled to be moved on reboot.
Folder move failed. C:\Program Files\MSN Gaming Zone scheduled to be moved on reboot.
File\Folder C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun-4E-20FFC3D1-F96A-40f1-81FD-EA9C5847B465.lock not found!
C:\Documents and Settings\NetworkService\Local Settings\Temp\MpCmdRun.log moved successfully.

Registry entries deleted on Reboot...


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -GenuineCheck -RestrictPrivileges -Reinvoke
Start Time: ‎Sun ‎Mar ‎20 ‎2011 19:46:23

Start: Product Genuine Check
INFO: Verifying MSE WAT DLL(C:\Program Files\Microsoft Security Client\mssewat.dll)...
INFO: verified!
Time Info - ‎Sun ‎Mar ‎20 ‎2011 19:47:05 End: Product Genuine Check
MpCmdRun: End Time: ‎Sun ‎Mar ‎20 ‎2011 19:47:05
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -GenuineCheck -RestrictPrivileges -Reinvoke
Start Time: ‎Sun ‎Mar ‎20 ‎2011 19:57:43

Start: Product Genuine Check
INFO: Verifying MSE WAT DLL(C:\Program Files\Microsoft Security Client\mssewat.dll)...
Time Info - ‎Sun ‎Mar ‎20 ‎2011 19:57:57 INFO: verified!
Time Info - ‎Sun ‎Mar ‎20 ‎2011 19:58:45 End: Product Genuine Check
MpCmdRun: End Time: ‎Sun ‎Mar ‎20 ‎2011 19:58:45
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -GenuineCheck -RestrictPrivileges -Reinvoke
Start Time: ‎Wed ‎Mar ‎23 ‎2011 11:41:17

Start: Product Genuine Check
INFO: Verifying MSE WAT DLL(C:\Program Files\Microsoft Security Client\mssewat.dll)...
INFO: verified!
Time Info - ‎Wed ‎Mar ‎23 ‎2011 11:42:27 End: Product Genuine Check
MpCmdRun: End Time: ‎Wed ‎Mar ‎23 ‎2011 11:42:27
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -GenuineCheck -RestrictPrivileges -Reinvoke
Start Time: ‎Wed ‎Mar ‎23 ‎2011 11:51:32

Start: Product Genuine Check
INFO: Verifying MSE WAT DLL(C:\Program Files\Microsoft Security Client\mssewat.dll)...
INFO: verified!
Time Info - ‎Wed ‎Mar ‎23 ‎2011 11:52:02 End: Product Genuine Check
MpCmdRun: End Time: ‎Wed ‎Mar ‎23 ‎2011 11:52:02
-------------------------------------------------------------------------------------
Privileges -Reinvoke
Start Time: ‎Wed ‎Mar ‎23 ‎2011 11:51:33

Start: MpSignatureUpdate()
Update started
Search Started (HTTP) (Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094)...
Time Info - ‎Wed ‎Mar ‎23 ‎2011 11:51:57 Download Started...
Download Completed
Installation Started...
Update failed with hr: 0x80070008
Installation Completed
Update completed with hr: 0x80070652
ERROR: Signature Update failed with hr=80070652
MpCmdRun: End Time: ‎Wed ‎Mar ‎23 ‎2011 11:52:07
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -GenuineCheck -RestrictPrivileges -Reinvoke
Start Time: ‎Thu ‎Mar ‎24 ‎2011 12:13:50

Start: Product Genuine Check
INFO: Verifying MSE WAT DLL(C:\Program Files\Microsoft Security Client\mssewat.dll)...
INFO: verified!
End: Product Genuine Check
MpCmdRun: End Time: ‎Thu ‎Mar ‎24 ‎2011 12:13:56
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -GenuineCheck -RestrictPrivileges -Reinvoke
Start Time: ‎Thu ‎Mar ‎24 ‎2011 12:24:15

Start: Product Genuine Check
INFO: Verifying MSE WAT DLL(C:\Program Files\Microsoft Security Client\mssewat.dll)...
INFO: verified!
Time Info - ‎Thu ‎Mar ‎24 ‎2011 12:25:01 End: Product Genuine Check
MpCmdRun: End Time: ‎Thu ‎Mar ‎24 ‎2011 12:25:01
-------------------------------------------------------------------------------------
Privileges -Reinvoke
Start Time: ‎Thu ‎Mar ‎24 ‎2011 12:24:19

Start: MpSignatureUpdate()
Update started
Time Info - ‎Thu ‎Mar ‎24 ‎2011 12:24:36 Search Started (MU/WU update) (Path: http://www.microsoft.com)...
Time Info - ‎Thu ‎Mar ‎24 ‎2011 12:30:11 Search Completed
Download Started...
Time Info - ‎Thu ‎Mar ‎24 ‎2011 12:32:45 Download Completed
Download Completed
Installation Started...
Time Info - ‎Thu ‎Mar ‎24 ‎2011 12:37:48 Update failed with hr: 0x80070643
Installation Completed
Update failed with hr: 0x80070643
Search Started (HTTP) (Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094)...
Time Info - ‎Thu ‎Mar ‎24 ‎2011 12:38:19 Download Started...
Download Completed
Installation Started...
Time Info - ‎Thu ‎Mar ‎24 ‎2011 12:38:34 Update failed with hr: 0x80070008
Installation Completed
Update completed with hr: 0x80070643
ERROR: Signature Update failed with hr=80070643
MpCmdRun: End Time: ‎Thu ‎Mar ‎24 ‎2011 12:38:34
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -GenuineCheck -RestrictPrivileges -Reinvoke
Start Time: ‎Thu ‎Mar ‎24 ‎2011 13:41:47

Start: Product Genuine Check
INFO: Verifying MSE WAT DLL(C:\Program Files\Microsoft Security Client\mssewat.dll)...
INFO: verified!
End: Product Genuine Check
MpCmdRun: End Time: ‎Thu ‎Mar ‎24 ‎2011 13:41:53
-------------------------------------------------------------------------------------


-------------------------------------------------------------------------------------
MpCmdRun: Command Line: "C:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe" -GenuineCheck -RestrictPrivileges -Reinvoke
Start Time: ‎Thu ‎Mar ‎24 ‎2011 13:46:49

Start: Product Genuine Check
INFO: Verifying MSE WAT DLL(C:\Program Files\Microsoft Security Client\mssewat.dll)...
INFO: verified!
End: Product Genuine Check
MpCmdRun: End Time: ‎Thu ‎Mar ‎24 ‎2011 13:46:53
-------------------------------------------------------------------------------------

And the OTL Text:

OTL logfile created on: 3/24/2011 1:52:26 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = D:\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 39.00 Mb Available Physical Memory | 8.00% Memory free
787.00 Mb Paging File | 85.00 Mb Available in Paging File | 11.00% Paging File free
Paging file location(s): C:\pagefile.sys 50 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 23.29 Gb Total Space | 13.48 Gb Free Space | 57.89% Space Free | Partition Type: NTFS
Drive D: | 51.24 Gb Total Space | 38.02 Gb Free Space | 74.20% Space Free | Partition Type: NTFS
Drive G: | 614.91 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF
Drive I: | 297.44 Gb Total Space | 273.69 Gb Free Space | 92.02% Space Free | Partition Type: NTFS

Computer Name: AMANDA-H8ZWZ5HK | User Name: Mom & Dad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/17 00:15:04 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/03/16 18:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2009/11/13 12:29:42 | 009,117,504 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009/11/13 12:29:40 | 002,057,536 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/16 18:27:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2009/11/13 12:28:04 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/06/16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2007/08/09 00:27:52 | 000,073,728 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/11/02 18:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2004/10/15 13:54:14 | 000,100,016 | ---- | M] (America Online, Inc) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe -- (AOL TopSpeedMonitor)


========== Driver Services (SafeList) ==========

DRV - [2011/03/24 13:46:44 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A1B887E-C165-4D4F-A03F-D53F8CC95995}\MpKsl17060633.sys -- (MpKsl17060633)
DRV - [2011/03/24 12:13:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{5A1B887E-C165-4D4F-A03F-D53F8CC95995}\MpKsl2bff6042.sys -- (MpKsl2bff6042)
DRV - [2010/06/10 18:00:06 | 000,022,528 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\intelsmb.sys -- (smbusp) Intel(R)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/11/22 16:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 16:36:34 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/03 20:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/03/31 14:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/01/10 14:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimtoday.com/search/aimtoolbar.jsp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tbff50sbox&query="
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.2.1.265
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07074039
FF - prefs.js..extensions.enabledItems: {b2509cd4-17cd-45ed-8146-a82af038f493}:1.38
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.8.3
FF - prefs.js..keyword.URL: "http://search.aol.com/aolcom/search?invocationType=tbff50ab&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 13:36:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/20 14:53:57 | 000,000,000 | ---D | M]

[2008/09/03 07:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Extensions
[2011/03/16 17:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions
[2010/01/29 20:25:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/06/11 13:59:43 | 000,000,000 | ---D | M] ("AOL Toolbar") -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2010/01/28 22:55:00 | 000,000,000 | ---D | M] (Power Twitter) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}
[2007/10/09 14:27:09 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\moveplayer@movenetworks.com
[2009/08/10 07:01:51 | 000,000,000 | ---D | M] (TwitterFox) -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\extensions\twitternotifier@naan.net
[2009/06/23 19:19:21 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Application Data\Mozilla\Firefox\Profiles\vrvqe7xs.default\searchplugins\aol-search.xml
[2011/03/20 14:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/20 14:32:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\MOM & DAD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\VRVQE7XS.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/31 20:47:26 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2011/03/20 14:32:19 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/08/02 14:30:35 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2006/09/05 17:55:37 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NpPopup.dll
[2006/01/18 10:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2009/04/28 14:52:55 | 000,002,236 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\askcom.xml
[2008/09/10 16:41:35 | 000,002,158 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2010/07/06 16:15:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 3.1\resources\en-us\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 3.1\aoltb.dll (AOL LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://photo.walmart.com/photo/uploads/ ... Client.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.130.130.2 206.130.133.2
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/27 10:01:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 14:12:18 | 000,000,088 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{4c5969a0-0aae-11df-9aa6-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{4c5969a0-0aae-11df-9aa6-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c5969a0-0aae-11df-9aa6-00038a000015}\Shell\AutoRun\command - "" = G:\WD SmartWare.exe -- [2009/11/13 12:25:22 | 003,280,672 | R--- | M] (Western Digital)
O33 - MountPoints2\{c6527e66-80d4-11df-9b40-00038a000015}\Shell\AutoRun\command - "" = K:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/24 13:33:23 | 000,000,000 | ---D | C] -- D:\My Documents\BlackBerry
[2011/03/24 13:33:17 | 000,000,000 | ---D | C] -- D:\My Documents\CWNAPR forms and letters
[2011/03/24 13:33:15 | 000,000,000 | ---D | C] -- D:\My Documents\DOH WABOP
[2011/03/24 13:28:18 | 000,000,000 | ---D | C] -- D:\My Documents\Downloads
[2011/03/24 13:28:17 | 000,000,000 | ---D | C] -- D:\My Documents\My Albums
[2011/03/24 13:27:01 | 000,000,000 | --SD | C] -- D:\My Documents\My Data Sources
[2011/03/24 12:51:58 | 000,000,000 | R--D | C] -- D:\My Documents\My Pictures
[2011/03/24 12:51:58 | 000,000,000 | R--D | C] -- D:\My Documents\My Music
[2011/03/24 12:51:57 | 000,000,000 | ---D | C] -- D:\My Documents\My Skype Content
[2011/03/24 12:51:57 | 000,000,000 | ---D | C] -- D:\My Documents\My Scans
[2011/03/24 12:51:54 | 000,000,000 | ---D | C] -- D:\My Documents\My Snapfire Shows
[2011/03/24 12:51:54 | 000,000,000 | ---D | C] -- D:\My Documents\My Skype Pictures
[2011/03/24 12:51:14 | 000,000,000 | R--D | C] -- D:\My Documents\My Videos
[2011/03/24 12:41:17 | 000,000,000 | ---D | C] -- D:\My Documents\Patt Carmel-Selah
[2011/03/24 12:39:57 | 000,000,000 | ---D | C] -- D:\My Documents\Retrieved Contents
[2011/03/24 12:37:45 | 000,000,000 | ---D | C] -- D:\My Documents\Symantec
[2011/03/24 12:37:45 | 000,000,000 | ---D | C] -- D:\My Documents\SGH-i617 My Documents
[2011/03/24 12:37:44 | 000,000,000 | ---D | C] -- D:\My Documents\Systweak
[2011/03/24 12:37:42 | 000,000,000 | ---D | C] -- D:\My Documents\__MACOSX
[2011/03/20 16:58:21 | 000,237,776 | ---- | C] (Tech-Pro Limited) -- C:\WINDOWS\System32\tpuninst.exe
[2011/03/20 16:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Update Remover
[2011/03/20 16:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Update Remover
[2011/03/20 14:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/20 14:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/03/20 14:44:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/03/19 11:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/03/18 15:55:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/18 15:55:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/18 15:54:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/18 15:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/17 15:31:43 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/16 15:04:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/15 20:27:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Start Menu\Programs\HiJackThis
[2011/03/15 13:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/15 13:09:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/03/14 15:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Application Data\Malwarebytes
[2011/03/14 15:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/13 15:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/02/27 14:41:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/02/27 14:41:06 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2011/02/27 14:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

========== Files - Modified Within 30 Days ==========

[2011/03/24 13:51:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/24 13:46:27 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/24 13:45:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/24 12:43:16 | 000,000,994 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-688789844-1060284298-1005UA.job
[2011/03/23 18:43:02 | 000,000,942 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-688789844-1060284298-1005Core.job
[2011/03/20 19:36:11 | 000,000,142 | ---- | M] () -- D:\My Documents\Files named uninstall.fnd
[2011/03/20 16:58:20 | 000,000,790 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Remove Windows Updates.LNK
[2011/03/20 16:57:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\Shortcut to wursetup.lnk
[2011/03/20 14:54:00 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/20 14:19:07 | 000,000,178 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\newdrive.bat
[2011/03/19 11:23:19 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/19 11:06:33 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\Shortcut to SystemLook.lnk
[2011/03/18 15:55:10 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/18 15:41:13 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/18 15:40:51 | 000,444,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/18 15:40:51 | 000,072,108 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/17 19:19:33 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\Shortcut to tdsskiller.lnk
[2011/03/17 15:50:48 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/17 15:50:47 | 000,002,326 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\Google Chrome.lnk
[2011/03/16 17:34:52 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/16 15:45:31 | 000,189,792 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/15 20:38:08 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\Mom & Dad\Desktop\HiJackThis.lnk
[2011/03/15 13:37:39 | 000,804,570 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/13 15:58:00 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/02 17:38:27 | 000,015,776 | ---- | M] () -- D:\My Documents\180616_1699708786702_1657392583_1543249_2287467_n.jpg

========== Files Created - No Company Name ==========

[2011/03/20 19:36:10 | 000,000,142 | ---- | C] () -- D:\My Documents\Files named uninstall.fnd
[2011/03/20 16:58:20 | 000,000,790 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Remove Windows Updates.LNK
[2011/03/20 16:57:33 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Desktop\Shortcut to wursetup.lnk
[2011/03/20 14:54:00 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/03/20 14:53:59 | 000,002,187 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2011/03/20 14:18:56 | 000,000,178 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Desktop\newdrive.bat
[2011/03/19 11:23:19 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/03/19 11:06:33 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Desktop\Shortcut to SystemLook.lnk
[2011/03/18 15:55:10 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/18 15:41:12 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/17 19:19:32 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Desktop\Shortcut to tdsskiller.lnk
[2011/03/15 20:27:46 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Desktop\HiJackThis.lnk
[2011/03/15 13:37:06 | 000,804,570 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/03/13 16:02:41 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/03/13 15:58:00 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/13 15:57:12 | 000,001,690 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/02 17:39:35 | 000,015,776 | ---- | C] () -- D:\My Documents\180616_1699708786702_1657392583_1543249_2287467_n.jpg
[2011/02/27 14:41:08 | 000,000,656 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\TweetDeck.lnk
[2010/10/15 21:06:37 | 000,115,128 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/17 13:33:21 | 000,000,092 | ---- | C] () -- C:\WINDOWS\BackupManager.INI
[2010/06/03 16:49:44 | 000,002,592 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2010/05/08 18:01:32 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/12 19:32:41 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2010/01/30 16:54:16 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/11/27 17:38:40 | 000,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2009/10/26 16:44:31 | 000,037,432 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/06/01 10:10:54 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2009/04/28 12:41:12 | 000,000,164 | ---- | C] () -- C:\WINDOWS\install.dat
[2009/04/22 19:18:40 | 000,038,478 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\Comma Separated Values (Windows).ADR
[2009/04/22 18:08:36 | 000,038,467 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\Microsoft Excel.ADR
[2008/04/27 16:39:47 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/09 10:26:24 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\fusioncache.dat
[2008/02/04 15:45:27 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/02/04 15:35:23 | 000,124,488 | ---- | C] () -- C:\WINDOWS\HPHins12.dat
[2008/02/04 15:35:23 | 000,014,916 | ---- | C] () -- C:\WINDOWS\hphmdl12.dat
[2007/05/22 11:48:12 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg077.dat
[2007/02/17 14:24:01 | 000,001,783 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/11/25 13:52:16 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/25 13:52:16 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/11/02 18:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006/08/01 17:53:27 | 000,005,618 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/04/20 07:37:56 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\yodleeuninstaller.dll
[2006/04/20 07:37:56 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\YodleeInstaller.dll
[2006/04/20 07:37:56 | 000,069,633 | ---- | C] () -- C:\WINDOWS\billpay.aol.com_ac.dll
[2006/02/07 17:32:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CompanionApp.INI
[2006/02/07 17:25:40 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Application Data\$_hpcst$.hpc
[2005/09/15 18:02:41 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Mom & Dad\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/08/10 10:00:12 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/08/10 10:00:12 | 000,000,018 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/05/31 22:05:29 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2005/05/29 14:08:26 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/29 13:37:46 | 000,000,725 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2005/05/29 13:32:01 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/29 13:23:55 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2005/05/29 13:23:35 | 000,000,008 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2005/05/29 13:23:03 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2005/05/29 13:21:45 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2005/05/29 13:21:06 | 000,001,379 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2005/05/29 13:21:06 | 000,000,011 | ---- | C] () -- C:\WINDOWS\album.ini
[2005/05/27 10:04:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/05/27 09:58:32 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/05/27 04:52:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/05/27 04:51:42 | 000,189,792 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 12:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/09/20 12:31:28 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\atsdrve.dll
[2002/08/29 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 05:00:00 | 000,444,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 05:00:00 | 000,249,270 | ---- | C] () -- C:\WINDOWS\System32\_005806_.tmp.dll
[2002/08/29 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 05:00:00 | 000,072,108 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 05:00:00 | 000,022,040 | ---- | C] () -- C:\WINDOWS\System32\_005774_.tmp.dll
[2002/08/29 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2005/09/14 20:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Medicare 2006 Phase II Assessment
[2007/03/09 18:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/12/28 10:25:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/10/15 20:27:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
[2010/09/08 19:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Systweak
[2011/03/16 17:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/27 15:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/08 21:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2010/01/26 14:06:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/04/28 16:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/24 17:10:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/06/24 15:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Aim
[2010/07/14 19:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Amazon
[2010/11/29 21:09:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Blackberry Desktop
[2011/02/08 18:03:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Canon
[2010/06/29 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Facebook
[2009/02/26 08:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1
[2005/09/14 20:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Medicare2
[2010/10/15 20:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Research In Motion
[2010/04/12 20:15:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\RIM Palm&PPC Upgrade Wizard
[2007/06/29 13:57:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Snapfish
[2010/09/08 19:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Systweak
[2010/07/10 15:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Tific
[2009/04/13 19:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
[2011/02/27 14:41:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2007/02/08 11:11:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Viewpoint
[2010/01/26 14:07:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom & Dad\Application Data\Western Digital
[2011/03/24 13:51:47 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

Next??
And thank-you for your knowledge and your patience!! Shellie
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 25th, 2011, 7:09 am

baylormum,
I think you will be fine now.
Just a few things:
  • First, Go to Control panel, Security Center, and be sure you have Automatic Updates ON, Firewall ON, and Antivirus ON.
  • If you use that Western Digital Program to perform backups, you may need to change settings so that it now backs up the D:\My Documents\ folder.
  • With the limitations on the size of the C: drive, be sure any new programs you install are installed on drive D: as well, just as you did with Java and Adobe.
  • If you start OTL on your desktop and click the Clean UP button, it will remove most of the tools we used. You may have to Uninstall that useless Windows Update Remover yourself.
  • You should keep a copy of TFC on your desktop and run it every week or two to get rid of extra junk files.
  • When you get a chance, now that the C: drive is somewhat cleaned out, go to Start, All Programs, Accessories, System Tools, and click on disk defragmenter.
    Highlight C: drive and click Defragment.
    (Only do this task when the machine can be spared for a couple hours. It could take that long.)

If you have more questions or problems, let me know. Otherwise, you should be good to go
Good luck on the job search.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 25th, 2011, 2:47 pm

One last thing. How do I get my files back on iTunes? When I click on iTunes it comes up but, it's blank. I see I can import them, but 1 file at a time? Gotta be an easier way!

Thanks, again, for all your help over the past 2 weeks. I stressed very little. Now, go help another 50+ year old mom!
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby baylormum » March 25th, 2011, 3:05 pm

One second last thing! Good antivirus? The one on Microsoft Security Center won't download (update) due to an "internet connection problem". Looked at the recommendations available through the link on the Security Center, but don't know if there is still one on the computer. It says if there are 2 that they may cause more problems with each other. Thanks. Shellie
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 26th, 2011, 10:08 am

baylormum,
We can check it out for you.
----------------------------------------------
Security Application Check:
Please download and save SecurityCheck.exe to your Desktop from one of the links below.
Link 1
Link 2
  • Double Click on SecurityCheck.exe, then follow the onscreen instructions inside of the black box and let it run.
  • After a bit, a Notepad document should open automatically called checkup.txt
  • Please copy and paste the contents of that document in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 26th, 2011, 11:59 am

Results: Notepad came up blank and the black screen says "the system cannot not find the path specified".
I tried it twice. Once from each link.
Shellie
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 26th, 2011, 4:08 pm

Were you able to run it and get the on screen instruction?
Was it on your desktop or in a download folder?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 26th, 2011, 5:02 pm

When I clicked on the "Link 1" it downloaded and asked whether to run or cancel. I selected run. That's when I got the black security check box. I moved it this time to the desktop & double-clicked. Said the same thing it said this morning:
"The directory name is invalid. 'DA~1\LOCALS~1\Temp\RarSFX1\SecurityCheck\' is not recognized as an internal or external command, operable program or batch file". Then "hit any key to begin". It runs in a couple minutes & up pops the notebook. Blank.
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm

Re: Infected desktop

Unread postby askey127 » March 27th, 2011, 8:08 am

baylormum,
If you are using Internet Explorer, or you don't have the proper settings in Firefox, downloading to your desktop can be difficult.
Your last copy of Security Check got dumped into an obscure folder. Let's fix it.
Then we can see whether anything needs to be done about your Antivirus and Firewall.
---------------------------------------------------------
Set Firefox to Ask Where to Save Downloads
Open Firefox, then hit the Alt key once .
At the top, click on Tools, and select Options.
Click on the General tab, and check the button "Always ask me where to save files"
Click OK.

Now use your Firefox to sign in to your topic here.
----------------------------------------------
Security Application Check:
Please download and save SecurityCheck.exe to your Desktop from one of the links below.
Link 1
Link 2
When you click on the link, it will ask if you want to Save the file. Click Save File.
Now It will show a dialog where you choose where you want to Save it. Click on [b][color=brown]Desktop
as the location in the dialog and Save it there.[/color][/b]
(Now this Notepad document below should work).
  • Double Click SecurityCheck.exe and give permission to continue if asked.
  • Give the OK to run the scan. It will pop various messages. Let it run.
  • May take some time; please don't interrupt it. Then a Notepad document should open automatically.
  • Please save it if you want, and copy and paste the contents of that document in your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Infected desktop

Unread postby baylormum » March 27th, 2011, 1:33 pm

I got the same results as yesterday. Security check says path not found & the notepad is blank.

Shellie
baylormum
Regular Member
 
Posts: 18
Joined: March 15th, 2011, 11:45 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 199 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware