Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Virus PC Pro


  • This topic is locked This topic is locked
39 replies to this topic

#1 jeepndiva

jeepndiva

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 09 October 2012 - 10:46 PM

Cannot access desktop icons via shortcuts, desktop icons are messed up. When I click on any desktop icon it will not execute.
IE sits at non responding. Basically double clicks on the desktop do not work. If I add a short cut to the desktop, such as Google Chrome and double click, it will not execute, have to right click and then open for Chrome to work. When I added the new shortcut to the desktop it was not the correct icon. Outlook is also giving error msgs.

The infection added Weatherbug and PC Pro, the PC Pro seems to be gone (or hiding) but not the Weatherbug, I have tried to uninstalled (via control panel) it gives the following error. Windows installer service could not be accessed. This can occur if running Windows in safe mode, or if the Windows Installer is not correctly installed.

The PC will not allow me to go to restore points either. Suggestions?

Defogger file
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:23 on 09/10/2012 (ldery)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-



DDS file

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by ldery at 22:24:20 on 2012-10-09
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1349 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\DefaultTab\DefaultTabSearch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\LEAD Technologies, Inc\LEADTOOLS ePrint 3.0\Bin\LPSVS03N.EXE
c:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\LEADTE~1\LEADTO~1.0\bin\EPRINT3.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [YouSendIt.exe] c:\program files\yousendit\express\YouSendIt.exe -ui none
uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [vptray] c:\progra~1\symant~1\symant~1\vptray.exe
mRun: [ePrint 3.0 Service] c:\progra~1\leadte~1\leadto~1.0\bin\EPRINT3.EXE
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: agentxsites.com
Trusted Zone: alamode.com
Trusted Zone: alamodelabs.com
Trusted Zone: almsr.com
Trusted Zone: appraisalpress.com
Trusted Zone: appraiserxsites.com
Trusted Zone: brokerxsites.com
Trusted Zone: certmail.com
Trusted Zone: flexapp1003.com
Trusted Zone: google.com\www
Trusted Zone: inspectorxsites.com
Trusted Zone: interflood.com
Trusted Zone: listingsxpress.com
Trusted Zone: mappoint.net
Trusted Zone: mirealsource.com
Trusted Zone: mortgagexsites.com
Trusted Zone: point2.com\agent
Trusted Zone: point2agent.com\angelaroe
Trusted Zone: point2agent.com\bettyclark2
Trusted Zone: point2agent.com\danielnovak1
Trusted Zone: point2agent.com\dianebraykovich
Trusted Zone: point2agent.com\noelbittinger1
Trusted Zone: point2agent.com\rachelhill1
Trusted Zone: point2agent.com\thomasgilliam
Trusted Zone: point2agent.com\tonyholguin
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: topproducer8i.com\www
Trusted Zone: virtualearth.net
Trusted Zone: xsellerate.com
Trusted Zone: xsitesnetwork.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: PUFLITE - hxxp://leeschostak.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/viewers/ipixx.cab
DPF: {32505657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1249870581265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://remax.webex.com/client/T27LB/nbr/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.11.5
TCP: Interfaces\{7F335A1B-BE79-4C10-8106-5F5EF3B27C1F} : DhcpNameServer = 192.168.11.5
Notify: igfxcui - igfxsrvc.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
R1 MpKsla6b5f49a;MpKsla6b5f49a;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{104ce1af-ea61-4420-98d9-88f889c1a5f1}\MpKsla6b5f49a.sys [2012-10-8 29904]
R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-7-17 562688]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-3-22 136176]
R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\microsoft sql server\mssql$retsdata\binn\sqlservr.exe -sretsdata --> c:\program files\microsoft sql server\mssql$retsdata\binn\sqlservr.exe -sRETSDATA [?]
R2 NAVAPEL;NAVAPEL;c:\program files\symantec_client_security\symantec antivirus\Navapel.sys [2002-6-19 29184]
R2 Norton AntiVirus Server;Symantec AntiVirus Client;c:\program files\symantec_client_security\symantec antivirus\Rtvscan.exe [2002-7-30 573440]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-8-11 24652]
R3 NAVAP;NAVAP;c:\program files\symantec_client_security\symantec antivirus\Navap.sys [2002-6-19 218112]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVENG.sys [2011-5-4 86064]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20101018.002\NAVEX15.sys [2011-5-4 1371184]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-11 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-3-22 136176]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\microsoft sql server\mssql$retsdata\binn\sqlagent.exe -i retsdata --> c:\program files\microsoft sql server\mssql$retsdata\binn\sqlagent.EXE -i RETSDATA [?]
.
=============== Created Last 30 ================
.
2012-10-09 02:22:57 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{104ce1af-ea61-4420-98d9-88f889c1a5f1}\MpKsla6b5f49a.sys
2012-10-09 00:38:28 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{104ce1af-ea61-4420-98d9-88f889c1a5f1}\mpengine.dll
2012-10-09 00:15:12 290304 ----a-w- C:\subinacl.exe
2012-10-09 00:11:14 -------- d-----w- C:\RegBackup
2012-10-09 00:08:43 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-07 22:56:37 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-10-03 21:08:58 -------- d-----w- c:\documents and settings\all users\application data\PC Optimizer Pro
2012-10-03 21:00:55 -------- d-----w- C:\extensions
2012-10-03 21:00:51 -------- d-----w- c:\documents and settings\ldery\application data\Qwiklinx
2012-10-03 21:00:50 -------- d-----w- c:\program files\Qwiklinx
2012-10-03 21:00:28 -------- d-----w- c:\documents and settings\ldery\application data\FCTB000100567
2012-10-03 21:00:09 -------- d-----w- c:\program files\DefaultTab
2012-10-03 20:59:57 -------- d-----w- c:\program files\Shop to Win 28
2012-10-03 20:59:42 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-10-03 20:59:37 -------- d-----w- c:\documents and settings\ldery\application data\DefaultTab
2012-10-03 20:59:00 -------- d-----w- c:\documents and settings\ldery\local settings\application data\WeatherBug
2012-10-03 20:58:54 -------- d-----w- c:\documents and settings\ldery\application data\WeatherBug
2012-10-03 20:58:51 18944 ----a-r- c:\documents and settings\ldery\application data\microsoft\installer\{297dcada-86a1-4a42-8a13-66b7d7a09fd2}\IconBB6A16301.exe
2012-10-03 20:58:51 11264 ----a-r- c:\documents and settings\ldery\application data\microsoft\installer\{297dcada-86a1-4a42-8a13-66b7d7a09fd2}\IconBB6A1630.exe
2012-10-03 20:58:39 -------- d-----w- c:\program files\AWS
2012-10-03 20:57:41 -------- d-----w- c:\program files\Yahoo!
2012-09-25 17:11:55 -------- d-----w- c:\program files\BrokerMetrics
.
==================== Find3M ====================
.
2012-10-08 22:13:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 22:13:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-09 16:24:43 230840 ----a-r- c:\windows\system32\cpnprt2.cid
.
============= FINISH: 22:25:18.61 ===============



DDS attach file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/9/2009 9:24:21 PM
System Uptime: 10/8/2012 10:22:08 PM (24 hours ago)
.
Motherboard: Dell Inc. | | 0C5706
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2793/800mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 20.841 GiB free.
D: is CDROM ()
W: is NetworkDisk (NTFS) - 20 GiB total, 9.415 GiB free.
Z: is NetworkDisk (NTFS) - 127 GiB total, 52.328 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP941: 8/14/2012 10:15:41 AM - Software Distribution Service 3.0
RP942: 8/27/2012 9:26:05 AM - Software Distribution Service 3.0
RP943: 8/28/2012 3:00:23 AM - Software Distribution Service 3.0
RP944: 8/29/2012 3:27:06 AM - System Checkpoint
RP945: 8/29/2012 3:36:47 AM - Software Distribution Service 3.0
RP946: 8/30/2012 9:22:03 AM - Software Distribution Service 3.0
RP947: 8/31/2012 9:24:08 AM - Software Distribution Service 3.0
RP948: 9/4/2012 9:25:44 AM - Software Distribution Service 3.0
RP949: 9/5/2012 9:28:03 AM - Software Distribution Service 3.0
RP950: 9/6/2012 9:29:09 AM - Software Distribution Service 3.0
RP951: 9/10/2012 9:24:32 AM - Software Distribution Service 3.0
RP952: 9/11/2012 9:30:09 AM - Software Distribution Service 3.0
RP953: 9/12/2012 1:54:47 PM - System Checkpoint
RP954: 9/12/2012 5:01:27 PM - Software Distribution Service 3.0
RP955: 9/12/2012 5:34:23 PM - Software Distribution Service 3.0
RP956: 9/13/2012 5:52:34 PM - System Checkpoint
RP957: 9/13/2012 6:01:25 PM - Software Distribution Service 3.0
RP958: 9/14/2012 6:01:05 PM - Software Distribution Service 3.0
RP959: 9/15/2012 6:00:56 PM - Software Distribution Service 3.0
RP960: 9/16/2012 2:17:53 AM - Software Distribution Service 3.0
RP961: 9/16/2012 6:00:55 PM - Software Distribution Service 3.0
RP962: 9/17/2012 6:01:24 PM - Software Distribution Service 3.0
RP963: 9/18/2012 6:01:16 PM - Software Distribution Service 3.0
RP964: 9/24/2012 9:19:42 AM - Software Distribution Service 3.0
RP965: 9/25/2012 3:00:18 AM - Software Distribution Service 3.0
RP966: 9/26/2012 3:22:08 AM - System Checkpoint
RP967: 9/26/2012 3:30:50 AM - Software Distribution Service 3.0
RP968: 9/27/2012 9:19:09 AM - Software Distribution Service 3.0
RP969: 9/28/2012 9:21:32 AM - Software Distribution Service 3.0
RP970: 9/29/2012 9:21:16 AM - Software Distribution Service 3.0
RP971: 9/30/2012 1:53:03 AM - Software Distribution Service 3.0
RP972: 9/30/2012 9:21:14 AM - Software Distribution Service 3.0
RP973: 10/1/2012 9:21:20 AM - Software Distribution Service 3.0
RP974: 10/2/2012 3:00:16 AM - Software Distribution Service 3.0
RP975: 10/3/2012 3:21:37 AM - System Checkpoint
RP976: 10/3/2012 3:30:20 AM - Software Distribution Service 3.0
RP977: 10/3/2012 4:58:34 PM - Installed WeatherBug
RP978: 10/4/2012 3:28:18 AM - Software Distribution Service 3.0
RP979: 10/6/2012 4:04:53 PM - Software Distribution Service 3.0
RP980: 10/7/2012 1:50:04 AM - Software Distribution Service 3.0
RP981: 10/7/2012 6:56:34 PM - Software Distribution Service 3.0
RP982: 10/8/2012 7:00:03 PM - System Checkpoint
RP983: 10/8/2012 8:11:10 PM - Tweaking.com - Windows Repair
RP984: 10/8/2012 8:38:23 PM - Software Distribution Service 3.0
RP985: 10/9/2012 9:30:13 PM - System Checkpoint
.
==== Installed Programs ======================
.
Abexo Free Registry Cleaner
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AgentOffice
AgentOffice for RE/MAX 7.0
AIM 7
Apple Application Support
Apple Software Update
BrokerMetrics
Compatibility Pack for the 2007 Office system
Conduit Engine
Coupon Printer for Windows
CutePDF Writer 2.8
DefaultTab Chrome
Download Updater (AOL LLC)
Dropbox
Elf_1.15 Toolbar
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.723
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 25
LEADTOOLS ePrint 3.0
LiveUpdate 1.7 (Symantec Corporation)
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Meeting 2007
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server Desktop Engine (RETSDATA)
Microsoft VC9 runtime libraries
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
QuickTime
Qwiklinx
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
Symantec AntiVirus Client
toolbox
ToolkitCMA
Top Producer Editor
TrueForms for AgentOffice
TuneUp Utilities 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Viewpoint Media Player
Virtual Fan Deck
WeatherBug
WebEx
WebFldrs XP
Windows Internet Explorer 8
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Software Update
YouSendIt Express
.
==== Event Viewer Messages From Past Week ========
.
10/8/2012 4:46:45 PM, error: TermServDevices [1111] - Driver Send To Microsoft OneNote Driver required for printer Send To OneNote 2007 is unknown. Contact the administrator to install the driver before you log in again.
10/8/2012 4:46:44 PM, error: TermServDevices [1111] - Driver PDF-XChange 2.5 DE required for printer PDF-XChange 2.5 DE is unknown. Contact the administrator to install the driver before you log in again.
10/8/2012 4:46:44 PM, error: TermServDevices [1111] - Driver HP LaserJet 2300L PCL 5e required for printer My Office HP LaserJet 2300L PCL 5e is unknown. Contact the administrator to install the driver before you log in again.
10/8/2012 4:46:44 PM, error: TermServDevices [1111] - Driver DocuCom PDF Driver required for printer ScanSoft PDF Create! is unknown. Contact the administrator to install the driver before you log in again.
10/8/2012 4:46:36 PM, error: TermServDevices [1111] - Driver DocuCom PDF Driver required for printer DocuCom PDF Driver is unknown. Contact the administrator to install the driver before you log in again.
10/8/2012 4:46:33 PM, error: TermServDevices [1111] - Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
10/8/2012 4:46:32 PM, error: TermServDevices [1111] - Driver HP LaserJet 2300L PCL 5e required for printer HP LaserJet 2300L PCL mine is unknown. Contact the administrator to install the driver before you log in again.
10/8/2012 4:46:32 PM, error: TermServDevices [1111] - Driver ActiveTouch Document Loader required for printer ActiveTouch Document Loader is unknown. Contact the administrator to install the driver before you log in again.
10/6/2012 6:32:30 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/6/2012 6:29:21 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm MpFilter
10/6/2012 6:08:47 PM, error: Service Control Manager [7034] - The EPrint III Service service terminated unexpectedly. It has done this 1 time(s).
10/6/2012 6:08:47 PM, error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).
10/6/2012 5:30:28 PM, error: Service Control Manager [7034] - The DefaultTabUpdate service terminated unexpectedly. It has done this 1 time(s).
10/6/2012 5:24:56 PM, error: Service Control Manager [7023] - The HID Input Service service terminated with the following error: The specified module could not be found.
10/6/2012 5:23:03 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
10/4/2012 10:06:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
10/4/2012 10:06:51 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2012 10:06:51 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2012 10:06:51 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2012 10:06:51 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
10/4/2012 10:06:44 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================


GMER file

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-09 23:35:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e WDC_WD400JD-75HKA1 rev.14.03G14
Running: 9opxfkpf.exe; Driver: C:\DOCUME~1\ldery\LOCALS~1\Temp\pxtdrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xBA52BF80]
? C:\DOCUME~1\ldery\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\ldery\Local Settings\Application Data\Google\Chrome\User Data\chrome_shutdown_ms.txt 4 bytes
File C:\Documents and Settings\ldery\Local Settings\Application Data\Google\Chrome\User Data\Default\3F.tmp 0 bytes
File C:\Documents and Settings\ldery\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_00009e 26832 bytes
File C:\Documents and Settings\ldery\Local Settings\Application Data\Google\Chrome\User Data\Default\Managed Mode Settings~RF5307f08.TMP 0 bytes
File C:\Documents and Settings\ldery\Local Settings\temp\etilqs_igZCGBrFLN694Yo 1028 bytes

---- EOF - GMER 1.0.15 ----

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 11 October 2012 - 10:39 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

I suggest we run these tools and make sure all traces of this infection is removed.

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

#3 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 11 October 2012 - 10:55 PM

Combo fix scan results

ComboFix 12-10-11.03 - ldery 10/11/2012 23:17:57.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1378 [GMT -4:00]
Running from: c:\documents and settings\ldery\Desktop\Bleep\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-09-12 to 2012-10-12 )))))))))))))))))))))))))))))))
.
.
2012-10-12 02:59 . 2012-10-12 02:59 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE087FC1-F351-48FD-A813-0B503E3389F4}\MpKsl44e38526.sys
2012-10-11 07:33 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE087FC1-F351-48FD-A813-0B503E3389F4}\mpengine.dll
2012-10-10 02:37 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-09 02:38 . 2012-10-09 02:38 -------- d-----w- c:\documents and settings\administrator\Application Data\Apple Computer
2012-10-09 00:15 . 2012-10-09 00:23 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-09 00:15 . 2004-06-11 20:33 290304 ----a-w- C:\subinacl.exe
2012-10-09 00:11 . 2012-10-09 00:11 -------- d-----w- C:\RegBackup
2012-10-09 00:08 . 2012-10-09 00:23 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-04 14:06 . 2012-10-04 14:06 -------- d-sh--w- c:\documents and settings\Administrator.RSD1\IETldCache
2012-10-03 21:08 . 2012-10-03 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-10-03 21:00 . 2012-10-03 21:00 -------- d-----w- C:\extensions
2012-10-03 21:00 . 2012-10-03 21:00 -------- d-----w- c:\documents and settings\ldery\Application Data\Qwiklinx
2012-10-03 21:00 . 2012-10-03 21:00 -------- d-----w- c:\program files\Qwiklinx
2012-10-03 21:00 . 2012-10-03 21:00 -------- d-----w- c:\documents and settings\ldery\Application Data\FCTB000100567
2012-10-03 21:00 . 2012-10-03 21:00 -------- d-----w- c:\program files\DefaultTab
2012-10-03 20:59 . 2012-10-06 21:46 -------- d-----w- c:\program files\Shop to Win 28
2012-10-03 20:59 . 2012-10-03 20:59 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-10-03 20:59 . 2012-10-06 21:46 -------- d-----w- c:\documents and settings\ldery\Application Data\DefaultTab
2012-10-03 20:59 . 2012-10-09 02:26 -------- d-----w- c:\documents and settings\ldery\Local Settings\Application Data\WeatherBug
2012-10-03 20:58 . 2012-10-03 20:58 -------- d-----w- c:\documents and settings\ldery\Application Data\WeatherBug
2012-10-03 20:58 . 2012-10-03 20:58 18944 ----a-r- c:\documents and settings\ldery\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-10-03 20:58 . 2012-10-03 20:58 11264 ----a-r- c:\documents and settings\ldery\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2012-10-03 20:58 . 2012-10-03 20:58 -------- d-----w- c:\program files\AWS
2012-10-03 20:58 . 2012-10-03 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-10-03 20:57 . 2012-10-06 22:21 -------- d-----w- c:\documents and settings\ldery\Application Data\Yahoo!
2012-10-03 20:57 . 2012-10-03 20:58 -------- d-----w- c:\program files\Yahoo!
2012-09-25 17:11 . 2012-10-02 18:12 -------- d-----w- c:\program files\BrokerMetrics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 22:13 . 2012-04-11 13:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 22:13 . 2011-05-17 12:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2010-06-23 16:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2011-04-18 17:18 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2002-09-03 20:03 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2002-09-03 19:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2002-09-03 19:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-09-03 20:03 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2002-09-03 19:50 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-09 16:24 . 2010-06-28 19:25 230840 ----a-r- c:\windows\system32\cpnprt2.cid
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2012-04-10 198144]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-06 118784]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"ePrint 3.0 Service"="c:\progra~1\LEADTE~1\LEADTO~1.0\bin\EPRINT3.EXE" [2003-03-24 58368]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-16 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\documents and settings\ldery\Start Menu\Programs\Startup\
Dropbox.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R1 MpKsl44e38526;MpKsl44e38526;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE087FC1-F351-48FD-A813-0B503E3389F4}\MpKsl44e38526.sys [10/11/2012 10:59 PM 29904]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2011 4:26 PM 136176]
R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/11/2009 11:01 AM 24652]
S2 DefaultTabSearch;DefaultTabSearch;c:\program files\DefaultTab\DefaultTabSearch.exe [7/17/2012 3:18 PM 562688]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 9:10 AM 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2011 4:26 PM 136176]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL44E38526
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 14:09]
.
2012-10-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:13]
.
2012-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-02 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2002-09-03 00:12]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 20:25]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 20:25]
.
2012-10-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2012-10-12 c:\windows\Tasks\User_Feed_Synchronization-{EBAF8396-3186-42D3-967D-8B3B0781B857}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: agentxsites.com
Trusted Zone: alamode.com
Trusted Zone: alamodelabs.com
Trusted Zone: almsr.com
Trusted Zone: appraisalpress.com
Trusted Zone: appraiserxsites.com
Trusted Zone: brokerxsites.com
Trusted Zone: certmail.com
Trusted Zone: flexapp1003.com
Trusted Zone: google.com\www
Trusted Zone: inspectorxsites.com
Trusted Zone: interflood.com
Trusted Zone: listingsxpress.com
Trusted Zone: mappoint.net
Trusted Zone: mirealsource.com
Trusted Zone: mortgagexsites.com
Trusted Zone: point2.com\agent
Trusted Zone: point2agent.com\angelaroe
Trusted Zone: point2agent.com\bettyclark2
Trusted Zone: point2agent.com\danielnovak1
Trusted Zone: point2agent.com\dianebraykovich
Trusted Zone: point2agent.com\noelbittinger1
Trusted Zone: point2agent.com\rachelhill1
Trusted Zone: point2agent.com\thomasgilliam
Trusted Zone: point2agent.com\tonyholguin
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: topproducer8i.com\www
Trusted Zone: virtualearth.net
Trusted Zone: xsellerate.com
Trusted Zone: xsitesnetwork.com
TCP: DhcpNameServer = 192.168.11.5
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PUFLITE - hxxp://leeschostak.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-11 23:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\WININET.dll
c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-10-11 23:27:14
ComboFix-quarantined-files.txt 2012-10-12 03:27
ComboFix2.txt 2012-10-06 22:00
ComboFix3.txt 2010-06-25 18:12
.
Pre-Run: 22,086,381,568 bytes free
Post-Run: 22,010,073,088 bytes free
.
- - End Of File - - A0331A94275EEBF9A5EC4ED7B5D090DC


Security Check file

Results of screen317's Security Check version 0.99.51
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.65.0.1400
HijackThis 2.0.2
TuneUp Utilities 2008
Abexo Free Registry Cleaner
Java™ 6 Update 25
Java version out of Date!
Adobe Reader X (10.1.4)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Symantec_Client_Security Symantec AntiVirus DefWatch.exe
Symantec_Client_Security Symantec AntiVirus Rtvscan.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````


AdwCleaner file

# AdwCleaner v2.004 - Logfile created 10/11/2012 at 23:40:35
# Updated 06/10/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : ldery - RSD1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\ldery\Desktop\Bleep\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\ldery\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Deleted on reboot : C:\Documents and Settings\ldery\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\ldery\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\ldery\Application Data\Qwiklinx
Folder Deleted : C:\Documents and Settings\ldery\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\ldery\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\Elf_1.15
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Qwiklinx
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\Elf_1.15
Key Deleted : HKCU\Software\FCTB000100567
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\ShopToWin
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100567.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2424042
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Elf_1.15
Key Deleted : HKLM\SOFTWARE\FCTB000100567
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2676AFC2-A6EA-4E14-B5E5-020DA50EA708}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Elf_1.15 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Elf_1.15 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\ldery\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7289 octets] - [11/10/2012 23:40:35]

########## EOF - C:\AdwCleaner[S1].txt - [7349 octets] ##########


Things appear to be the same, no change. Cannot double click icons and cannot get internet explorer to work. Combo fix did not ask for Recovery console. Advise, thanks in advance.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 12 October 2012 - 08:08 AM

Open notepad and copy/paste the text in the quote box below into it:

Folder::
C:\Program Files\AWS

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"=-

ClearJavaCache::


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

===


Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 25

Remove also this old version of HijackThis 2.0.2
This tool is now being replaced by the DDS.EXE


===

Lets try to Repair/Fix you Desktop.

Go to start, control panel, display
go to the desktop tab,
click the "customize desktop" button
go to the web tab in the new window that comes up.
uncheck everything you find there
also delete everything there except for "desktop"(which you won't be able to delete anyway

Or

Go to the Control Panel and choose Display (it may be under the Appearance and Themes section). Go to the Desktop tab. Click on the Customize Desktop button. Next, go to the Web tab and uncheck anything that might be checked there (it will probably be called "security"). Click OK and reboot your computer.
===

Run this and let me know if your Internet Explorer is working or not.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.
===

Keep me posted.

#5 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 12 October 2012 - 09:17 PM

2nd Combo Fix report

Can not remove Jave via add/remove programs gives error "Can't remove Java windows installer service could not be accessed. IE will still not connect. Can't install Java 7 even though I downloaded it.

Lets try to Repair/Fix you Desktop.
click the "customize desktop" button
go to the web tab in the new window that comes up. This never shows up.

System File Checker process will not run either, states Windows File Protection and needs windows CD.

Good news "Weather Bug is off".... advise.




ComboFix 12-10-11.03 - ldery 10/12/2012 21:18:31.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1304 [GMT -4:00]
Running from: c:\documents and settings\ldery\Desktop\Bleep\ComboFix.exe
Command switches used :: c:\documents and settings\ldery\Desktop\Bleep\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AWS
c:\program files\AWS\WeatherBug\download.txt
c:\program files\AWS\WeatherBug\Local\1px.gif
c:\program files\AWS\WeatherBug\Local\alert_failed.html
c:\program files\AWS\WeatherBug\Local\Background60.jpg
c:\program files\AWS\WeatherBug\Local\bot_default.html
c:\program files\AWS\WeatherBug\Local\bot_failed2.html
c:\program files\AWS\WeatherBug\Local\Bot_loading.gif
c:\program files\AWS\WeatherBug\Local\bot_loading.html
c:\program files\AWS\WeatherBug\Local\center_failed.html
c:\program files\AWS\WeatherBug\Local\center_loading.html
c:\program files\AWS\WeatherBug\Local\def_bot.gif
c:\program files\AWS\WeatherBug\Local\LeftNavbar60.JPG
c:\program files\AWS\WeatherBug\Local\skinmask60.bmp
c:\program files\AWS\WeatherBug\Local\TopNavbar60.JPG
c:\program files\AWS\WeatherBug\Local\WBug_Loading.gif
c:\program files\AWS\WeatherBug\Local\weather_window_loading.gif
c:\program files\AWS\WeatherBug\Local\WxBug.gif
c:\program files\AWS\WeatherBug\Local\wxbug.wav
c:\program files\AWS\WeatherBug\Local\wxbuglogo_hor.gif
c:\program files\AWS\WeatherBug\Local\WxWindow_failed.html
c:\program files\AWS\WeatherBug\Local\WxWindow_loading.html
c:\program files\AWS\WeatherBug\Local\WxWindow_noconnection.gif
c:\program files\AWS\WeatherBug\Local\xpchirpedu.bmp
c:\program files\AWS\WeatherBug\Weather.exe
c:\program files\AWS\WeatherBug\wxdist.dll
c:\program files\AWS\WeatherBug\wxlocm.dll
c:\program files\AWS\WeatherBug\WxMisc.dll
c:\program files\AWS\WeatherBug\Wxpref.dll
c:\program files\AWS\WeatherBug\wxproa.dll
c:\program files\AWS\WeatherBug\wxreg.dll
c:\program files\AWS\WeatherBug\wxutil.dll
c:\program files\AWS\WeatherBug\wxweb.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
.
.
2012-10-11 07:33 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE087FC1-F351-48FD-A813-0B503E3389F4}\mpengine.dll
2012-10-10 02:37 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-09 02:38 . 2012-10-09 02:38 -------- d-----w- c:\documents and settings\administrator\Application Data\Apple Computer
2012-10-09 00:15 . 2012-10-09 00:23 181064 ----a-w- c:\windows\PSEXESVC.EXE
2012-10-09 00:15 . 2004-06-11 20:33 290304 ----a-w- C:\subinacl.exe
2012-10-09 00:11 . 2012-10-09 00:11 -------- d-----w- C:\RegBackup
2012-10-09 00:08 . 2012-10-09 00:23 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-10-04 14:06 . 2012-10-04 14:06 -------- d-sh--w- c:\documents and settings\Administrator.RSD1\IETldCache
2012-10-03 21:08 . 2012-10-03 21:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro
2012-10-03 21:00 . 2012-10-03 21:00 -------- d-----w- C:\extensions
2012-10-03 21:00 . 2012-10-03 21:00 -------- d-----w- c:\documents and settings\ldery\Application Data\FCTB000100567
2012-10-03 20:59 . 2012-10-06 21:46 -------- d-----w- c:\program files\Shop to Win 28
2012-10-03 20:59 . 2012-10-09 02:26 -------- d-----w- c:\documents and settings\ldery\Local Settings\Application Data\WeatherBug
2012-10-03 20:58 . 2012-10-03 20:58 -------- d-----w- c:\documents and settings\ldery\Application Data\WeatherBug
2012-10-03 20:58 . 2012-10-03 20:58 18944 ----a-r- c:\documents and settings\ldery\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A16301.exe
2012-10-03 20:58 . 2012-10-03 20:58 11264 ----a-r- c:\documents and settings\ldery\Application Data\Microsoft\Installer\{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}\IconBB6A1630.exe
2012-10-03 20:58 . 2012-10-03 20:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-10-03 20:57 . 2012-10-06 22:21 -------- d-----w- c:\documents and settings\ldery\Application Data\Yahoo!
2012-10-03 20:57 . 2012-10-03 20:58 -------- d-----w- c:\program files\Yahoo!
2012-09-25 17:11 . 2012-10-02 18:12 -------- d-----w- c:\program files\BrokerMetrics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-08 22:13 . 2012-04-11 13:10 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 22:13 . 2011-05-17 12:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-07 21:04 . 2010-06-23 16:28 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 02:03 . 2011-04-18 17:18 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-28 15:14 . 2002-09-03 20:03 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2002-09-03 19:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2002-09-03 19:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2002-09-03 20:03 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2002-09-03 19:50 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2002-08-29 01:04 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-09 16:24 . 2010-06-28 19:25 230840 ----a-r- c:\windows\system32\cpnprt2.cid
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\ldery\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YouSendIt.exe"="c:\program files\YouSendIt\Express\YouSendIt.exe" [2012-04-10 198144]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-05-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-05-06 118784]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 77824]
"ePrint 3.0 Service"="c:\progra~1\LEADTE~1\LEADTO~1.0\bin\EPRINT3.EXE" [2003-03-24 58368]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-16 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\documents and settings\ldery\Start Menu\Programs\Startup\
Dropbox.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - [N/A]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2011 4:26 PM 136176]
R2 MSSQL$RETSDATA;MSSQL$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlservr.exe -sRETSDATA [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/11/2012 9:10 AM 250808]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/22/2011 4:26 PM 136176]
S3 SQLAgent$RETSDATA;SQLAgent$RETSDATA;c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA --> c:\program files\Microsoft SQL Server\MSSQL$RETSDATA\Binn\sqlagent.EXE -i RETSDATA [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 14:09]
.
2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 22:13]
.
2012-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-10-02 c:\windows\Tasks\defrag.job
- c:\windows\system32\defrag.exe [2002-09-03 00:12]
.
2012-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 20:25]
.
2012-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-03-22 20:25]
.
2012-10-12 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 21:25]
.
2012-10-12 c:\windows\Tasks\User_Feed_Synchronization-{EBAF8396-3186-42D3-967D-8B3B0781B857}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: agentxsites.com
Trusted Zone: alamode.com
Trusted Zone: alamodelabs.com
Trusted Zone: almsr.com
Trusted Zone: appraisalpress.com
Trusted Zone: appraiserxsites.com
Trusted Zone: brokerxsites.com
Trusted Zone: certmail.com
Trusted Zone: flexapp1003.com
Trusted Zone: google.com\www
Trusted Zone: inspectorxsites.com
Trusted Zone: interflood.com
Trusted Zone: listingsxpress.com
Trusted Zone: mappoint.net
Trusted Zone: mirealsource.com
Trusted Zone: mortgagexsites.com
Trusted Zone: point2.com\agent
Trusted Zone: point2agent.com\angelaroe
Trusted Zone: point2agent.com\bettyclark2
Trusted Zone: point2agent.com\danielnovak1
Trusted Zone: point2agent.com\dianebraykovich
Trusted Zone: point2agent.com\noelbittinger1
Trusted Zone: point2agent.com\rachelhill1
Trusted Zone: point2agent.com\thomasgilliam
Trusted Zone: point2agent.com\tonyholguin
Trusted Zone: realtytools.com
Trusted Zone: toolkitcma.com
Trusted Zone: toolkitcma2.com
Trusted Zone: topproducer8i.com\www
Trusted Zone: virtualearth.net
Trusted Zone: xsellerate.com
Trusted Zone: xsitesnetwork.com
TCP: DhcpNameServer = 192.168.11.5
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: PUFLITE - hxxp://leeschostak.point2agent.com/Office/ColpaControls/Photo/Control/PUFLITE.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-10-12 21:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-10-12 21:26:49
ComboFix-quarantined-files.txt 2012-10-13 01:26
ComboFix2.txt 2012-10-12 03:27
ComboFix3.txt 2012-10-06 22:00
ComboFix4.txt 2010-06-25 18:12
.
Pre-Run: 22,166,364,160 bytes free
Post-Run: 22,110,031,872 bytes free
.
- - End Of File - - B123E49792E24B689E307BA0F2CB7135

Edited by jeepndiva, 12 October 2012 - 09:26 PM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 13 October 2012 - 10:06 AM

On the desktop issue, let see if some policies have been changed.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :reg
    HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\Policies\System
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
    HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer
    HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Try this tool to remove any remnant items from the Old Java application.
Download Revo Uninstaller and remove any programs you are having difficulties in completing the removal using the Add/Remove Programs list.
http://majorgeeks.com/Revo_Uninstaller_d5706.html
===

System File Checker process will not run either, states Windows File Protection and needs windows CD.

Lets hope we do not need to go that way.

Post the SystemLook results.

#7 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 13 October 2012 - 11:01 AM

Ran Revo, did give me the error for windows but tried to continue to remove Java, gives 1,935 instances. I see

jarfile
javaplugin
javaplugin.160.25
javawebstart.isInstalled
javawebstart.isInstalled.1.6.0.0
JNLPfile

This is a 32 bit system and I did not remove any Java.

Also told it to uninstall weatherbug removed stuff but still left 136 instances found.

IE will still not work.

Let me know what you think next.




System Look Scan results
SystemLook 30.07.11 by jpshortstuff
Log created at 11:39 on 13/10/2012 by ldery
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"= 0x0000000000 (0)
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"= 0x0000000001 (1)
"undockwithoutlogon"= 0x0000000001 (1)
"DisableRegistryTools"= 0x0000000000 (0)


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
(No values found)


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0x0000000001 (1)
"NoDriveAutoRun"= 0x0003ffffff (67108863)
"NoDriveTypeAutoRun"= 0x0000000143 (323)
"NoDrives"= 0x0000000000 (0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"= 0x0000000143 (323)
"NoDriveAutoRun"= 0x0003ffffff (67108863)
"NoDrives"= 0x0000000000 (0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]


-= EOF =-

Edited by jeepndiva, 13 October 2012 - 11:09 AM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 13 October 2012 - 12:22 PM

After running Revo tool and deleting all if finds they may still be some remnant items in the registry. They are not active. Nothing to worry about.

No restrictions found.

Run the SystemLook again and run this scrip.


:filefind
desktop.ini


#9 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 13 October 2012 - 12:32 PM

SystemLook log below... Did you want me to remove any of the JAVA stuff, I was unsure of what to delete, then try to reinstall JAVA?


SystemLook 30.07.11 by jpshortstuff
Log created at 13:29 on 13/10/2012 by ldery
Administrator - Elevation successful

========== filefind ==========

Searching for "desktop.ini"
C:\Documents and Settings\administrator\Application Data\desktop.ini --ahs-- 62 bytes [02:06 10/08/2009] [21:02 09/08/2009] 88CF0FF92A4A9FA7BD9B7513B2E9E22B
C:\Documents and Settings\administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini ---hs-- 177 bytes [02:06 10/08/2009] [03:44 10/08/2009] 46546B9AA598920287D76DB95EE216EB
C:\Documents and Settings\administrator\Desktop\ldery\Desktop\desktop.ini --ahs-- 80 bytes [02:08 10/08/2009] [19:39 26/09/2004] C0A3CAC334BD72538FA738378E8135E3
C:\Documents and Settings\administrator\Desktop\ldery\Favorites\Desktop.ini --ahs-- 122 bytes [02:08 10/08/2009] [14:37 25/10/2004] 497F16A39716A5729873223FEDDA038E
C:\Documents and Settings\administrator\Desktop\ldery\My Documents\DESKTOP.INI --ahs-- 0 bytes [02:08 10/08/2009] [21:58 09/08/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\administrator\Desktop\ldery\My Documents\My Pictures\Desktop.ini --ahs-- 107 bytes [02:08 10/08/2009] [21:59 09/08/2009] 22C1D1652C6939771FCBE9B070AA523C
C:\Documents and Settings\administrator\Favorites\Desktop.ini --ahs-- 122 bytes [02:06 10/08/2009] [03:44 10/08/2009] 497F16A39716A5729873223FEDDA038E
C:\Documents and Settings\administrator\Favorites\Links\desktop.ini --ahs-- 84 bytes [17:26 13/08/2010] [17:26 13/08/2010] D954F262C6FDA8D2AB86E9E5AA5A6E30
C:\Documents and Settings\administrator\Local Settings\desktop.ini --ahs-- 62 bytes [02:06 10/08/2009] [02:37 09/10/2012] AD99B9121E1C94D9B6FEB18B3573A02E
C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini ---hs-- 67 bytes [14:03 11/08/2009] [14:03 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Feeds Cache\1GIUGN9C\desktop.ini ---hs-- 67 bytes [14:03 11/08/2009] [14:03 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Feeds Cache\5ADUO3CS\desktop.ini ---hs-- 67 bytes [14:03 11/08/2009] [14:03 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Feeds Cache\B8IFB963\desktop.ini ---hs-- 67 bytes [14:03 11/08/2009] [14:03 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\administrator\Local Settings\Application Data\Microsoft\Feeds Cache\CK074B16\desktop.ini ---hs-- 67 bytes [14:03 11/08/2009] [14:03 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\administrator\Local Settings\History\desktop.ini ---hs-- 113 bytes [02:06 10/08/2009] [03:44 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\administrator\Local Settings\History\History.IE5\desktop.ini ---hs-- 113 bytes [02:06 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\administrator\Local Settings\Temporary Internet Files\desktop.ini ---hs-- 67 bytes [02:06 10/08/2009] [03:43 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\administrator\My Documents\desktop.ini --ahs-- 84 bytes [02:06 10/08/2009] [17:26 13/08/2010] 2EE411B655413751A5615ABBEF874CD6
C:\Documents and Settings\administrator\My Documents\My Music\Desktop.ini --ahs-- 189 bytes [02:06 10/08/2009] [17:26 13/08/2010] D147365112F4E31038E5AABA2D70AB52
C:\Documents and Settings\administrator\My Documents\My Pictures\Desktop.ini --ahs-- 191 bytes [02:06 10/08/2009] [17:26 13/08/2010] D6254CA9BC0BA25006DABC24972F6D9E
C:\Documents and Settings\administrator\Recent\Desktop.ini --ahs-- 150 bytes [02:06 10/08/2009] [03:44 10/08/2009] 5DDA584F4F136B50B791E4B540B86059
C:\Documents and Settings\administrator\SendTo\desktop.ini --ahs-- 181 bytes [02:06 10/08/2009] [01:21 10/08/2009] C68330847B2FBA3BEBF9D16214523A4B
C:\Documents and Settings\administrator\Start Menu\desktop.ini --ahs-- 62 bytes [02:06 10/08/2009] [21:02 09/08/2009] 87F8888E1D77D9CEF69E901A97D40D73
C:\Documents and Settings\administrator\Start Menu\Programs\desktop.ini --ahs-- 292 bytes [02:06 10/08/2009] [19:06 02/03/2010] CE4121DB43CFCB6840905CAFE993EE8D
C:\Documents and Settings\administrator\Start Menu\Programs\Accessories\desktop.ini --ahs-- 542 bytes [02:06 10/08/2009] [19:06 02/03/2010] 0273C168051E821BE54B2D4FD087C747
C:\Documents and Settings\administrator\Start Menu\Programs\Accessories\Accessibility\desktop.ini --ahs-- 348 bytes [02:06 10/08/2009] [01:22 10/08/2009] 9F7D56E96FCE7AF0E7599AADD8126239
C:\Documents and Settings\administrator\Start Menu\Programs\Accessories\Entertainment\desktop.ini --ahs-- 84 bytes [02:06 10/08/2009] [01:22 10/08/2009] 9406FB6347AE3C0A373ABA7ECE378702
C:\Documents and Settings\administrator\Start Menu\Programs\Startup\desktop.ini --ahs-- 84 bytes [02:06 10/08/2009] [01:22 10/08/2009] D6A6856702E3F0953E7246A9B4A9FE35
C:\Documents and Settings\Administrator.RSD1\Application Data\desktop.ini --ahs-- 62 bytes [14:56 11/08/2009] [21:02 09/08/2009] 88CF0FF92A4A9FA7BD9B7513B2E9E22B
C:\Documents and Settings\Administrator.RSD1\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini --ahs-- 119 bytes [17:34 16/07/2010] [17:34 16/07/2010] F832E845938D514F7B2F68DAB651863D
C:\Documents and Settings\Administrator.RSD1\Favorites\Desktop.ini --ahs-- 122 bytes [17:34 16/07/2010] [17:34 16/07/2010] FC2BF37169C033A08C1FD7680193CCE2
C:\Documents and Settings\Administrator.RSD1\Local Settings\desktop.ini --ahs-- 62 bytes [14:56 11/08/2009] [14:06 04/10/2012] AD99B9121E1C94D9B6FEB18B3573A02E
C:\Documents and Settings\Administrator.RSD1\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini ---hs-- 67 bytes [17:34 16/07/2010] [17:34 16/07/2010] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Administrator.RSD1\Local Settings\Application Data\Microsoft\Feeds Cache\4LI3LJBS\desktop.ini ---hs-- 67 bytes [17:34 16/07/2010] [17:34 16/07/2010] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Administrator.RSD1\Local Settings\Application Data\Microsoft\Feeds Cache\6947QG5F\desktop.ini ---hs-- 67 bytes [17:34 16/07/2010] [17:34 16/07/2010] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Administrator.RSD1\Local Settings\Application Data\Microsoft\Feeds Cache\8KE88GBA\desktop.ini ---hs-- 67 bytes [17:34 16/07/2010] [17:34 16/07/2010] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Administrator.RSD1\Local Settings\Application Data\Microsoft\Feeds Cache\JTDHSFJA\desktop.ini ---hs-- 67 bytes [17:34 16/07/2010] [17:34 16/07/2010] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Administrator.RSD1\Local Settings\History\desktop.ini ---hs-- 113 bytes [14:56 11/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\Administrator.RSD1\Local Settings\History\History.IE5\desktop.ini ---hs-- 113 bytes [14:56 11/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\Administrator.RSD1\Local Settings\Temporary Internet Files\desktop.ini ---hs-- 67 bytes [14:56 11/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Administrator.RSD1\My Documents\desktop.ini --ahs-- 84 bytes [17:34 16/07/2010] [17:34 16/07/2010] 2EE411B655413751A5615ABBEF874CD6
C:\Documents and Settings\Administrator.RSD1\My Documents\My Music\Desktop.ini --ahs-- 189 bytes [17:34 16/07/2010] [17:34 16/07/2010] D147365112F4E31038E5AABA2D70AB52
C:\Documents and Settings\Administrator.RSD1\My Documents\My Pictures\Desktop.ini --ahs-- 191 bytes [17:34 16/07/2010] [17:34 16/07/2010] D6254CA9BC0BA25006DABC24972F6D9E
C:\Documents and Settings\Administrator.RSD1\Recent\Desktop.ini --ahs-- 150 bytes [17:34 16/07/2010] [17:34 16/07/2010] 4365E54D9A4F05CC52EDBC7D79D0E13C
C:\Documents and Settings\Administrator.RSD1\SendTo\desktop.ini --ahs-- 181 bytes [14:56 11/08/2009] [01:21 10/08/2009] C68330847B2FBA3BEBF9D16214523A4B
C:\Documents and Settings\Administrator.RSD1\Start Menu\desktop.ini --ahs-- 62 bytes [14:56 11/08/2009] [21:02 09/08/2009] 87F8888E1D77D9CEF69E901A97D40D73
C:\Documents and Settings\Administrator.RSD1\Start Menu\Programs\desktop.ini --ahs-- 292 bytes [14:56 11/08/2009] [17:34 16/07/2010] A899B456F639C889324EBA7F0657E61B
C:\Documents and Settings\Administrator.RSD1\Start Menu\Programs\Accessories\desktop.ini --ahs-- 542 bytes [14:56 11/08/2009] [17:34 16/07/2010] 0273C168051E821BE54B2D4FD087C747
C:\Documents and Settings\Administrator.RSD1\Start Menu\Programs\Accessories\Accessibility\desktop.ini --ahs-- 348 bytes [14:56 11/08/2009] [01:22 10/08/2009] 9F7D56E96FCE7AF0E7599AADD8126239
C:\Documents and Settings\Administrator.RSD1\Start Menu\Programs\Accessories\Entertainment\desktop.ini --ahs-- 84 bytes [14:56 11/08/2009] [01:22 10/08/2009] 9406FB6347AE3C0A373ABA7ECE378702
C:\Documents and Settings\Administrator.RSD1\Start Menu\Programs\Startup\desktop.ini --ahs-- 84 bytes [14:56 11/08/2009] [01:22 10/08/2009] D6A6856702E3F0953E7246A9B4A9FE35
C:\Documents and Settings\All Users\Application Data\desktop.ini --ahs-- 62 bytes [21:02 09/08/2009] [21:02 09/08/2009] 88CF0FF92A4A9FA7BD9B7513B2E9E22B
C:\Documents and Settings\All Users\Documents\desktop.ini --ahs-- 62 bytes [21:02 09/08/2009] [21:02 09/08/2009] 9E8D1B26D13D9E60D0F60609876B1B36
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini --ahs-- 151 bytes [01:20 10/08/2009] [01:21 10/08/2009] 13F6DB4DA1386738053E37488C12C1FA
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\desktop.ini ---hs-- 70 bytes [01:21 10/08/2009] [01:21 10/08/2009] E88B25EEF116900E85F81ABA7C075339
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini --ahs-- 150 bytes [01:20 10/08/2009] [01:21 10/08/2009] 3C9819ED4C8AD12C9201580481B55629
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\desktop.ini ---hs-- 42 bytes [01:21 10/08/2009] [01:21 10/08/2009] 35ED6CDB67F7B18AE5948023CEE1D02C
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini --ahs-- 151 bytes [01:18 10/08/2009] [01:18 10/08/2009] 1145EE7430368D44FC605D1D56B221D5
C:\Documents and Settings\All Users\Start Menu\desktop.ini --ahs-- 272 bytes [21:02 09/08/2009] [13:42 28/09/2009] 2550748C08218A37C929AF56FD08E470
C:\Documents and Settings\All Users\Start Menu\Programs\desktop.ini --ahs-- 62 bytes [21:02 09/08/2009] [21:02 09/08/2009] EE107EA66746B1FCBBFD6A10CB4E3DE0
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\desktop.ini --ahs-- 253 bytes [01:19 10/08/2009] [01:21 10/08/2009] 112631DD75DBC782CC9098C26F250D83
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Accessibility\desktop.ini --ahs-- 90 bytes [01:19 10/08/2009] [01:19 10/08/2009] 519122402777AA5F9B48DD48308F337F
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Communications\desktop.ini --ahs-- 516 bytes [01:18 10/08/2009] [13:45 28/09/2009] 31FC6BA9225FAA9C3001241A029068F7
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Entertainment\desktop.ini --ahs-- 146 bytes [01:19 10/08/2009] [01:19 10/08/2009] 066B4ADDF90E51FC9A2E39EDE37C7B04
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\System Tools\desktop.ini --ahs-- 757 bytes [01:19 10/08/2009] [03:37 10/08/2009] 15C99E1BEC69D6E3516E0C85AA0BCF58
C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\desktop.ini --ahs-- 545 bytes [01:19 10/08/2009] [01:22 10/08/2009] E21F947EBCF03DB2D66B1AD69D960C27
C:\Documents and Settings\All Users\Start Menu\Programs\Games\desktop.ini --ahs-- 798 bytes [01:19 10/08/2009] [03:40 10/08/2009] B026A55EA6A495D60A484CF24DFD9E3C
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini --ahs-- 84 bytes [21:02 09/08/2009] [01:22 10/08/2009] D6A6856702E3F0953E7246A9B4A9FE35
C:\Documents and Settings\bart\Application Data\desktop.ini --ahs-- 62 bytes [14:28 10/06/2011] [21:02 09/08/2009] 88CF0FF92A4A9FA7BD9B7513B2E9E22B
C:\Documents and Settings\bart\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini ---hs-- 60 bytes [14:28 10/06/2011] [14:28 10/06/2011] 446F9404A280F0AEA2784B074D460B0D
C:\Documents and Settings\bart\Favorites\Desktop.ini --ahs-- 122 bytes [14:28 10/06/2011] [14:28 10/06/2011] FC2BF37169C033A08C1FD7680193CCE2
C:\Documents and Settings\bart\Favorites\Links\desktop.ini --ahs-- 84 bytes [14:28 10/06/2011] [14:28 10/06/2011] D954F262C6FDA8D2AB86E9E5AA5A6E30
C:\Documents and Settings\bart\Local Settings\desktop.ini --ahs-- 62 bytes [14:28 10/06/2011] [14:28 10/06/2011] AD99B9121E1C94D9B6FEB18B3573A02E
C:\Documents and Settings\bart\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini ---hs-- 67 bytes [14:28 10/06/2011] [14:28 10/06/2011] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\bart\Local Settings\Application Data\Microsoft\Feeds Cache\29A2IRQX\desktop.ini ---hs-- 67 bytes [14:28 10/06/2011] [14:28 10/06/2011] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\bart\Local Settings\Application Data\Microsoft\Feeds Cache\8VNWXAFV\desktop.ini ---hs-- 67 bytes [14:28 10/06/2011] [14:28 10/06/2011] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\bart\Local Settings\Application Data\Microsoft\Feeds Cache\QL1HFHNO\desktop.ini ---hs-- 67 bytes [14:28 10/06/2011] [14:28 10/06/2011] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\bart\Local Settings\Application Data\Microsoft\Feeds Cache\R1E77JB4\desktop.ini ---hs-- 67 bytes [14:28 10/06/2011] [14:28 10/06/2011] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\bart\Local Settings\History\desktop.ini --ahs-- 113 bytes [14:28 10/06/2011] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\bart\Local Settings\History\History.IE5\desktop.ini --ahs-- 113 bytes [14:28 10/06/2011] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\bart\Local Settings\Temporary Internet Files\desktop.ini --ahs-- 67 bytes [14:28 10/06/2011] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\bart\My Documents\desktop.ini --ahs-- 75 bytes [14:28 10/06/2011] [14:28 10/06/2011] EC6883CEF2D6334BA9D8BD0E622FAE76
C:\Documents and Settings\bart\My Documents\My Music\Desktop.ini --ahs-- 180 bytes [14:28 10/06/2011] [14:28 10/06/2011] 5117F16D7CD0B663174F522A19946FFD
C:\Documents and Settings\bart\My Documents\My Pictures\Desktop.ini --ahs-- 182 bytes [14:28 10/06/2011] [14:28 10/06/2011] FEA0B666C97015452EE409547A4D8784
C:\Documents and Settings\bart\Recent\Desktop.ini --ahs-- 150 bytes [14:28 10/06/2011] [14:28 10/06/2011] 4365E54D9A4F05CC52EDBC7D79D0E13C
C:\Documents and Settings\bart\SendTo\desktop.ini --ahs-- 181 bytes [14:28 10/06/2011] [01:21 10/08/2009] C68330847B2FBA3BEBF9D16214523A4B
C:\Documents and Settings\bart\Start Menu\desktop.ini --ahs-- 62 bytes [14:28 10/06/2011] [21:02 09/08/2009] 87F8888E1D77D9CEF69E901A97D40D73
C:\Documents and Settings\bart\Start Menu\Programs\desktop.ini --ahs-- 248 bytes [14:28 10/06/2011] [14:28 10/06/2011] DBB6D6465CC8A6C951A56433FC20AD23
C:\Documents and Settings\bart\Start Menu\Programs\Accessories\desktop.ini --ahs-- 542 bytes [14:28 10/06/2011] [14:28 10/06/2011] 0273C168051E821BE54B2D4FD087C747
C:\Documents and Settings\bart\Start Menu\Programs\Accessories\Accessibility\desktop.ini --ahs-- 348 bytes [14:28 10/06/2011] [01:22 10/08/2009] 9F7D56E96FCE7AF0E7599AADD8126239
C:\Documents and Settings\bart\Start Menu\Programs\Accessories\Entertainment\desktop.ini --ahs-- 84 bytes [14:28 10/06/2011] [01:22 10/08/2009] 9406FB6347AE3C0A373ABA7ECE378702
C:\Documents and Settings\bart\Start Menu\Programs\Startup\desktop.ini --ahs-- 84 bytes [14:28 10/06/2011] [01:22 10/08/2009] D6A6856702E3F0953E7246A9B4A9FE35
C:\Documents and Settings\Default User\Application Data\desktop.ini --ahs-- 62 bytes [21:02 09/08/2009] [21:02 09/08/2009] 88CF0FF92A4A9FA7BD9B7513B2E9E22B
C:\Documents and Settings\Default User\Local Settings\desktop.ini --ahs-- 62 bytes [21:02 09/08/2009] [21:02 09/08/2009] AD99B9121E1C94D9B6FEB18B3573A02E
C:\Documents and Settings\Default User\Local Settings\History\desktop.ini ---hs-- 113 bytes [01:21 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\Default User\Local Settings\History\History.IE5\desktop.ini ---hs-- 113 bytes [01:21 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\desktop.ini ---hs-- 67 bytes [01:21 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Default User\SendTo\desktop.ini --ahs-- 181 bytes [01:21 10/08/2009] [01:21 10/08/2009] C68330847B2FBA3BEBF9D16214523A4B
C:\Documents and Settings\Default User\Start Menu\desktop.ini --ahs-- 62 bytes [21:02 09/08/2009] [21:02 09/08/2009] 87F8888E1D77D9CEF69E901A97D40D73
C:\Documents and Settings\Default User\Start Menu\Programs\desktop.ini --ahs-- 206 bytes [21:02 09/08/2009] [01:22 10/08/2009] E5502E0A8B4A43A98F938C3A8331B2CD
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\desktop.ini --ahs-- 482 bytes [01:21 10/08/2009] [01:22 10/08/2009] 4CC85BE58E2B0BE50C22C6F454DC593D
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Accessibility\desktop.ini --ahs-- 348 bytes [01:22 10/08/2009] [01:22 10/08/2009] 9F7D56E96FCE7AF0E7599AADD8126239
C:\Documents and Settings\Default User\Start Menu\Programs\Accessories\Entertainment\desktop.ini --ahs-- 84 bytes [01:22 10/08/2009] [01:22 10/08/2009] 9406FB6347AE3C0A373ABA7ECE378702
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\desktop.ini --ahs-- 84 bytes [21:02 09/08/2009] [01:22 10/08/2009] D6A6856702E3F0953E7246A9B4A9FE35
C:\Documents and Settings\ldery\Application Data\desktop.ini --ahs-- 62 bytes [17:14 10/08/2009] [21:02 09/08/2009] 88CF0FF92A4A9FA7BD9B7513B2E9E22B
C:\Documents and Settings\ldery\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini --ahs-- 119 bytes [17:14 10/08/2009] [17:14 10/08/2009] B6F6999BB50AFAB3A0217640527F2AD3
C:\Documents and Settings\ldery\Application Data\Microsoft\Office\Recent\Desktop.ini --ahs-- 95 bytes [17:24 23/05/2011] [17:24 23/05/2011] 39AE21045A0DE35A255CDDDA9FCBCB64
C:\Documents and Settings\ldery\Cookies\desktop.ini ---hs-- 67 bytes [18:07 26/07/2010] [18:07 26/07/2010] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Desktop\ldery\Desktop\desktop.ini --ahs-- 80 bytes [14:14 11/08/2009] [19:39 26/09/2004] C0A3CAC334BD72538FA738378E8135E3
C:\Documents and Settings\ldery\Desktop\ldery\Favorites\Desktop.ini --ahs-- 122 bytes [14:13 11/08/2009] [14:37 25/10/2004] 497F16A39716A5729873223FEDDA038E
C:\Documents and Settings\ldery\Desktop\ldery\My Documents\DESKTOP.INI --ahs-- 0 bytes [14:13 11/08/2009] [21:58 09/08/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\ldery\Desktop\ldery\My Documents\My Pictures\Desktop.ini --ahs-- 107 bytes [14:13 11/08/2009] [21:59 09/08/2009] 22C1D1652C6939771FCBE9B070AA523C
C:\Documents and Settings\ldery\Favorites\Desktop.ini --ahs-- 122 bytes [17:14 10/08/2009] [17:14 10/08/2009] 497F16A39716A5729873223FEDDA038E
C:\Documents and Settings\ldery\Favorites\Links\desktop.ini --ahs-- 84 bytes [18:41 09/08/2010] [18:41 09/08/2010] D954F262C6FDA8D2AB86E9E5AA5A6E30
C:\Documents and Settings\ldery\Local Settings\desktop.ini --ahs-- 62 bytes [17:14 10/08/2009] [17:26 13/10/2012] AD99B9121E1C94D9B6FEB18B3573A02E
C:\Documents and Settings\ldery\Local Settings\Application Data\Microsoft\Feeds Cache\desktop.ini ---hs-- 67 bytes [14:18 11/08/2009] [14:18 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Application Data\Microsoft\Feeds Cache\6OADJ2FF\desktop.ini ---hs-- 67 bytes [14:18 11/08/2009] [14:18 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Application Data\Microsoft\Feeds Cache\9GYAJJJP\desktop.ini ---hs-- 67 bytes [14:18 11/08/2009] [14:18 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Application Data\Microsoft\Feeds Cache\PV01VGQA\desktop.ini ---hs-- 67 bytes [14:18 11/08/2009] [14:18 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Application Data\Microsoft\Feeds Cache\VBHOCB16\desktop.ini ---hs-- 67 bytes [14:18 11/08/2009] [14:18 11/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\History\desktop.ini ---hs-- 145 bytes [17:46 23/06/2010] [11:47 17/05/2011] BA96961F5E22882527919E19DAEA510F
C:\Documents and Settings\ldery\Local Settings\History\History.IE5\desktop.ini ---hs-- 67 bytes [17:46 23/06/2010] [16:09 29/02/2012] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Temporary Internet Files\desktop.ini ---hs-- 67 bytes [15:25 23/05/2011] [15:25 23/05/2011] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ---hs-- 67 bytes [01:41 13/10/2012] [01:41 13/10/2012] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Temporary Internet Files\Content.IE5\4YRKT5EF\desktop.ini ---hs-- 67 bytes [01:41 13/10/2012] [01:41 13/10/2012] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Temporary Internet Files\Content.IE5\PPSCJ5TI\desktop.ini ---hs-- 67 bytes [01:41 13/10/2012] [01:41 13/10/2012] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Temporary Internet Files\Content.IE5\UYKM4TQF\desktop.ini ---hs-- 67 bytes [01:41 13/10/2012] [01:41 13/10/2012] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\Local Settings\Temporary Internet Files\Content.IE5\YSWJ184R\desktop.ini ---hs-- 67 bytes [01:41 13/10/2012] [01:41 13/10/2012] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\ldery\My Documents\desktop.ini --ahs-- 76 bytes [17:14 10/08/2009] [18:41 09/08/2010] E2DE26D16A5CE168DEB0D23D2FF660F6
C:\Documents and Settings\ldery\My Documents\Dropbox\desktop.ini ---hs-- 184 bytes [14:24 22/09/2011] [14:24 22/09/2011] 77F197231211D45BBE444D4F63D2C76F
C:\Documents and Settings\ldery\My Documents\Dropbox\Photos\desktop.ini ---hs-- 184 bytes [14:24 22/09/2011] [14:24 22/09/2011] E80C5AD70857EF38F8DA3680E5747FBC
C:\Documents and Settings\ldery\My Documents\Dropbox\Public\desktop.ini ---hs-- 184 bytes [14:24 22/09/2011] [14:24 22/09/2011] 8425ECC401D412FF5EBE3AF902E5A72B
C:\Documents and Settings\ldery\My Documents\My Data Sources\DESKTOP.INI ---h--- 70 bytes [22:20 05/11/2009] [18:30 27/07/2000] 466AFDBDD30770A1A6B47AFD85099E82
C:\Documents and Settings\ldery\My Documents\My Music\Desktop.ini --ahs-- 181 bytes [17:14 10/08/2009] [18:41 09/08/2010] 04DE202AF7282BE8D10A6CA8F8769992
C:\Documents and Settings\ldery\My Documents\My Pictures\Desktop.ini --ahs-- 183 bytes [17:14 10/08/2009] [18:41 09/08/2010] A34B3C0A5D1DE8D4553CEF7CAD1625F9
C:\Documents and Settings\ldery\My Documents\My Videos\Desktop.ini --ahs-- 182 bytes [21:38 06/10/2012] [21:38 06/10/2012] 8792FD33B4CE0F513AA791DFF627A3A8
C:\Documents and Settings\ldery\NetHood\Listing and Buyer Presentations on www.remaxregional.net\Desktop.ini ---hs-- 75 bytes [17:17 03/02/2010] [17:17 03/02/2010] 254A842845D5FE636A018ED64927573F
C:\Documents and Settings\ldery\NetHood\My Web Sites on MSN\Desktop.ini ---hs-- 75 bytes [16:00 27/08/2009] [16:00 27/08/2009] 254A842845D5FE636A018ED64927573F
C:\Documents and Settings\ldery\NetHood\Quarter 2, 2009 on www.remaxregional.net\Desktop.ini ---hs-- 75 bytes [21:04 27/10/2009] [21:04 27/10/2009] 254A842845D5FE636A018ED64927573F
C:\Documents and Settings\ldery\NetHood\Quarter 3, 2009 on www.remaxregional.net\Desktop.ini ---hs-- 75 bytes [15:42 03/02/2010] [15:42 03/02/2010] 254A842845D5FE636A018ED64927573F
C:\Documents and Settings\ldery\NetHood\Quarter 4, 2009 on www.remaxregional.net\Desktop.ini ---hs-- 75 bytes [14:43 11/03/2010] [14:43 11/03/2010] 254A842845D5FE636A018ED64927573F
C:\Documents and Settings\ldery\NetHood\rsd on Fsvm\Desktop.ini ---hs-- 75 bytes [20:43 18/04/2012] [14:46 25/05/2012] 254A842845D5FE636A018ED64927573F
C:\Documents and Settings\ldery\Recent\Desktop.ini --ahs-- 150 bytes [15:25 23/05/2011] [15:25 23/05/2011] 4365E54D9A4F05CC52EDBC7D79D0E13C
C:\Documents and Settings\ldery\SendTo\desktop.ini --ahs-- 181 bytes [17:14 10/08/2009] [01:21 10/08/2009] C68330847B2FBA3BEBF9D16214523A4B
C:\Documents and Settings\ldery\Start Menu\desktop.ini --ahs-- 62 bytes [17:14 10/08/2009] [21:02 09/08/2009] 87F8888E1D77D9CEF69E901A97D40D73
C:\Documents and Settings\ldery\Start Menu\Programs\desktop.ini --ahs-- 292 bytes [17:14 10/08/2009] [14:03 28/09/2009] CE4121DB43CFCB6840905CAFE993EE8D
C:\Documents and Settings\ldery\Start Menu\Programs\Accessories\desktop.ini --ahs-- 542 bytes [17:14 10/08/2009] [14:03 28/09/2009] 0273C168051E821BE54B2D4FD087C747
C:\Documents and Settings\ldery\Start Menu\Programs\Accessories\Accessibility\desktop.ini --ahs-- 348 bytes [17:14 10/08/2009] [01:22 10/08/2009] 9F7D56E96FCE7AF0E7599AADD8126239
C:\Documents and Settings\ldery\Start Menu\Programs\Accessories\Entertainment\desktop.ini --ahs-- 84 bytes [17:14 10/08/2009] [01:22 10/08/2009] 9406FB6347AE3C0A373ABA7ECE378702
C:\Documents and Settings\ldery\Start Menu\Programs\Administrative Tools\desktop.ini --ahs-- 62 bytes [21:38 06/10/2012] [21:38 06/10/2012] 87834B64DA1414AE863EAA974E153AEE
C:\Documents and Settings\ldery\Start Menu\Programs\Startup\desktop.ini --ahs-- 84 bytes [17:14 10/08/2009] [01:22 10/08/2009] D6A6856702E3F0953E7246A9B4A9FE35
C:\Documents and Settings\LocalService\Local Settings\desktop.ini --ahs-- 62 bytes [01:28 10/08/2009] [16:10 13/10/2012] AD99B9121E1C94D9B6FEB18B3573A02E
C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini ---hs-- 113 bytes [01:28 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\desktop.ini ---hs-- 113 bytes [01:28 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\desktop.ini ---hs-- 67 bytes [01:28 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini ---hs-- 67 bytes [02:14 13/10/2012] [02:14 13/10/2012] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Nathan\Application Data\desktop.ini --ahs-- 62 bytes [01:29 10/08/2009] [21:02 09/08/2009] 88CF0FF92A4A9FA7BD9B7513B2E9E22B
C:\Documents and Settings\Nathan\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini --ahs-- 139 bytes [01:29 10/08/2009] [01:29 10/08/2009] 4496BFC3F38480F4A5CE04381A2F02A6
C:\Documents and Settings\Nathan\Desktop\ldery\Desktop\desktop.ini --ahs-- 80 bytes [01:55 10/08/2009] [19:39 26/09/2004] C0A3CAC334BD72538FA738378E8135E3
C:\Documents and Settings\Nathan\Desktop\ldery\Favorites\Desktop.ini --ahs-- 122 bytes [01:55 10/08/2009] [14:37 25/10/2004] 497F16A39716A5729873223FEDDA038E
C:\Documents and Settings\Nathan\Desktop\ldery\My Documents\DESKTOP.INI --ahs-- 0 bytes [01:55 10/08/2009] [21:58 09/08/2009] D41D8CD98F00B204E9800998ECF8427E
C:\Documents and Settings\Nathan\Desktop\ldery\My Documents\My Pictures\Desktop.ini --ahs-- 107 bytes [01:55 10/08/2009] [21:59 09/08/2009] 22C1D1652C6939771FCBE9B070AA523C
C:\Documents and Settings\Nathan\Favorites\Desktop.ini --ahs-- 122 bytes [01:29 10/08/2009] [01:29 10/08/2009] 497F16A39716A5729873223FEDDA038E
C:\Documents and Settings\Nathan\Local Settings\desktop.ini --ahs-- 62 bytes [01:29 10/08/2009] [01:53 10/08/2009] AD99B9121E1C94D9B6FEB18B3573A02E
C:\Documents and Settings\Nathan\Local Settings\History\desktop.ini ---hs-- 113 bytes [01:29 10/08/2009] [01:29 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\Nathan\Local Settings\History\History.IE5\desktop.ini --ahs-- 113 bytes [01:29 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\Nathan\Local Settings\Temporary Internet Files\desktop.ini ---hs-- 67 bytes [01:29 10/08/2009] [01:29 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Documents and Settings\Nathan\My Documents\desktop.ini --ahs-- 77 bytes [01:29 10/08/2009] [01:29 10/08/2009] 249DAA711682D9A17DD7614651B40B9C
C:\Documents and Settings\Nathan\My Documents\My Music\Desktop.ini --ahs-- 182 bytes [01:29 10/08/2009] [01:29 10/08/2009] E10F554084B05D70CB7993AB88D8BE4C
C:\Documents and Settings\Nathan\My Documents\My Pictures\Desktop.ini --ahs-- 184 bytes [01:29 10/08/2009] [01:29 10/08/2009] 6A5B8129D758A1BC895C1CB1B692D22D
C:\Documents and Settings\Nathan\Recent\Desktop.ini --ahs-- 150 bytes [01:29 10/08/2009] [01:29 10/08/2009] 5DDA584F4F136B50B791E4B540B86059
C:\Documents and Settings\Nathan\SendTo\desktop.ini --ahs-- 181 bytes [01:29 10/08/2009] [01:21 10/08/2009] C68330847B2FBA3BEBF9D16214523A4B
C:\Documents and Settings\Nathan\Start Menu\desktop.ini --ahs-- 62 bytes [01:29 10/08/2009] [21:02 09/08/2009] 87F8888E1D77D9CEF69E901A97D40D73
C:\Documents and Settings\Nathan\Start Menu\Programs\desktop.ini --ahs-- 292 bytes [01:29 10/08/2009] [01:29 10/08/2009] CE4121DB43CFCB6840905CAFE993EE8D
C:\Documents and Settings\Nathan\Start Menu\Programs\Accessories\desktop.ini --ahs-- 542 bytes [01:29 10/08/2009] [01:29 10/08/2009] 0273C168051E821BE54B2D4FD087C747
C:\Documents and Settings\Nathan\Start Menu\Programs\Accessories\Accessibility\desktop.ini --ahs-- 348 bytes [01:29 10/08/2009] [01:22 10/08/2009] 9F7D56E96FCE7AF0E7599AADD8126239
C:\Documents and Settings\Nathan\Start Menu\Programs\Accessories\Entertainment\desktop.ini --ahs-- 84 bytes [01:29 10/08/2009] [01:22 10/08/2009] 9406FB6347AE3C0A373ABA7ECE378702
C:\Documents and Settings\Nathan\Start Menu\Programs\Startup\desktop.ini --ahs-- 84 bytes [01:29 10/08/2009] [01:22 10/08/2009] D6A6856702E3F0953E7246A9B4A9FE35
C:\Documents and Settings\NetworkService\Local Settings\desktop.ini --ahs-- 62 bytes [01:28 10/08/2009] [16:10 13/10/2012] AD99B9121E1C94D9B6FEB18B3573A02E
C:\Documents and Settings\NetworkService\Local Settings\History\desktop.ini ---hs-- 113 bytes [01:28 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\desktop.ini ---hs-- 113 bytes [01:28 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\desktop.ini ---hs-- 67 bytes [01:28 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\Program Files\Microsoft Office\OFFICE11\1033\DataServices\DESKTOP.INI --a---- 70 bytes [18:30 27/07/2000] [18:30 27/07/2000] 466AFDBDD30770A1A6B47AFD85099E82
C:\RECYCLER\S-1-5-21-1708537768-1715567821-725345543-1164\desktop.ini ---hs-- 65 bytes [15:45 13/10/2012] [15:45 13/10/2012] AD0B0B4416F06AF436328A3C12DC491B
C:\WINDOWS\desktop.ini --a---- 2 bytes [01:20 10/08/2009] [19:56 03/09/2002] 81051BCC2CF1BEDF378224B0A93E2877
C:\WINDOWS\assembly\Desktop.ini -rahs-- 227 bytes [21:15 10/08/2009] [21:15 10/08/2009] F7F759A5CD40BC52172E83486B6DE404
C:\WINDOWS\Downloaded Program Files\desktop.ini --ah--- 65 bytes [01:21 10/08/2009] [01:21 10/08/2009] 878B2E099C512B72A9FEA2257458C8B8
C:\WINDOWS\Fonts\desktop.ini --ahs-- 67 bytes [19:36 03/09/2002] [01:22 10/08/2009] 80C0482092BE4DDEBBFAE67A3651785A
C:\WINDOWS\Offline Web Pages\desktop.ini --ah--- 65 bytes [01:21 10/08/2009] [01:21 10/08/2009] 5079E25C0E9F1B5640B856225F5F5560
C:\WINDOWS\system32\desktop.ini --a---- 2 bytes [01:20 10/08/2009] [19:56 03/09/2002] 81051BCC2CF1BEDF378224B0A93E2877
C:\WINDOWS\system32\config\systemprofile\Application Data\desktop.ini --ahs-- 62 bytes [01:24 10/08/2009] [21:02 09/08/2009] 88CF0FF92A4A9FA7BD9B7513B2E9E22B
C:\WINDOWS\system32\config\systemprofile\Local Settings\desktop.ini --ahs-- 62 bytes [01:24 10/08/2009] [21:02 09/08/2009] AD99B9121E1C94D9B6FEB18B3573A02E
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\desktop.ini --ahs-- 113 bytes [01:24 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\desktop.ini --ahs-- 113 bytes [01:24 10/08/2009] [01:21 10/08/2009] D332CE83B166D5C244D22587AD75AAC4
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\desktop.ini --ahs-- 67 bytes [01:24 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini --ahs-- 67 bytes [01:24 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0KY3VZCB\desktop.ini --ahs-- 67 bytes [01:24 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\74F2NQ22\desktop.ini --ahs-- 67 bytes [01:24 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\88F87U8P\desktop.ini --ahs-- 67 bytes [01:24 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YPLOAYTT\desktop.ini --ahs-- 67 bytes [01:24 10/08/2009] [01:21 10/08/2009] 4A3DEB274BB5F0212C2419D3D8D08612
C:\WINDOWS\system32\config\systemprofile\SendTo\desktop.ini --ahs-- 181 bytes [01:24 10/08/2009] [01:21 10/08/2009] C68330847B2FBA3BEBF9D16214523A4B
C:\WINDOWS\system32\config\systemprofile\Start Menu\desktop.ini --ahs-- 62 bytes [01:24 10/08/2009] [21:02 09/08/2009] 87F8888E1D77D9CEF69E901A97D40D73
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\desktop.ini --ahs-- 206 bytes [01:24 10/08/2009] [01:22 10/08/2009] E5502E0A8B4A43A98F938C3A8331B2CD
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\desktop.ini --ahs-- 482 bytes [01:24 10/08/2009] [01:22 10/08/2009] 4CC85BE58E2B0BE50C22C6F454DC593D
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Accessibility\desktop.ini --ahs-- 348 bytes [01:24 10/08/2009] [01:22 10/08/2009] 9F7D56E96FCE7AF0E7599AADD8126239
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Accessories\Entertainment\desktop.ini --ahs-- 84 bytes [01:24 10/08/2009] [01:22 10/08/2009] 9406FB6347AE3C0A373ABA7ECE378702
C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini --ahs-- 84 bytes [01:24 10/08/2009] [01:22 10/08/2009] D6A6856702E3F0953E7246A9B4A9FE35
C:\WINDOWS\Tasks\desktop.ini -rah--- 65 bytes [01:20 10/08/2009] [19:48 03/09/2002] 6A82073D6E1CAEA8E63CF491BAADFA2B

-= EOF =-

Edited by jeepndiva, 13 October 2012 - 12:34 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 14 October 2012 - 08:33 AM

Install the new version of Java.
Forget About removing anything else unless you have some difficulties in viewing pages.
Let me know before you proceed deleting anything.

===

Run NotePad and open this file in bold.
C:\WINDOWS\desktop.ini

Post the content in your next reply.

Please let me know if you have the XP operating disk or have access to one.
We may need to run a tool and it will need the disk.

#11 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 14 October 2012 - 08:57 AM

Cannot run Java... "The windows installer service could not be accessed." error

C:\WINDOWS\desktop.ini "Is empty" not one thing in it.

I have the original OEM Windows CD.

Edited by jeepndiva, 14 October 2012 - 09:00 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 14 October 2012 - 10:08 AM

Cannot run Java... "The windows installer service could not be accessed." error


Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

===

You will probably by asked to use the XP CD to run this.

From the Start menu, select Run.
In the Open field, type sfc /scannow (Note: There is a space between sfc and /scannow)
Select the OK button.
Follow the prompts throughout the System File Checker process.
Reboot the computer when System File Checker completes.

Keep me posted

#13 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 14 October 2012 - 02:47 PM

FFS log file (below)

Ran the SFC and rebooted.... doesn't appear to be any change, IE opens and closes immediately. Still missing windows installer.... and icons on desktop not correct or working properly.




Farbar Service Scanner Version: 07-10-2012
Ran by ldery (administrator) on 14-10-2012 at 15:08:45
Running from "C:\Documents and Settings\ldery\Desktop\Bleep"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0700000005000000010000000200000003000000040000000600000007000000
IpSec Tag value is correct.

**** End of log ****

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:21 AM

Posted 15 October 2012 - 08:24 AM

Lets check further.

Please download RogueKiller© by Tigzy from one of the links below and save it to your desktop.

Link 1 Bleepingcomputer
Link 2 RogueKiller (par Tigzy)

  • Allow the download if prompted by your security software and please close all your programs.
  • Double click on RogueKiller.exe to run it. If it does not run, please try a few times.
  • A program window will open. Type 1 for Scan and press Enter when prompted.
  • Once finished, Notepad will open with a log called RKreport.txt, located at the desktop.
  • Please copy and paste the contents of that log in your next reply.


#15 jeepndiva

jeepndiva
  • Topic Starter

  • Members
  • 55 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 15 October 2012 - 05:33 PM

Scan results... I did not delete anything.

RogueKiller V8.1.0 [09/28/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : ldery [Admin rights]
Mode : Scan -- Date : 10/15/2012 18:28:26

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD400JD-75HKA1 +++++
--- User ---
[MBR] 3011fe93e93dc857f0e36d16af80e251
[BSP] d8cdc2499c499ec1166a6aaa83596c01 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 31 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64260 | Size: 38107 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users