« previous next »
Pages: 1 [2] 3 4 5   Go Down

Author Topic: [Resolved K]dds  (Read 4638 times)

0 Members and 1 Guest are viewing this topic.

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #15 on: March 11, 2012, 03:32:11 PM »
I'm sorry that it took so long to get back to you. Computer has been freezing up a lot. Sometimes a thing on the bottom pops up and says that I have plugged in a jack. When I access my files on c drive, There are some that are blue instead of the usual black.
Thank You,
Gary
This is the logfile for OTM
Files moved on Reboot...
File C:\Users\Gary\AppData\Local\Temp\Low\CouponBarIE.dll not found!

Registry entries deleted on Reboot...
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6483
Re: [Resolved K]dds
« Reply #16 on: March 11, 2012, 04:01:12 PM »
That is not the full log from OTM, I do need to see that log please, it will be here:

C:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Kevin

Logged

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #17 on: March 14, 2012, 01:41:51 PM »
I did search the OTM moved files but only have what is above. There are other items but they aren't text files or logs. I ran another OTM  remove files but still the same text log. I have been overwhelmed  due to studying for 3rd  degree black belt test. Sorry for not replying in a timely matter.
Thank You,
Gary
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6483
Re: [Resolved K]dds
« Reply #18 on: March 14, 2012, 03:48:34 PM »
Thanks for the reply, don`t worry about the time issue. Run the following:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from either of the following links :-

Link 1
Link 2

  • Ensure that Combofix is saved directly to the Desktop <--- Very important

  • Disable all security programs as they will have a negative effect on Combofix, instructions available Here if required. Be aware the list may not have all programs listed, if you need more help please ask.

  • Close any open browsers and any other programs you might have running
  • Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

  • Instructions for running Combofix available Here if required.

  • If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
  • When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read Here why  disabling autoruns is recommended.

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


Logged

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #19 on: March 18, 2012, 03:46:17 PM »
This is the log file from Combofix. The first time I ran it, the commputer was at the opening screen. Thiis time, I was able to get a logfile.
Thank you.
Gary Ryan

ComboFix 12-03-16.05 - Gary 03/17/2012  22:41:27.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.593 [GMT -4:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\WeatherBlink
c:\program files\WeatherBlink\bar\1.bin\CHROME.MANIFEST
c:\program files\WeatherBlink\bar\1.bin\chrome\gcffxtbr.jar
c:\program files\WeatherBlink\bar\1.bin\INSTALL.RDF
c:\program files\WeatherBlink\bar\1.bin\LOGO.BMP
c:\program files\WeatherBlink\bar\IE9Mesg\COMMON.T8S
c:\program files\WeatherBlink\bar\Message\COMMON.T8S
c:\program files\WeatherBlink\bar\Settings\s_pid.dat
c:\program files\WeatherBlinkEI
c:\users\Gary\AppData\Local\WeatherBlink Installer(0050eda9).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(0060d106).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(00a5b0da).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(00b7f089).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(0106bfab).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(013b5b9d).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(013fea54).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(01a255a6).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(021f13e8).exe
c:\users\Gary\AppData\Local\WeatherBlink Installer(02b2cd1c).exe
c:\users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
c:\windows\~GLC0000.TMP
c:\windows\~GLC0001.TMP
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-18 to 2012-03-18  )))))))))))))))))))))))))))))))
.
.
2012-03-18 03:00 . 2012-03-18 03:00   --------   d-----w-   c:\users\TEMP\AppData\Local\temp
2012-03-18 03:00 . 2012-03-18 03:00   --------   d-----w-   c:\users\RYANPC-PC\AppData\Local\temp
2012-03-18 03:00 . 2012-03-18 03:00   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-03-17 07:20 . 2012-03-18 04:38   --------   d-----w-   c:\users\Gary\AppData\Local\temp
2012-03-17 00:57 . 2012-03-17 00:57   --------   d-----w-   c:\users\Gary\AppData\Roaming\SpeedyPC Software
2012-03-17 00:57 . 2012-03-17 00:57   --------   d-----w-   c:\users\Gary\AppData\Roaming\DriverCure
2012-03-17 00:56 . 2012-03-17 05:20   --------   d-----w-   c:\programdata\SpeedyPC Software
2012-03-15 16:29 . 2012-03-15 16:29   319456   ----a-w-   c:\windows\DIFxAPI.dll
2012-03-13 22:05 . 2012-02-02 15:16   2044416   ----a-w-   c:\windows\system32\win32k.sys
2012-03-13 22:05 . 2012-02-14 15:45   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-03-13 22:05 . 2012-02-14 15:45   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-03-13 22:05 . 2012-02-13 14:12   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-03-13 22:05 . 2012-02-13 13:47   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-03-13 22:05 . 2012-02-13 13:44   1068544   ----a-w-   c:\windows\system32\DWrite.dll
2012-03-13 22:05 . 2012-01-31 10:59   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 22:04 . 2012-01-09 15:54   613376   ----a-w-   c:\windows\system32\rdpencom.dll
2012-03-13 22:04 . 2012-01-09 13:58   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-03-13 04:30 . 2012-03-13 04:32   --------   d-----w-   c:\users\Gary\MusicUntitled - 03-13-12
2012-03-08 18:53 . 2012-03-08 18:53   --------   dc----w-   C:\_OTM
2012-03-07 18:20 . 2012-03-07 18:20   --------   d-----w-   c:\program files\ESET
2012-02-28 05:10 . 2012-02-28 05:10   --------   d-----w-   c:\users\Gary\AppData\Roaming\Malwarebytes
2012-02-28 05:09 . 2012-02-28 05:09   --------   d-----w-   c:\programdata\Malwarebytes
2012-02-28 05:09 . 2011-12-10 20:24   20464   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-02-28 05:09 . 2012-02-28 05:10   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 20:04 . 2011-05-18 17:01   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-16 04:17 . 2011-06-26 05:46   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-30 23:47 . 2008-01-30 04:06   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
2010-08-26 10:43   349624   ----a-w-   c:\progra~1\SITERA~1\SiteRank.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-18 23:21   1811296   ----a-w-   c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7347e8c-1ca6-469b-951e-4a23c4437935}]
2010-02-23 01:55   2349080   ----a-w-   c:\program files\TV_Center\tbTV_1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-C0FF-FD7FA18DBF33}"= "c:\progra~1\NexusBar\nexusbar.dll" [2006-11-06 1823744]
"{a7347e8c-1ca6-469b-951e-4a23c4437935}"= "c:\program files\TV_Center\tbTV_1.dll" [2010-02-23 2349080]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd7fa18dbf33}]
[HKEY_CLASSES_ROOT\nexusbar.NEXUSBAR]
.
[HKEY_CLASSES_ROOT\clsid\{a7347e8c-1ca6-469b-951e-4a23c4437935}]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A7347E8C-1CA6-469B-951E-4A23C4437935}"= "c:\program files\TV_Center\tbTV_1.dll" [2010-02-23 2349080]
.
[HKEY_CLASSES_ROOT\clsid\{a7347e8c-1ca6-469b-951e-4a23c4437935}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"CTPDPSRV"="c:\windows\System32\spool\drivers\w32x86\3\CTpdpsrv.exe" [2001-09-18 45056]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2011-04-08 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-13 669936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-10 50688]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-11-27 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12]
2012-01-18 23:21   928096   ----a-w-   c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-01-18 23:21   939872   ----a-w-   c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:40]
.
2012-03-17 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-21 22:30]
.
2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 21:45]
.
2012-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 21:45]
.
2012-02-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-03-17 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: xfire_lsp_9028.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3003485&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3003485&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm016YYus&ptnrS=XNxdm016YYus&ptb=67E1AB6E-AB04-438F-98F7-9DDF0D8E9C55&psa=&ind=2012021017&st=kwd&n=77ed0119&searchfor=
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{CCB69577-088B-4004-9ED8-FF5BCC83A039} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Start WingMan Profiler - (no file)
HKU-Default-RunOnce-RealUpgradeHelper - c:\program files\Common Files\Real\Update_OB\upgrdhlp.exe
MSConfigStartUp-unYHREDALK - c:\programdata\unYHREDALK.exe
MSConfigStartUp-WeatherBlink Browser Plugin Loader - c:\progra~1\WEATHE~2\bar\1.bin\gcbrmon.exe
AddRemove-Aim Plugin for QQ Games - c:\program files\Tencent\QQ Games\Plugin\Uninstall.EXE
AddRemove-IL-2 Sturmovik - c:\windows\UbiSoft\SetupUbi.exe
AddRemove-QQ Bubble Arena - c:\program files\Tencent\QQ Games\QQ Bubble Arena\Uninstall.EXE
AddRemove-QQ Games - c:\program files\Tencent\QQ Games\Uninstall.EXE
AddRemove-QQ Pool - c:\program files\Tencent\QQ Games\QQ Pool\Uninstall.EXE
AddRemove-Random House Webster's Unabridged Dictionary - c:\program files\Random House
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-18 00:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-03-18  00:56:36
ComboFix-quarantined-files.txt  2012-03-18 04:56
.
Pre-Run: 204,651,622,400 bytes free
Post-Run: 204,589,596,672 bytes free
.
- - End Of File - - 04163E0E5016593D32E3190F6D6B1442
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6483
Re: [Resolved K]dds
« Reply #20 on: March 18, 2012, 04:28:34 PM »
Run the following:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code: [Select]
KillAll::
ClearJavaCache::
File::
Folder::
c:\progra~1\SITERA~1
c:\program files\TV_Center
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a7347e8c-1ca6-469b-951e-4a23c4437935}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4E7BD74F-2B8D-469E-C0FF-FD7FA18DBF33}"=-
"{a7347e8c-1ca6-469b-951e-4a23c4437935}"=-
[-HKEY_CLASSES_ROOT\clsid\{4e7bd74f-2b8d-469e-c0ff-fd7fa18dbf33}]
[-HKEY_CLASSES_ROOT\nexusbar.NEXUSBAR]
[-HKEY_CLASSES_ROOT\clsid\{a7347e8c-1ca6-469b-951e-4a23c4437935}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A7347E8C-1CA6-469B-951E-4A23C4437935}"=-
DDS::
IE: Crawler Search - tbr:iemenu
Firefox::
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3003485&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3003485&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XNxdm016YYus&ptnrS=XNxdm016YYus&ptb=67E1AB6E-AB04-438F-98F7-9DDF0D8E9C55&psa=&ind=2012021017&st=kwd&n=77ed0119&searchfor=
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Re-run ESET online scanner exactly as you did previously with the same settings, let me see the log.

Let me see those two logs in your reply, also give an update on current issues and concerns...

Kevin
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6483
Re: [Resolved K]dds
« Reply #21 on: March 23, 2012, 10:29:45 AM »
Are you still with us Rich1428?
Logged

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #22 on: March 23, 2012, 07:50:42 PM »
I have the combofix file but when I run Eset, it usually takes a little over an hour and computer goes to opening screen where you sign in. The Windows unexpected shutdown menu appears and says that it is a blue screen problem. I will rerun it again. It doesn't give me an Eset.txt file.
Thank you,
Gary Ryan

ComboFix 12-03-16.05 - Gary 03/21/2012  13:19:05.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.2045.659 [GMT -4:00]
Running from: c:\users\Gary\Desktop\ComboFix.exe
Command switches used :: c:\users\Gary\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-02-21 to 2012-03-21  )))))))))))))))))))))))))))))))
.
.
2012-03-21 17:36 . 2012-03-21 17:40   --------   d-----w-   c:\users\Gary\AppData\Local\temp
2012-03-21 17:36 . 2012-03-21 17:36   --------   d-----w-   c:\users\TEMP\AppData\Local\temp
2012-03-21 17:36 . 2012-03-21 17:36   --------   d-----w-   c:\users\RYANPC-PC\AppData\Local\temp
2012-03-21 17:36 . 2012-03-21 17:36   --------   d-----w-   c:\users\Default\AppData\Local\temp
2012-03-17 00:57 . 2012-03-17 00:57   --------   d-----w-   c:\users\Gary\AppData\Roaming\SpeedyPC Software
2012-03-17 00:57 . 2012-03-17 00:57   --------   d-----w-   c:\users\Gary\AppData\Roaming\DriverCure
2012-03-17 00:56 . 2012-03-17 05:20   --------   d-----w-   c:\programdata\SpeedyPC Software
2012-03-15 16:29 . 2012-03-15 16:29   319456   ----a-w-   c:\windows\DIFxAPI.dll
2012-03-13 22:05 . 2012-02-14 15:45   219648   ----a-w-   c:\windows\system32\d3d10_1core.dll
2012-03-13 22:05 . 2012-02-14 15:45   160768   ----a-w-   c:\windows\system32\d3d10_1.dll
2012-03-13 22:05 . 2012-02-13 14:12   1172480   ----a-w-   c:\windows\system32\d3d10warp.dll
2012-03-13 22:05 . 2012-02-13 13:47   683008   ----a-w-   c:\windows\system32\d2d1.dll
2012-03-13 22:05 . 2012-02-13 13:44   1068544   ----a-w-   c:\windows\system32\DWrite.dll
2012-03-13 22:05 . 2012-01-31 10:59   2409784   ----a-w-   c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 04:30 . 2012-03-13 04:32   --------   d-----w-   c:\users\Gary\MusicUntitled - 03-13-12
2012-03-08 18:53 . 2012-03-08 18:53   --------   dc----w-   C:\_OTM
2012-03-07 18:20 . 2012-03-07 18:20   --------   d-----w-   c:\program files\ESET
2012-02-28 05:10 . 2012-02-28 05:10   --------   d-----w-   c:\users\Gary\AppData\Roaming\Malwarebytes
2012-02-28 05:09 . 2012-02-28 05:09   --------   d-----w-   c:\programdata\Malwarebytes
2012-02-28 05:09 . 2012-02-28 05:10   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 20:04 . 2011-05-18 17:01   414368   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-02 15:16 . 2012-03-13 22:05   2044416   ----a-w-   c:\windows\system32\win32k.sys
2012-01-09 15:54 . 2012-03-13 22:04   613376   ----a-w-   c:\windows\system32\rdpencom.dll
2012-01-09 13:58 . 2012-03-13 22:04   180736   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2011-06-16 04:17 . 2011-06-26 05:46   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-30 23:47 . 2008-01-30 04:06   119808   ----a-w-   c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-01-18 23:21   1811296   ----a-w-   c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-01-18 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-10-09 100888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-10-09 100888]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2008-07-10 46368]
"CTPDPSRV"="c:\windows\System32\spool\drivers\w32x86\3\CTpdpsrv.exe" [2001-09-18 45056]
"Bluetooth HCI Monitor"="HCIMNTR.DLL" [2006-12-07 9728]
"Belkin Storage Manager"="c:\program files\Belkin Storage Manager\StorageManager.exe" [2009-02-03 858624]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2009-01-09 114688]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-12-08 421736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"TkBellExe"="c:\program files\Real\realplayer\update\realsched.exe" [2011-04-08 273544]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AutoLaunch"="c:\program files\Lavasoft\Ad-Aware\AutoLaunch.exe" [2011-06-13 669936]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-13 715568]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-10 50688]
SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2011-11-27 679936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ      autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12]
2012-01-18 23:21   928096   ----a-w-   c:\program files\AVG Secure Search\ROC_roc_dec12.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2012-01-18 23:21   939872   ----a-w-   c:\program files\AVG Secure Search\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R4 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs   REG_MULTI_SZ      BthServ
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 17:40]
.
2012-03-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-21 22:30]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 21:45]
.
2012-03-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 21:45]
.
2012-02-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
2012-03-21 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: xfire_lsp_9028.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\users\Gary\AppData\Roaming\Mozilla\Firefox\Profiles\dc0e44lf.default\
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-21 13:40
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3724)
c:\program files\SetPoint\lgscroll.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\AVG\AVG2012\avgwdsvc.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\AVG\AVG2012\AVGIDSAgent.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\SetPoint\LBTWiz.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\ehome\ehmsas.exe
c:\program files\Browny02\BrYNSvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2012-03-21  13:53:01 - machine was rebooted
ComboFix-quarantined-files.txt  2012-03-21 17:52
ComboFix2.txt  2012-03-21 13:33
ComboFix3.txt  2012-03-18 04:56
.
Pre-Run: 199,705,358,336 bytes free
Post-Run: 199,900,360,704 bytes free
.
- - End Of File - - EBD2254ADEA64D1FA821E17268C1A93F
.
Logged

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #23 on: March 23, 2012, 11:31:20 PM »
I was able to get eset.txt file.


C:\System Volume Information\SystemRestore\FRStaging\Users\Gary\AppData\Local\Temp\Low\CouponBarIE.dll   probably a variant of Win32/Adware.Softomate.AD application
C:\System Volume Information\SystemRestore\FRStaging\Users\Gary\Desktop\couponprinter.exe   probably a variant of Win32/Adware.Softomate.AD application
C:\System Volume Information\SystemRestore\FRStaging\Users\Gary\Desktop\setup.exe   multiple threats
C:\System Volume Information\SystemRestore\FRStaging\Users\Gary\Downloads\couponprinter(2).exe   probably a variant of Win32/Adware.Softomate.AD application
C:\System Volume Information\SystemRestore\FRStaging\Users\Gary\Downloads\couponprinter.exe   probably a variant of Win32/Adware.Softomate.AD application
C:\_OTM\MovedFiles\03082012_135321\C_Users\Gary\AppData\Local\Temp\jar_cache3367983247202405674.tmp   Win32/Agent.STT trojan
C:\_OTM\MovedFiles\03082012_135321\C_Users\Gary\AppData\Local\Temp\jar_cache3592074060664246505.tmp   Win32/Agent.STT trojan
C:\_OTM\MovedFiles\03082012_135321\C_Users\Gary\AppData\Local\Temp\jar_cache430370682781056772.tmp   Java/Exploit.CVE-2011-3544.AT trojan
C:\_OTM\MovedFiles\03082012_135321\C_Users\Gary\Desktop\couponprinter.exe   probably a variant of Win32/Adware.Softomate.AD application
C:\_OTM\MovedFiles\03082012_135321\C_Users\Gary\Desktop\setup.exe   multiple threats
C:\_OTM\MovedFiles\03082012_135321\C_Users\Gary\Downloads\couponprinter(2).exe   probably a variant of Win32/Adware.Softomate.AD application
C:\_OTM\MovedFiles\03082012_135321\C_Users\Gary\Downloads\couponprinter.exe   probably a variant of Win32/Adware.Softomate.AD application
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6483
Re: [Resolved K]dds
« Reply #24 on: March 24, 2012, 02:36:53 AM »
Thanks for the reply Gary, OK do the following:

Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2 

Save it to your desktop. If you still have OTM ignore the d/l instruction and just do as follows:

Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

Code: [Select]
:Files
:Commands
[EmptyTemp]
[ClearAllRestorePoints]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.

Let me se that log, also give an update on current issues or concerns...

Thanks,

Kevin
Logged

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #25 on: March 24, 2012, 05:30:03 PM »
All processes killed
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Gary
->Temp folder emptied: 284195 bytes
->Temporary Internet Files folder emptied: 585541418 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67048657 bytes
->Google Chrome cache emptied: 260368779 bytes
->Apple Safari cache emptied: 10222592 bytes
->Opera cache emptied: 7769410 bytes
->Flash cache emptied: 36436 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: RYANPC-PC
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 6464133 bytes
->Flash cache emptied: 713 bytes
 
User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 83 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4296 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 13467157 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 898 bytes
RecycleBin emptied: 38757 bytes
 
Total Files Cleaned = 907.00 mb
 
 
Restore point Set: OTM Restore Point
 
OTM by OldTimer - Version 3.1.19.0 log created on 03242012_191035

Files moved on Reboot...

Registry entries deleted on Reboot...

This is the OTM file. I haven't had a chance to really check Internet Explorer. Several days ago the cursor would freeze up for a while while checking E-mail. Everything was working slowly. When I access C drive and look at my files, some are blue and the rest are black. I can't access the blue colored files.
Thank you,
Gary Ryan
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6483
Re: [Resolved K]dds
« Reply #26 on: March 24, 2012, 06:02:43 PM »
Can you fully check your system and see what issue remain....
Logged

Offline rich1428

  • Bronze Member
  • Posts: 71
Re: [Resolved K]dds
« Reply #27 on: March 25, 2012, 09:24:44 PM »
I have a slow response when I am on the internet or E-mail. When I use Chessmaster, It works fine. The only thing is it prompts me to put disk 1 in order to run it every time. Usually I can use it for a while before I have to do this. I guess it doesn't remember when I put the disk in.
Thank you,
Gary Ryan
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6483
Re: [Resolved K]dds
« Reply #28 on: March 26, 2012, 01:23:18 AM »
Hiya Gary,

The Chessmaster issue is down to the program Software, not your PC. Regarding the slow connection, is that the same with all browsers? I see you have more than one installed.
Your recent logs are clean, dont see any obvious malware... Systems can be slow initially after running TFC, that usually picks up after a re-boot. If not re-boot again.
Let me know if this issue continues, if it is the same with all browsers or specific to one....

Kevin
Logged

Offline kevinf80

  • Malware Removal Staff
  • Diamond Member
  • Posts: 6483
Re: [Resolved K]dds
« Reply #29 on: March 30, 2012, 02:26:05 PM »
Due to the lack of feedback this topic is closed. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!
Logged
Pages: 1 [2] 3 4 5   Go Up
« previous next »