Jump to content

I think I still have a virus.


rocknblues81
 Share

Recommended Posts

Alight, my computer started running show a few nights back and I ran an AVD scan and deleted a Trojan Horse Crypt_s.AIH file. Since that deletion, my computer freezes for about 2 or 2 mins when I hit the "Shut Down" button in start menu. I've ran 2 my virus scans with AVG, but it no longer picks up anything... But there is obviously still some kind of issue. Anyway, here is my Hijack log:

 

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:18:25 AM, on 2/16/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:PROGRA~1AVGAVG2013avgrsx.exe
C:Program FilesAVGAVG2013avgcsrvx.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesRealRealPlayerupdaterealsched.exe
C:Program FilesAVGAVG2013avgui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesAVGAVG2013avgidsagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesAVGAVG2013avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:Program FilesAVGAVG2013avgnsx.exe
C:WINDOWSsystem32dlcxcoms.exe
C:Program FilesCanonIJPLMIJPLMSVC.EXE
C:Program FilesJavajre7binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32IoctlSvc.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:WINDOWSsystem32SearchIndexer.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe
C:WINDOWSsystem32wuauclt.exe
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80204
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80204
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings,ProxyOverride = *.local
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:Program FilesAsk.comGenericAskToolbar.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45A2-B558-1755C3F6253B} - C:Program FilesWinamp Toolbarwinamptb.dll
O1 - Hosts: 119.42.146.34 www.warez-bb.org
O1 - Hosts: 119.42.146.34 warez-bb.org
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:Program FilesWinamp Toolbarwinamptb.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:Program FilesConduitEngineprxConduitEngine.dll (file missing)
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:Program FilesCanonEasy-WebPrint EXewpexbho.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG2012avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Mario Forever - {707db484-2428-402d-afb5-d85b387544c7} - C:Program FilesMario_ForeverprxtbMar0.dll (file missing)
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre7binssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier5.7.8313.1002swg.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:Program FilesMicrosoftBingBar7.1.391.0BingExt.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre7binjp2ssv.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:Program FilesGoogleChromeApplication24.0.1312.57npchrome_frame.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:PROGRA~1Yahoo!CompanionInstallscpnyt.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:Program FilesCanonEasy-WebPrint EXewpexhlp.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:Program FilesWinamp Toolbarwinamptb.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:Program FilesAsk.comGenericAskToolbar.dll
O3 - Toolbar: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:Program FilesMario_ForeverprxtbMar0.dll (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:Program FilesMicrosoftBingBar7.1.391.0BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:Program FilesGoogleGoogle ToolbarGoogleToolbar_32.dll
O4 - HKLM..Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..Run: [igfxTray] C:WINDOWSsystem32igfxtray.exe
O4 - HKLM..Run: [Persistence] C:WINDOWSsystem32igfxpers.exe
O4 - HKLM..Run: [MDS_Menu] "C:Program FilesOlympusibMUITransferMUIStartMenu.exe" "C:Program FilesOlympusib" UpdateWithCreateOnce "SoftwareOLYMPUSib1.0"
O4 - HKLM..Run: [CanonMyPrinter] C:Program FilesCanonMyPrinterBJMyPrt.exe /logon
O4 - HKLM..Run: [CanonSolutionMenu] C:Program FilesCanonSolutionMenuCNSLMAIN.exe /logon
O4 - HKLM..Run: [Nikon Transfer Monitor] C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
O4 - HKLM..Run: [AppleSyncNotifier] C:Program FilesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [ApnUpdater] "C:Program FilesAsk.comUpdaterUpdater.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Malwarebytes Anti-Malware (reboot)] "C:Program FilesMalwarebytes' Anti-Malwarembam.exe" /runcleanupscript
O4 - HKLM..Run: [TkBellExe] "C:Program FilesRealRealPlayerupdaterealsched.exe" -osboot
O4 - HKLM..Run: [AVG_UI] "C:Program FilesAVGAVG2013avgui.exe" /TRAYONLY
O4 - HKLM..Run: [sunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKCU..Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:Program FilesCommon FilesAheadLibNMBgMonitor.exe"
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [swg] "C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe"
O4 - HKCU..Run: [AlcoholAutomount] "C:Program FilesAlcohol SoftAlcohol 120AxAutoMntSrv.exe" -automount
O4 - Global Startup: Windows Search.lnk = C:Program FilesWindows Desktop SearchWindowsSearch.exe
O8 - Extra context menu item: &Winamp Search - C:Documents and SettingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:Documents and SettingsRhondaApplication DataDVDVideoSoftIEHelpersyoutubetomp3.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:windowssystem32nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1360786047062
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLMSystemCCSServicesTcpip..{E976E438-CF57-4591-9737-4C85782733FC}: NameServer = 192.168.1.1
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:Program FilesGoogleChromeApplication24.0.1312.57npchrome_frame.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG2012avgpp.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:Program FilesSUPERAntiSpywareSASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG2013avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:Program FilesAVGAVG2013avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: dlcx_device - - C:WINDOWSsystem32dlcxcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:Program FilesGoogleUpdateGoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:Program FilesCommon FilesInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:Program FilesCanonIJPLMIJPLMSVC.EXE
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:Program FilesJavajre7binjqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:Program FilesLavasoftAd-AwareAAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program FilesCommon FilesLightScribeLSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:Program FilesMozilla Maintenance Servicemaintenanceservice.exe
O23 - Service: NBService - Nero AG - C:Program FilesNeroNero 7Nero BackItUpNBService.exe
O23 - Service: NMIndexingService - Nero AG - C:Program FilesCommon FilesAheadLibNMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:WINDOWSsystem32IoctlSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
--
End of file - 13925 bytes
Thanks for any help.
Edited by rocknblues81
Link to comment
Share on other sites

Hello rocknblues81 and :wp:

My name is JonTom

  • [*]Malware Logs can sometimes take a lot of time to research and interpret. [*]Please be patient while I try to assist with your problem. If at any time you do not understand what is required,
please ask for further explanation. [*]Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean. [*]Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet. [*]PLEASE NOTE: If you do not reply after 3 days your thread will be closed.


Please do the following:

 

 

 

  • [*]
Please perform the following scan
  • [*]Please download DDS from
here and save it to your desktop. [*]Disable any script blocking protection (How to Disable your Security Programs) [*]Double click on the DDS icon to run the tool (may take up to 3 minutes to run). [*]When done, DDS.txt will open. [*]After a few moments, attach.txt will open in a second window. [*]Save both reports to your desktop. [*]Please post the contents of the DDS.txt and Attach.txt logs in your next reply.

[*]DeFogger

  • [*]Please download
DeFogger to your desktop. [*]Click on DeFogger to run the tool. [*]The application window will appear. [*]Click the Disable button to disable your CD Emulation drivers. [*]Click Yes to continue. [*]A 'Finished!' message will appear. [*]Click OK. [*]DeFogger will now ask to reboot the machine - click OK.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.

[*]aswMBR

  • [*]Download
aswMBR.exe to your desktop. [*]Double click the aswMBR.exe to run it. [*]When asked if you want to download Avast's virus definitions please select Yes. [*]Click the "Scan" button to start scan.

Posted Image

  • [*]On completion of the scan click
save log, save it to your desktop and post in your next reply.

Posted Image

Post both DDS logs and the aswMBR log in your next reply.

 

 

 

 

Link to comment
Share on other sites

DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
Run by Rhonda at 20:45:32 on 2013-02-17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1150 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Internet Security 2012 *Enabled*
.
============== Running Processes ================
.
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesAVGAVG2013avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32dlcxcoms.exe
C:Program FilesCanonIJPLMIJPLMSVC.EXE
C:Program FilesJavajre7binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32IoctlSvc.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:WINDOWSsystem32SearchIndexer.exe
C:WINDOWSSystem32alg.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32igfxsrvc.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesCanonMyPrinterBJMyPrt.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesAsk.comUpdaterUpdater.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesRealRealPlayerupdaterealsched.exe
C:Program FilesAVGAVG2013avgui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMicrosoftBingBar7.1.391.0SeaPort.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSSystem32svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:program filesask.comGenericAskToolbar.dll
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:program filesyahoo!companioninstallscpnyt.dll
uURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45A2-B558-1755C3F6253B} - c:program fileswinamp toolbarwinamptb.dll
mURLSearchHooks: Winamp Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:program fileswinamp toolbarwinamptb.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:program fileswinamp toolbarwinamptb.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} -
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:program filescanoneasy-webprint exewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
BHO: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:program filesgooglegoogletoolbarnotifier5.7.8313.1002swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program filesmicrosoftbingbar7.1.391.0BingExt.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:program filesask.comGenericAskToolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:program filesgooglechromeapplication24.0.1312.57npchrome_frame.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:program filescanoneasy-webprint exewpexhlp.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:program fileswinamp toolbarwinamptb.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:program filesask.comGenericAskToolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:program filesyahoo!companioninstallscpnyt.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:program filescanoneasy-webprint exewpexhlp.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:program fileswinamp toolbarwinamptb.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:program filesask.comGenericAskToolbar.dll
TB: Mario Forever Toolbar: {707db484-2428-402d-afb5-d85b387544c7} -
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:program filescanoneasy-webprint exewpexhlp.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:program filescommon filesaheadlibNMBgMonitor.exe"
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
uRun: [AlcoholAutomount] "c:program filesalcohol softalcohol 120AxAutoMntSrv.exe" -automount
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [igfxTray] c:windowssystem32igfxtray.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [MDS_Menu] "c:program filesolympusibmuitransfermuistartmenu.exe" "c:program filesolympusib" updatewithcreateonce "softwareolympusib1.0"
mRun: [CanonMyPrinter] c:program filescanonmyprinterBJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:program filescanonsolutionmenuCNSLMAIN.exe /logon
mRun: [Nikon Transfer Monitor] c:program filescommon filesnikonmonitorNkMonitor.exe
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [ApnUpdater] "c:program filesask.comupdaterUpdater.exe"
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
mRun: [TkBellExe] "c:program filesrealrealplayerupdaterealsched.exe" -osboot
mRun: [AVG_UI] "c:program filesavgavg2013avgui.exe" /TRAYONLY
mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
StartupFolder: c:docume~1alluse~1startm~1programsstartupwindow~1.lnk - c:program fileswindows desktop searchWindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-WindowsSystem: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Winamp Search - c:documents and settingsall usersapplication datawinamp toolbarietoolbarresourcesen-uslocalsearch.html
IE: Free YouTube to Mp3 Converter - c:documents and settingsrhondaapplication datadvdvideosoftiehelpersyoutubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1360786047062
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces{E976E438-CF57-4591-9737-4C85782733FC} : NameServer = 192.168.1.1
TCP: Interfaces{E976E438-CF57-4591-9737-4C85782733FC} : DHCPNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:program filesgooglechromeapplication24.0.1312.57npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:program filessuperantispywareSASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication24.0.1312.57installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 119.42.146.34 www.warez-bb.org
Hosts: 119.42.146.34 warez-bb.org
================= FIREFOX ===================
.
FF - ProfilePath - c:documents and settingsrhondaapplication datamozillafirefoxprofilesbbvc4ame.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111703320353&tb_oid=05-07-2010&tb_mrud=15-01-2013&query=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2345972&SearchSource=13
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - component: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginfirefoxextcomponentsnprpffbrowserrecordext.dll
FF - component: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginfirefoxextcomponentsnprpffbrowserrecordlegacyext.dll
FF - component: c:documents and settingsrhondaapplication datamozillafirefoxprofilesbbvc4ame.defaultextensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}componentsWinampTBPlayer.dll
FF - component: c:documents and settingsrhondaapplication datamozillafirefoxprofilesbbvc4ame.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll
FF - component: c:documents and settingsrhondaapplication datamozillafirefoxprofilesbbvc4ame.defaultextensions{3112ca9c-de6d-4884-a869-9855de68056c}componentsgoogletoolbar-ff3.dll
FF - component: c:documents and settingsrhondaapplication datamozillafirefoxprofilesbbvc4ame.defaultextensions{7b13ec3e-999a-4b70-b9cb-2617b8323822}componentsFFExternalAlert.dll
FF - component: c:documents and settingsrhondaapplication datamozillafirefoxprofilesbbvc4ame.defaultextensions{7b13ec3e-999a-4b70-b9cb-2617b8323822}componentsRadioWMPCore.dll
FF - component: c:program filesavgavg10firefoxcomponentsavgssff.dll
FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprpchromebrowserrecordext.dll
FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprphtml5videoshim.dll
FF - plugin: c:documents and settingsrhondaapplication datafacebooknpfbplugin_1_0_3.dll
FF - plugin: c:documents and settingsrhondaapplication datamove networkspluginsnpqmp071505000011.dll
FF - plugin: c:documents and settingsrhondaapplication datamozillafirefoxprofilesbbvc4ame.defaultextensions{7b13ec3e-999a-4b70-b9cb-2617b8323822}pluginsnp-mswmp.dll
FF - plugin: c:documents and settingsrhondalocal settingsapplication datayahoo!browserplus2.9.8pluginsnpybrowserplus_2.9.8.dll
FF - plugin: c:program filesadobereader 9.0readerairnppdf32.dll
FF - plugin: c:program filescanoneasy-photoprint exNPEZFFPI.DLL
FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF - plugin: c:program filesgoogleupdate1.3.21.135npGoogleUpdate3.dll
FF - plugin: c:program filesjavajre7binplugin2npjp2.dll
FF - plugin: c:program filesmicrosoft silverlight5.1.10516.0npctrlui.dll
FF - plugin: c:program filesmozilla firefoxpluginsNPcol400.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpCouponPrinter.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpMozCouponPrinter.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpwachk.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - plugin: c:windowssystem32npdeployJava1.dll
FF - plugin: c:windowssystem32npptools.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 21:26; {20a82645-c095-46ed-80e3-08825760534b}; c:windowsmicrosoft.netframeworkv3.5windows presentation foundationDotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-07-01 23:58; {3112ca9c-de6d-4884-a869-9855de68056c}; c:documents and settingsall usersapplication datagoogletoolbar for firefox{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [2012-4-19 55776]
R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2010-9-7 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2010-9-7 35552]
R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2010-9-9 64288]
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2009-10-29 28552]
R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [2011-12-23 179936]
R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [2011-12-23 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2010-9-7 159712]
R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2010-9-7 164832]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywareSASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-2-17 67664]
R2 !SASCORE;SAS Core Service;c:program filessuperantispywareSASCORE.EXE [2010-7-22 116608]
R2 avgwd;AVG WatchDog;c:program filesavgavg2013avgwdsvc.exe [2012-10-22 196664]
R2 dlcx_device;dlcx_device;c:windowssystem32dlcxcoms.exe -service --> c:windowssystem32dlcxcoms.exe -service [?]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-3-30 54752]
R2 StarWindServiceAE;StarWind AE Service;c:program filesalcohol softalcohol 120starwindStarWindServiceAE.exe [2009-12-23 370688]
R3 BBUpdate;BBUpdate;c:program filesmicrosoftbingbar7.1.391.0SeaPort.EXE [2012-6-11 240208]
S2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2013avgidsagent.exe [2012-11-15 5814904]
S2 BBSvc;BingBar Service;c:program filesmicrosoftbingbar7.1.391.0BBSvc.EXE [2012-6-11 193616]
S2 Ca533av;Icatch(IV) Video Camera Device;c:windowssystem32driversCa533av.sys [2009-8-14 515803]
S3 cpuz132;cpuz132;??c:docume~1rhondalocals~1tempcpuz132cpuz132_x32.sys --> c:docume~1rhondalocals~1tempcpuz132cpuz132_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:windowssystem32DNINDIS5.sys [2009-3-29 17149]
S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2009-8-5 704864]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2010-8-12 1737728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program fileslavasoftad-awarekernexplorer.sys [2010-8-12 15232]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:windowssystem32driversOlyCamComm.sys [2010-4-25 21648]
S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2010-2-17 12872]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:progra~1mi1933~1officeFRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-02-13 20:18:10 522240 -c----w- c:windowssystem32dllcachejsdbgui.dll
2013-02-13 20:13:55 3072 -c----w- c:windowssystem32dllcacheiacenc.dll
2013-02-13 20:13:55 3072 ------w- c:windowssystem32iacenc.dll
2013-02-13 20:08:37 15384 ----a-w- c:windowssystem32wuapi.dll.mui
2013-02-02 20:29:55 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll
2013-01-26 03:55:44 552448 -c----w- c:windowssystem32dllcacheoleaut32.dll
2013-01-22 18:11:23 -------- d-----w- c:documents and settingsall usersapplication dataAVG January 2013 Campaign
.
==================== Find3M ====================
.
2013-02-02 20:29:42 861088 ----a-w- c:windowssystem32npdeployJava1.dll
2013-02-02 20:29:42 782240 -c--a-w- c:windowssystem32deployJava1.dll
2013-02-02 20:29:42 143872 ----a-w- c:windowssystem32javacpl.cpl
2013-01-26 03:55:44 552448 ----a-w- c:windowssystem32oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:windowssystem32ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:windowssystem32win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:windowssystem32mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:windowssystem32quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:windowssystem32wininet.dll
2012-12-26 20:16:28 43520 ----a-w- c:windowssystem32licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:windowssystem32inetcpl.cpl
2012-12-24 06:40:59 385024 ----a-w- c:windowssystem32html.iec
2012-12-16 12:23:59 290560 ----a-w- c:windowssystem32atmfd.dll
.
============= FINISH: 20:46:19.51 ===============
Attach (DDS) log:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 3/29/2009 5:30:35 PM
System Uptime: 2/16/2013 10:35:11 PM (22 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz | Socket 775 | 1596/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 129.426 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP296: 11/20/2012 1:27:42 AM - System Checkpoint
RP297: 11/21/2012 2:48:33 PM - System Checkpoint
RP298: 11/23/2012 1:32:17 AM - System Checkpoint
RP299: 11/24/2012 3:13:02 PM - System Checkpoint
RP300: 11/25/2012 3:37:30 PM - System Checkpoint
RP301: 11/26/2012 4:56:06 PM - System Checkpoint
RP302: 11/28/2012 1:45:05 PM - System Checkpoint
RP303: 11/30/2012 4:44:00 AM - System Checkpoint
RP304: 12/1/2012 4:50:05 AM - System Checkpoint
RP305: 12/2/2012 7:00:24 PM - System Checkpoint
RP306: 12/3/2012 11:25:26 PM - System Checkpoint
RP307: 12/4/2012 11:45:08 PM - System Checkpoint
RP308: 12/7/2012 2:22:20 PM - System Checkpoint
RP309: 12/8/2012 5:20:31 PM - System Checkpoint
RP310: 12/9/2012 8:30:16 PM - System Checkpoint
RP311: 12/10/2012 8:39:40 PM - System Checkpoint
RP312: 12/11/2012 10:27:57 PM - System Checkpoint
RP313: 12/13/2012 2:09:17 AM - System Checkpoint
RP314: 12/13/2012 5:56:38 PM - Installed AVG 2013
RP315: 12/13/2012 5:57:35 PM - Installed AVG 2013
RP316: 12/14/2012 9:30:17 PM - System Checkpoint
RP317: 12/16/2012 1:52:57 AM - System Checkpoint
RP318: 12/17/2012 3:43:35 PM - System Checkpoint
RP319: 12/19/2012 8:06:54 AM - System Checkpoint
RP320: 12/20/2012 4:56:16 PM - System Checkpoint
RP321: 12/21/2012 8:42:37 PM - System Checkpoint
RP322: 12/22/2012 8:51:16 PM - System Checkpoint
RP323: 12/23/2012 9:50:24 PM - System Checkpoint
RP324: 12/25/2012 1:26:51 AM - System Checkpoint
RP325: 12/26/2012 2:29:56 AM - System Checkpoint
RP326: 12/27/2012 9:36:43 AM - System Checkpoint
RP327: 12/28/2012 8:18:33 PM - System Checkpoint
RP328: 12/30/2012 4:41:05 PM - System Checkpoint
RP329: 12/31/2012 6:10:39 PM - System Checkpoint
RP330: 1/1/2013 6:49:41 PM - System Checkpoint
RP331: 1/3/2013 12:44:03 AM - System Checkpoint
RP332: 1/4/2013 1:19:43 AM - System Checkpoint
RP333: 1/5/2013 3:07:14 AM - System Checkpoint
RP334: 1/6/2013 7:42:06 PM - System Checkpoint
RP335: 1/8/2013 8:01:48 AM - System Checkpoint
RP336: 1/9/2013 8:48:27 AM - System Checkpoint
RP337: 1/10/2013 8:15:19 PM - System Checkpoint
RP338: 1/11/2013 8:23:43 PM - System Checkpoint
RP339: 1/12/2013 8:56:56 PM - System Checkpoint
RP340: 1/14/2013 6:39:43 AM - System Checkpoint
RP341: 1/15/2013 6:50:50 AM - System Checkpoint
RP342: 1/15/2013 6:36:59 PM - Removed Java 6 Update 37
RP343: 1/15/2013 6:37:41 PM - Installed Java 7 Update 11
RP344: 1/16/2013 7:04:23 PM - System Checkpoint
RP345: 1/19/2013 6:33:24 PM - System Checkpoint
RP346: 1/20/2013 11:45:23 PM - System Checkpoint
RP347: 1/22/2013 1:56:21 PM - System Checkpoint
RP348: 1/23/2013 6:59:56 PM - System Checkpoint
RP349: 1/25/2013 5:09:13 PM - System Checkpoint
RP350: 1/26/2013 5:14:48 PM - System Checkpoint
RP351: 1/27/2013 5:19:10 PM - System Checkpoint
RP352: 1/28/2013 5:59:56 PM - System Checkpoint
RP353: 1/29/2013 7:42:50 PM - System Checkpoint
RP354: 1/30/2013 8:37:12 PM - System Checkpoint
RP355: 1/31/2013 8:52:13 PM - System Checkpoint
RP356: 2/2/2013 12:04:37 PM - System Checkpoint
RP357: 2/2/2013 3:29:05 PM - Removed Java 7 Update 11
RP358: 2/3/2013 3:44:27 PM - System Checkpoint
RP359: 2/5/2013 2:52:54 PM - System Checkpoint
RP360: 2/7/2013 12:15:02 PM - System Checkpoint
RP361: 2/8/2013 12:50:22 PM - System Checkpoint
RP362: 2/9/2013 12:55:42 PM - System Checkpoint
RP363: 2/10/2013 10:39:25 PM - System Checkpoint
RP364: 2/11/2013 10:46:16 PM - System Checkpoint
RP365: 2/13/2013 12:19:03 AM - System Checkpoint
RP366: 2/13/2013 3:19:30 PM - Software Distribution Service 3.0
RP367: 2/14/2013 7:25:49 PM - System Checkpoint
RP368: 2/15/2013 10:28:17 PM - System Checkpoint
RP369: 2/17/2013 12:05:01 AM - System Checkpoint
.
==== Installed Programs ======================
.
50 FREE MP3s +1 Free Audiobook!
7-Zip 4.65
AC3Filter (remove only)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Aiseesoft Total Media Converter
Aiseesoft Total Video Converter
Ant Movie Catalog
Any Video Converter 3.0.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Artisan DVD/DivX Player
Ask Toolbar
Ask Toolbar Updater
Avant Browser (remove only)
AVG 2011
AVG 2012
AVG 2013
AVG PC Tuneup 2011
Bing Bar
blinkx beat
Bonjour
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Command & Conquer Tiberian Sun
Conexant D850 56K V.9x DFVc Modem
ConvertXtoDVD 4.1.19.365
Coupon Printer for Windows
CueClub
Dell Driver Download Manager
Dell Resource CD
Digital Camera
Driver Whiz
DScaler 5 Mpeg Decoders
DVD Shrink 3.2
Facebook Plug-In
File Uploader
FLVPlayer4Free Free FLV Player 3.8.0.0
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.7
FrostWire 4.20.9
Google Chrome
Google Chrome Frame
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Icatch(IV) Camera Driver
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.12.0
iTunes
Java 7 Update 13
Java Auto Updater
Java 6 Update 13
JDownloader
Junk Mail filter update
Last.fm Scrobbler 2.1.30
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
McAfee Security Scan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Monopoly v2.00.101 Crack - By Maggot Brain
Move Media Player
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Nikon Message Center
Nikon Transfer
OLYMPUS ib
Opera 10.51
Panda ActiveScan 2.0
Picture Control Utility
PowerDVD
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
Smilebox
SPCA533
Spybot - Search & Destroy
SpywareBlaster 4.6
SUPERAntiSpyware Free Edition
Texas Hold'em Poker (Trial version) 7.21
Texas Hold'em Poker 7.21
The Print Shop 2.0 Professional
Ultimate Reference Suite
Ultra MKV Converter 4.1.0213
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
ViewNX
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WebFldrs XP
Westwood Shared Internet Components
Winamp
Winamp Detector Plug-in
Winamp Toolbar
WinAVI Video Converter 9.0
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World's Best Board Games
Xvid 1.2.1 final uninstall
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/16/2013 7:04:41 AM, error: Service Control Manager [7034] - The BBUpdate service terminated unexpectedly. It has done this 1 time(s).
2/13/2013 3:59:46 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/10/2013 9:55:28 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
2/10/2013 9:55:28 PM, error: Service Control Manager [7000] - The Icatch(IV) Video Camera Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
aswMBR log:
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-02-17 21:03:42
-----------------------------
21:03:42.343 OS Version: Windows 5.1.2600 Service Pack 3
21:03:42.359 Number of processors: 2 586 0xF0D
21:03:42.359 ComputerName: RHONDA-B9EC1361 UserName: Rhonda
21:03:42.937 Initialize success
21:06:42.953 AVAST engine defs: 13021702
21:07:57.828 Disk 0 (boot) DeviceHarddisk0DR0 -> DeviceIdeIdeDeviceP0T0L0-3
21:07:57.828 Disk 0 Vendor: ST3250310AS 3.ADA Size: 238418MB BusType: 3
21:07:57.843 Disk 0 MBR read successfully
21:07:57.843 Disk 0 MBR scan
21:07:57.875 Disk 0 Windows XP default MBR code
21:07:57.875 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238409 MB offset 63
21:07:57.890 Disk 0 scanning sectors +488263545
21:07:57.953 Disk 0 scanning C:WINDOWSsystem32drivers
21:08:09.453 Service scanning
21:08:30.906 Modules scanning
21:08:36.937 Disk 0 trace - called modules:
21:08:36.953 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:08:36.953 1 nt!IofCallDriver -> DeviceHarddisk0DR0[0x8a68dab8]
21:08:36.953 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> Device00000078[0x8a691650]
21:08:36.968 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> DeviceIdeIdeDeviceP0T0L0-3[0x8a69e940]
21:08:37.468 AVAST engine scan C:WINDOWS
21:08:44.296 AVAST engine scan C:WINDOWSsystem32
21:10:18.500 File: C:WINDOWSsystem32ssblinkx.scr **INFECTED** Win32:Dropper-gen [Drp]
21:11:26.843 AVAST engine scan C:WINDOWSsystem32drivers
21:11:45.609 AVAST engine scan C:Documents and SettingsRhonda
21:27:46.578 AVAST engine scan C:Documents and SettingsAll Users
21:32:43.562 Scan finished successfully
21:34:36.468 Disk 0 MBR has been saved successfully to "C:Documents and SettingsRhondaDesktopMBR.dat"
21:34:36.468 The log file has been saved successfully to "C:Documents and SettingsRhondaDesktopaswMBR.txt"
Link to comment
Share on other sites

Hello rocknblues81

Thank you for the logs.

Lets begin with the following.

  • [*]
P2P Programs:
  • [*]P2P programs are a major source of Malware infections. [*]From your log I see you have
FrostWire 4.20.9. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections. [*]The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them. [*]If you wish to keep the program(s), please do not use them until your computer is cleaned. [*]Information regarding the risk of using these programs can be found from here and here. [*]It is strongly recommend that you uninstall any P2P programs you have on your system. [*]To do this, Click on "Start" then on "Control Panel" and then on "Add or remove programs". [*]A list of currently installed programs will be displayed. [*]Find the "FrostWire 4.20.9" program, click on it once and then click on the "Remove" button. [*]If you are prompted to re-boot your computer to complete the uninstall please do so.


PLEASE NOTE: [*]Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.


You appear to have the free version of AVG Anti-Virus 2013 on your machine and also AVG Internet Security 2012, which you are using as a firewall and an even older version of the same program (AVG 2011). It would be far better to rely on just AVG 2013 alone and remove your outdated versions of AVG.

Please uninstall the older versions of AVG along with the Ask Toolbar.
[*]Combofix

  • [*]Download
ComboFix from one of the following locations:

Link 1
Link 2

  • [*]VERY IMPORTANT !!! Save ComboFix.exe to your
Desktop

  • [*]IMPORTANT -
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here . [*]Double click on ComboFix.exe & follow the prompts.

  • [*]As part of it's process,
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. [*]Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • [*]Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • [*]
Click on Yes, to continue scanning for malware. [*]When finished, it shall produce a log for you. Please include the C:ComboFix.txt in your next reply. [*]Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall. [*]Do not "re-run" Combofix. If you have a problem, reply back for further instructions. [*]Should there be issues with internet afterward:

In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Post the Combofix log in your next reply.

 

Link to comment
Share on other sites

ComboFix 13-02-18.01 - Rhonda 02/18/2013 5:31.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1264 [GMT -5:00]
Running from: c:documents and settingsRhondaDesktopComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsAll UsersApplication DataTEMP
c:documents and settingsAll UsersApplication DataTEMP{889C6F39-241F-4119-8026-1B2F4A124839}PostBuild.exe
c:documents and settingsAll UsersApplication DataTEMP{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}PostBuild.exe
c:documents and settingsAll UsersApplication DataTEMP0B4227B4.TMP
c:documents and settingsRhondaApplication Datavso_ts_preview.xml
C:java.exe
c:program filesBlinkx
c:program filesBlinkxblinkx.ico
c:program filesBlinkxblinkxss.exe
c:program filesBlinkxblinkxstop.exe
c:program filesBlinkxlang.dll
c:program filesBlinkxtemplatesbeat.ico
c:program filesBlinkxtemplatesindex.html
c:program filesBlinkxtemplatesnoflash.html
c:program filesBlinkxtemplatesoffline.html
c:program filesBlinkxtemplatesoffline.swf
c:program filesBlinkxtemplatesuninstall.exe
c:windowssystem32URTTemp
c:windowssystem32URTTempfusion.dll
c:windowssystem32URTTempmscoree.dll
c:windowssystem32URTTempmscoree.dll.local
c:windowssystem32URTTempmscorsn.dll
c:windowssystem32URTTempmscorwks.dll
c:windowssystem32URTTempmsvcr71.dll
c:windowssystem32URTTempregtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
.
.
2013-02-18 10:16 . 2013-02-18 10:16 -------- d-----w- c:windowsLastGood
2013-02-18 10:15 . 2013-02-18 10:15 -------- d-----w- C:$AVG
2013-02-13 20:18 . 2012-12-26 20:16 522240 -c----w- c:windowssystem32dllcachejsdbgui.dll
2013-02-13 20:13 . 2012-01-11 19:06 3072 -c----w- c:windowssystem32dllcacheiacenc.dll
2013-02-13 20:13 . 2012-01-11 19:06 3072 ------w- c:windowssystem32iacenc.dll
2013-02-13 20:08 . 2012-06-02 20:19 15384 ----a-w- c:windowssystem32wuapi.dll.mui
2013-02-02 20:29 . 2013-02-02 20:29 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll
2013-01-26 03:55 . 2013-01-26 03:55 552448 -c----w- c:windowssystem32dllcacheoleaut32.dll
2013-01-22 18:11 . 2013-01-22 18:13 -------- d-----w- c:documents and settingsAll UsersApplication DataAVG January 2013 Campaign
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 20:29 . 2012-06-16 19:29 861088 ----a-w- c:windowssystem32npdeployJava1.dll
2013-02-02 20:29 . 2010-10-16 06:48 782240 -c--a-w- c:windowssystem32deployJava1.dll
2013-02-02 20:29 . 2009-04-02 01:36 143872 ----a-w- c:windowssystem32javacpl.cpl
2013-01-26 03:55 . 2004-08-04 12:00 552448 ----a-w- c:windowssystem32oleaut32.dll
2013-01-07 01:19 . 2004-08-04 12:00 2148864 ----a-w- c:windowssystem32ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00 1867264 ----a-w- c:windowssystem32win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00 148992 ----a-w- c:windowssystem32mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00 1292288 ----a-w- c:windowssystem32quartz.dll
2012-12-26 20:16 . 2004-08-04 12:00 916480 ----a-w- c:windowssystem32wininet.dll
2012-12-26 20:16 . 2004-08-04 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll
2012-12-26 20:16 . 2004-08-04 12:00 1469440 ------w- c:windowssystem32inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 12:00 385024 ----a-w- c:windowssystem32html.iec
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2007-11-07 05:19 . 2010-09-09 05:52 568832 -c--a-w- c:program filesoperaprogrampluginsmsvcp90.dll
2007-11-07 05:19 . 2010-09-09 05:52 655872 -c--a-w- c:program filesoperaprogrampluginsmsvcr90.dll
2013-02-06 11:31 . 2013-02-06 11:30 262552 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
"{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}"= "c:program filesWinamp Toolbarwinamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch]
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesAheadLibNMBgMonitor.exe" [2008-01-22 152872]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-12-28 39408]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-02 16851456]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2007-04-16 142104]
"Persistence"="c:windowssystem32igfxpers.exe" [2007-04-16 138008]
"MDS_Menu"="c:program filesOlympusibMUITransferMUIStartMenu.exe" [2009-05-20 222504]
"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2009-03-17 767312]
"Nikon Transfer Monitor"="c:program filesCommon FilesNikonMonitorNkMonitor.exe" [2008-09-30 485208]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes Anti-Malware (reboot)"="c:program filesMalwarebytes' Anti-Malwarembam.exe" [2009-09-10 1312080]
"TkBellExe"="c:program filesRealRealPlayerupdaterealsched.exe" [2012-01-26 296056]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2012-07-03 252848]
"AVG_UI"="c:program filesAVGAVG2013avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
.
c:documents and settingsAll UsersStart MenuProgramsStartup
Windows Search.lnk - c:program filesWindows Desktop SearchWindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2012-03-02 113024]
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0lsdelete0c:progra~1AVGAVG2013avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2012-12-03 07:35 946352 -c--a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAVG_TRAY]
2011-09-10 10:28 2338656 -c--a-w- c:program filesAVGAVG10avgtray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2011-08-19 05:07 421736 -c--a-w- c:program filesiTunesiTunesHelper.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes Anti-Malware (reboot)]
2009-09-10 18:53 1312080 -c--a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-05-28 11:27 570664 -c--a-w- c:program filesCommon FilesAheadLibNeroCheck.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2011-07-05 22:36 421888 -c--a-w- c:program filesQuickTimeQTTask.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
2003-10-31 23:42 32768 -c--a-w- c:program filesCyberLinkPowerDVDPDVDServ.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
2009-01-26 19:31 2144088 -csha-r- c:program filesSpybot - Search & DestroyTeaTimer.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]
2013-01-26 11:41 4763008 ----a-w- c:program filesSUPERAntiSpywareSUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
2010-12-28 11:56 39408 ----a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
2012-01-26 10:11 296056 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesWindows LiveMessengerwlcsdk.exe"=
"c:Program FilesFrostWireFrostWire.exe"=
"c:Program FilesYahoo!MessengerYahooMessenger.exe"=
"c:WINDOWSsystem32dlcxcoms.exe"=
"c:Program FilesOperaopera.exe"=
"c:WINDOWSNetwork Diagnosticxpnetdiag.exe"=
"c:Program FilesWindows LiveMessengermsnmsgr.exe"=
"c:Program FilesWindows LiveSyncWindowsLiveSync.exe"=
"c:Program FilesCommon FilesAheadNero WebSetupX.exe"=
"c:Program FilesGoogleGoogle Earthplugingeplugin.exe"=
"c:Program FilesAVGAVG10avgmfapx.exe"=
"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Program FilesiTunesiTunes.exe"=
"c:Program FilesAVGAVG10avgdiagex.exe"=
"c:Program FilesAVGAVG10avgnsx.exe"=
"c:Program FilesAVGAVG10avgemcx.exe"=
"c:Program FilesAVGAVG2013avgnsx.exe"=
"c:Program FilesAVGAVG2013avgdiagex.exe"=
"c:Program FilesAVGAVG2013avgmfapx.exe"=
.
R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [9/14/2012 3:05 AM 35552]
R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [9/9/2010 10:52 AM 64288]
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [10/29/2009 1:59 PM 28552]
R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [10/22/2012 1:02 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [9/21/2012 3:45 AM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [10/2/2012 3:30 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [9/21/2012 3:46 AM 164832]
R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2/17/2010 10:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [2/17/2010 10:15 AM 67664]
R2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE.EXE [7/22/2010 4:10 PM 116608]
R2 avgwd;AVG WatchDog;c:program filesAVGAVG2013avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 dlcx_device;dlcx_device;c:windowssystem32dlcxcoms.exe -service --> c:windowssystem32dlcxcoms.exe -service [?]
R3 BBUpdate;BBUpdate;c:program filesMicrosoftBingBar7.1.391.0SeaPort.EXE [6/11/2012 3:22 PM 240208]
R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [8/16/2010 1:35 AM 47360]
S0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [10/15/2012 3:48 AM 55776]
S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2013avgidsagent.exe [11/15/2012 11:34 PM 5814904]
S2 BBSvc;BingBar Service;c:program filesMicrosoftBingBar7.1.391.0BBSvc.EXE [6/11/2012 3:22 PM 193616]
S2 Ca533av;Icatch(IV) Video Camera Device;c:windowssystem32driversCa533av.sys [8/14/2009 3:40 PM 515803]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:windowssystem32DNINDIS5.sys [3/29/2009 4:42 PM 17149]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program filesLavasoftAd-AwareAAWService.exe [8/12/2010 7:15 AM 1737728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program filesLavasoftAd-Awarekernexplorer.sys [8/12/2010 7:15 AM 15232]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:windowssystem32driversOlyCamComm.sys [4/25/2010 7:18 AM 21648]
S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [2/17/2010 10:15 AM 12872]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [12/15/2011 3:03 AM 436792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGIDSAGENT
*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGLOGX
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGWD
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 11:38 1607120 ----a-w- c:program filesGoogleChromeApplication24.0.1312.57Installerchrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-17 c:windowsTasksAd-Aware Update (Weekly).job
- c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2010-08-12 07:40]
.
2013-02-14 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 21:57]
.
2013-02-18 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-04 19:20]
.
2013-02-18 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-04 19:20]
.
2013-02-18 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1078081533-1085031214-839522115-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2011-11-29 21:02]
.
2013-02-03 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1078081533-1085031214-839522115-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2011-11-29 21:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Winamp Search - c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: Free YouTube to Mp3 Converter - c:documents and settingsRhondaApplication DataDVDVideoSoftIEHelpersyoutubetomp3.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces{E976E438-CF57-4591-9737-4C85782733FC}: NameServer = 192.168.1.1
FF - ProfilePath - c:documents and settingsRhondaApplication DataMozillaFirefoxProfilesbbvc4ame.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111703320353&tb_oid=05-07-2010&tb_mrud=15-01-2013&query=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2345972&SearchSource=13
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - ExtSQL: !HIDDEN! 2009-09-01 21:26; {20a82645-c095-46ed-80e3-08825760534b}; c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-07-01 23:58; {3112ca9c-de6d-4884-a869-9855de68056c}; c:documents and settingsAll UsersApplication DataGoogleToolbar for Firefox{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: yahoo.homepage.dontask - true
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:program filesConduitEngineprxConduitEngine.dll
BHO-{707db484-2428-402d-afb5-d85b387544c7} - c:program filesMario_ForeverprxtbMar0.dll
Toolbar-{707db484-2428-402d-afb5-d85b387544c7} - c:program filesMario_ForeverprxtbMar0.dll
MSConfigStartUp-COMODO - c:program filesCOMODOCOMODO GeekBuddyCLPSLA.exe
AddRemove-blinkx beat - c:program filesBlinkxtemplatesuninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-18 05:37
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERSS-1-5-21-1078081533-1085031214-839522115-1003SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b0,ac,bd,91,3a,3f,31,da,da,87,8e,3b,fc,19,61,d4,32,eb,cb,b5,9b,a7,6c,
8b,32,9f,ff,ab,3f,1b,ad,b3,c3,01,e3,17,09,51,7a,27,8a,d1,b4,dd,70,36,54,19,
"??"=hex:50,4d,cb,9e,30,8c,b1,49,59,cc,fa,8f,66,50,b1,e0
.
Completion time: 2013-02-18 05:39:27
ComboFix-quarantined-files.txt 2013-02-18 10:39
.
Pre-Run: 138,617,946,112 bytes free
Post-Run: 139,315,884,032 bytes free
.
- - End Of File - - 9DE5D75B767B1E40F622D0110133F19A
It's still saying that AVG 2012 is still installed.. But when I tried to delete my old AVG's it removed AVG 2013 and I just had to install it again. So I'm a bit confused.
Link to comment
Share on other sites

Hello rocknblues81

 

Thank you for the log.

It's still saying that AVG 2012 is still installed.. But when I tried to delete my old AVG's it removed AVG 2013 and I just had to install it again. So I'm a bit confused.

Does AVG 2012 still show up in your list of installed programs?

 

Lets take a closer look at that aswMBR detection:

[*]Please scan the following file

[*]Please go to VirusTotal

[*]On the page you'll find a "Choose File" button.

[*]Click on the Choose File button.

[*]In the File Upload window which opens, copy and paste this into the File Name box.

[*]C:WINDOWSsystem32ssblinkx.scr

[*]Next, click the Open button.

[*]Then click the "Scan it" button just below.

[*]This will scan the file. Please be patient.

[*]If you get a message saying File has already been analyzed: click Reanalyze file now.

[*]Once scanned, copy and paste the link to the results page in your next reply.

Link to comment
Share on other sites

Hello rocknblues81

Nope. No under add/remove programs

It sounds as though the program is still registered with the WMI.

Please work your way through the following steps:

  • [*]
Please work through the following steps
  • [*]Open
Notepad (Click on "Start", then on "Run" and type "notepad" (without quotations) in the Open field, then click on "OK"). [*]NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail. [*]Copy and Paste the text in the quotebox below into the open Notepad window:

SecCenter::
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

File::
C:WINDOWSsystem32ssblinkx.scr

[*]Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop. [*]Close any open browsers. [*]Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. [*]Refering to the picture below, drag CFScript.txt into ComboFix.exe

Posted Image
[*]When finished, it shall produce a log for you at C:ComboFix.txt which I will require in your next reply. [*]Once the log is produced, re-engage your resident anti virus.

[*]Junkware Removal Tool

Please download Junkware Removal Tool by clicking here and save it to your desktop.

  • [*]Shutdown your antivirus to avoid any conflicts. [*]Double click
JRT.exe to run the tool. [*]The tool will open and start scanning your system. [*]Please be patient as this can take a while to complete. [*]On completion, a log (JRT.txt) is saved to your desktop and will automatically open. [*]Post the contents of JRT.txt into your next message.

Post the Combofix log and the Junkware Removal Tool log in your next reply.

 

Link to comment
Share on other sites

ComboFix 13-02-18.01 - Rhonda 02/19/2013 16:55:25.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1287 [GMT -5:00]
Running from: c:documents and settingsRhondaDesktopComboFix.exe
Command switches used :: c:documents and settingsRhondaDesktopCFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
FILE ::
"c:windowssystem32ssblinkx.scr"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:documents and settingsAll UsersApplication DataTEMP
c:documents and settingsRhondaApplication Datavso_ts_preview.xml
c:windowssystem32ssblinkx.scr
.
.
((((((((((((((((((((((((( Files Created from 2013-01-19 to 2013-02-19 )))))))))))))))))))))))))))))))
.
.
2013-02-19 13:36 . 2013-02-19 13:36 9310 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCTEXTBOX.JS
2013-02-19 13:36 . 2013-02-19 13:36 8646 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCTILEBOX.JS
2013-02-19 13:36 . 2013-02-19 13:36 6429 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCUICORE.JS
2013-02-19 13:36 . 2013-02-19 13:36 63115 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCUSERTILE.JS
2013-02-19 13:36 . 2013-02-19 13:36 5927 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCTEXT.JS
2013-02-19 13:36 . 2013-02-19 13:36 4599 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCUIRESOURCE.JS
2013-02-19 13:36 . 2013-02-19 13:36 8613 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCSAVEDUSER.JS
2013-02-19 13:36 . 2013-02-19 13:36 6910 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCNEWUSERCOMM.JS
2013-02-19 13:36 . 2013-02-19 13:36 1651 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCQUERYSTRING.JS
2013-02-19 13:35 . 2013-02-19 13:35 18541 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCLOCALIZATION.JS
2013-02-19 13:35 . 2013-02-19 13:35 8288 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCIMAGE.JS
2013-02-19 13:35 . 2013-02-19 13:35 6208 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCLINK.JS
2013-02-19 13:35 . 2013-02-19 13:35 51852 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCEXTERNALWRAPPER.JS
2013-02-19 13:35 . 2013-02-19 13:35 20719 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCDIVWRAPPER.JS
2013-02-19 13:35 . 2013-02-19 13:35 8782 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCBUTTON.JS
2013-02-19 13:35 . 2013-02-19 13:35 7271 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCCHECKBOX.JS
2013-02-19 13:35 . 2013-02-19 13:35 23327 ----a-w- c:documents and settingsAll UsersApplication DataMicrosoftIdentityCRLproductiontempwlidui_WLIDSVCCOMBOBOX.JS
2013-02-18 10:15 . 2013-02-18 10:15 -------- d-----w- C:$AVG
2013-02-13 20:18 . 2012-12-26 20:16 522240 -c----w- c:windowssystem32dllcachejsdbgui.dll
2013-02-13 20:13 . 2012-01-11 19:06 3072 -c----w- c:windowssystem32dllcacheiacenc.dll
2013-02-13 20:13 . 2012-01-11 19:06 3072 ------w- c:windowssystem32iacenc.dll
2013-02-13 20:08 . 2012-06-02 20:19 15384 ----a-w- c:windowssystem32wuapi.dll.mui
2013-02-02 20:29 . 2013-02-02 20:29 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll
2013-01-26 03:55 . 2013-01-26 03:55 552448 -c----w- c:windowssystem32dllcacheoleaut32.dll
2013-01-22 18:11 . 2013-01-22 18:13 -------- d-----w- c:documents and settingsAll UsersApplication DataAVG January 2013 Campaign
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-02 20:29 . 2012-06-16 19:29 861088 ----a-w- c:windowssystem32npdeployJava1.dll
2013-02-02 20:29 . 2010-10-16 06:48 782240 -c--a-w- c:windowssystem32deployJava1.dll
2013-02-02 20:29 . 2009-04-02 01:36 143872 ----a-w- c:windowssystem32javacpl.cpl
2013-01-26 03:55 . 2004-08-04 12:00 552448 ----a-w- c:windowssystem32oleaut32.dll
2013-01-07 01:19 . 2004-08-04 12:00 2148864 ----a-w- c:windowssystem32ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59 2027520 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-04 12:00 1867264 ----a-w- c:windowssystem32win32k.sys
2013-01-02 06:49 . 2004-08-04 12:00 148992 ----a-w- c:windowssystem32mpg2splt.ax
2013-01-02 06:49 . 2004-08-04 12:00 1292288 ----a-w- c:windowssystem32quartz.dll
2012-12-26 20:16 . 2004-08-04 12:00 916480 ----a-w- c:windowssystem32wininet.dll
2012-12-26 20:16 . 2004-08-04 12:00 43520 ----a-w- c:windowssystem32licmgr10.dll
2012-12-26 20:16 . 2004-08-04 12:00 1469440 ------w- c:windowssystem32inetcpl.cpl
2012-12-24 06:40 . 2004-08-04 12:00 385024 ----a-w- c:windowssystem32html.iec
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:windowssystem32atmfd.dll
2007-11-07 05:19 . 2010-09-09 05:52 568832 -c--a-w- c:program filesoperaprogrampluginsmsvcp90.dll
2007-11-07 05:19 . 2010-09-09 05:52 655872 -c--a-w- c:program filesoperaprogrampluginsmsvcr90.dll
2013-02-06 11:31 . 2013-02-06 11:30 262552 ----a-w- c:program filesmozilla firefoxcomponentsbrowsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
"{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}"= "c:program filesWinamp Toolbarwinamptb.dll" [2009-05-06 1262888]
.
[HKEY_CLASSES_ROOTclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOTTypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOTWINAMPTB.AOLTBSearch]
.
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesAheadLibNMBgMonitor.exe" [2008-01-22 152872]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2010-12-28 39408]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-02 16851456]
"IgfxTray"="c:windowssystem32igfxtray.exe" [2007-04-16 142104]
"Persistence"="c:windowssystem32igfxpers.exe" [2007-04-16 138008]
"MDS_Menu"="c:program filesOlympusibMUITransferMUIStartMenu.exe" [2009-05-20 222504]
"CanonMyPrinter"="c:program filesCanonMyPrinterBJMyPrt.exe" [2009-07-26 1983816]
"CanonSolutionMenu"="c:program filesCanonSolutionMenuCNSLMAIN.exe" [2009-03-17 767312]
"Nikon Transfer Monitor"="c:program filesCommon FilesNikonMonitorNkMonitor.exe" [2008-09-30 485208]
"AppleSyncNotifier"="c:program filesCommon FilesAppleMobile Device SupportAppleSyncNotifier.exe" [2010-12-14 47904]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2012-12-03 946352]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2011-07-05 421888]
"iTunesHelper"="c:program filesiTunesiTunesHelper.exe" [2011-08-19 421736]
"Malwarebytes Anti-Malware (reboot)"="c:program filesMalwarebytes' Anti-Malwarembam.exe" [2009-09-10 1312080]
"TkBellExe"="c:program filesRealRealPlayerupdaterealsched.exe" [2012-01-26 296056]
"SunJavaUpdateSched"="c:program filesCommon FilesJavaJava Updatejusched.exe" [2012-07-03 252848]
"AVG_UI"="c:program filesAVGAVG2013avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunOnce]
.
c:documents and settingsAll UsersStart MenuProgramsStartup
Windows Search.lnk - c:program filesWindows Desktop SearchWindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:program filesWindows Desktop SearchMSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:program filesSUPERAntiSpywareSASSEH.DLL" [2012-03-02 113024]
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk *0lsdelete0c:progra~1AVGAVG2013avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrollsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimal!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalLavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAdobe ARM]
2012-12-03 07:35 946352 -c--a-w- c:program filesCommon FilesAdobeARM1.0AdobeARM.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregAVG_TRAY]
2011-09-10 10:28 2338656 -c--a-w- c:program filesAVGAVG10avgtray.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2011-08-19 05:07 421736 -c--a-w- c:program filesiTunesiTunesHelper.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMalwarebytes Anti-Malware (reboot)]
2009-09-10 18:53 1312080 -c--a-w- c:program filesMalwarebytes' Anti-Malwarembam.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregNeroFilterCheck]
2008-05-28 11:27 570664 -c--a-w- c:program filesCommon FilesAheadLibNeroCheck.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregQuickTime Task]
2011-07-05 22:36 421888 -c--a-w- c:program filesQuickTimeQTTask.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregRemoteControl]
2003-10-31 23:42 32768 -c--a-w- c:program filesCyberLinkPowerDVDPDVDServ.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSpybotSD TeaTimer]
2009-01-26 19:31 2144088 -csha-r- c:program filesSpybot - Search & DestroyTeaTimer.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSunJavaUpdateSched]
2012-07-03 14:04 252848 ----a-w- c:program filesCommon FilesJavaJava Updatejusched.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSUPERAntiSpyware]
2013-01-26 11:41 4763008 ----a-w- c:program filesSUPERAntiSpywareSUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregswg]
2010-12-28 11:56 39408 ----a-w- c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregTkBellExe]
2012-01-26 10:11 296056 ----a-w- c:program filesRealRealPlayerUpdaterealsched.exe
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%system32sessmgr.exe"=
"c:Program FilesWindows LiveMessengerwlcsdk.exe"=
"c:Program FilesFrostWireFrostWire.exe"=
"c:Program FilesYahoo!MessengerYahooMessenger.exe"=
"c:WINDOWSsystem32dlcxcoms.exe"=
"c:Program FilesOperaopera.exe"=
"c:WINDOWSNetwork Diagnosticxpnetdiag.exe"=
"c:Program FilesWindows LiveMessengermsnmsgr.exe"=
"c:Program FilesWindows LiveSyncWindowsLiveSync.exe"=
"c:Program FilesCommon FilesAheadNero WebSetupX.exe"=
"c:Program FilesGoogleGoogle Earthplugingeplugin.exe"=
"c:Program FilesAVGAVG10avgmfapx.exe"=
"c:Program FilesCommon FilesAppleApple Application SupportWebKit2WebProcess.exe"=
"c:Program FilesBonjourmDNSResponder.exe"=
"c:Program FilesiTunesiTunes.exe"=
"c:Program FilesAVGAVG10avgdiagex.exe"=
"c:Program FilesAVGAVG10avgnsx.exe"=
"c:Program FilesAVGAVG10avgemcx.exe"=
"c:Program FilesAVGAVG2013avgnsx.exe"=
"c:Program FilesAVGAVG2013avgdiagex.exe"=
"c:Program FilesAVGAVG2013avgmfapx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [10/15/2012 3:48 AM 55776]
R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [9/21/2012 3:46 AM 177376]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [9/14/2012 3:05 AM 35552]
R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [9/9/2010 10:52 AM 64288]
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [10/29/2009 1:59 PM 28552]
R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [10/22/2012 1:02 PM 179936]
R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [9/21/2012 3:45 AM 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [10/2/2012 3:30 AM 159712]
R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [9/21/2012 3:46 AM 164832]
R1 SASDIFSV;SASDIFSV;c:program filesSUPERAntiSpywareSASDIFSV.SYS [2/17/2010 10:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:program filesSUPERAntiSpywareSASKUTIL.SYS [2/17/2010 10:15 AM 67664]
R2 !SASCORE;SAS Core Service;c:program filesSUPERAntiSpywareSASCORE.EXE [7/22/2010 4:10 PM 116608]
R2 avgwd;AVG WatchDog;c:program filesAVGAVG2013avgwdsvc.exe [10/22/2012 1:05 PM 196664]
R2 dlcx_device;dlcx_device;c:windowssystem32dlcxcoms.exe -service --> c:windowssystem32dlcxcoms.exe -service [?]
R3 BBUpdate;BBUpdate;c:program filesMicrosoftBingBar7.1.391.0SeaPort.EXE [6/11/2012 3:22 PM 240208]
R3 pcouffin;VSO Software pcouffin;c:windowssystem32driverspcouffin.sys [8/16/2010 1:35 AM 47360]
S2 AVGIDSAgent;AVGIDSAgent;c:program filesAVGAVG2013avgidsagent.exe [11/15/2012 11:34 PM 5814904]
S2 BBSvc;BingBar Service;c:program filesMicrosoftBingBar7.1.391.0BBSvc.EXE [6/11/2012 3:22 PM 193616]
S2 Ca533av;Icatch(IV) Video Camera Device;c:windowssystem32driversCa533av.sys [8/14/2009 3:40 PM 515803]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:windowssystem32DNINDIS5.sys [3/29/2009 4:42 PM 17149]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program filesLavasoftAd-AwareAAWService.exe [8/12/2010 7:15 AM 1737728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program filesLavasoftAd-Awarekernexplorer.sys [8/12/2010 7:15 AM 15232]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:windowssystem32driversOlyCamComm.sys [4/25/2010 7:18 AM 21648]
S3 SASENUM;SASENUM;c:program filesSUPERAntiSpywareSASENUM.SYS [2/17/2010 10:15 AM 12872]
S4 sptd;sptd;c:windowssystem32driverssptd.sys [12/15/2011 3:03 AM 436792]
.
[HKEY_LOCAL_MACHINEsoftwaremicrosoftactive setupinstalled components{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 11:38 1607120 ----a-w- c:program filesGoogleChromeApplication24.0.1312.57Installerchrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-17 c:windowsTasksAd-Aware Update (Weekly).job
- c:program filesLavasoftAd-AwareAd-AwareAdmin.exe [2010-08-12 07:40]
.
2013-02-14 c:windowsTasksAppleSoftwareUpdate.job
- c:program filesApple Software UpdateSoftwareUpdate.exe [2009-10-22 21:57]
.
2013-02-19 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-04 19:20]
.
2013-02-19 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2010-02-04 19:20]
.
2013-02-19 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-1078081533-1085031214-839522115-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2011-11-29 21:02]
.
2013-02-03 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-1078081533-1085031214-839522115-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2011-11-29 21:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: &Winamp Search - c:documents and settingsAll UsersApplication DataWinamp ToolbarieToolbarresourcesen-USlocalsearch.html
IE: Free YouTube to Mp3 Converter - c:documents and settingsRhondaApplication DataDVDVideoSoftIEHelpersyoutubetomp3.htm
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces{E976E438-CF57-4591-9737-4C85782733FC}: NameServer = 192.168.1.1
FF - ProfilePath - c:documents and settingsRhondaApplication DataMozillaFirefoxProfilesbbvc4ame.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111703320353&tb_oid=05-07-2010&tb_mrud=15-01-2013&query=
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2345972&SearchSource=13
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - ExtSQL: !HIDDEN! 2009-09-01 21:26; {20a82645-c095-46ed-80e3-08825760534b}; c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-07-01 23:58; {3112ca9c-de6d-4884-a869-9855de68056c}; c:documents and settingsAll UsersApplication DataGoogleToolbar for Firefox{3112ca9c-de6d-4884-a869-9855de68056c}
FF - user.js: yahoo.homepage.dontask - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-19 17:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERSS-1-5-21-1078081533-1085031214-839522115-1003SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:b0,ac,bd,91,3a,3f,31,da,da,87,8e,3b,fc,19,61,d4,32,eb,cb,b5,9b,a7,6c,
8b,32,9f,ff,ab,3f,1b,ad,b3,c3,01,e3,17,09,51,7a,27,8a,d1,b4,dd,70,36,54,19,
"??"=hex:50,4d,cb,9e,30,8c,b1,49,59,cc,fa,8f,66,50,b1,e0
.
Completion time: 2013-02-19 17:09:52
ComboFix-quarantined-files.txt 2013-02-19 22:09
ComboFix2.txt 2013-02-18 10:39
.
Pre-Run: 132,295,352,320 bytes free
Post-Run: 132,286,488,576 bytes free
.
- - End Of File - - 0F02E6B8C03C8BEC5B0B638BEBB6140E
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Rhonda on Tue 02/19/2013 at 17:19:36.00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_current_usersoftwaremicrosoftinternet explorerurlsearchhooks{57bca5fa-5dbb-45a2-b558-1755c3f6253b}
Successfully deleted: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorerurlsearchhooks{57bca5fa-5dbb-45a2-b558-1755c3f6253b}
Successfully deleted: [Registry Value] hkey_current_usersoftwaremicrosoftinternet explorertoolbarwebbrowser{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}
Successfully deleted: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorertoolbar{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}
Successfully deleted: [Registry Value] hkey_current_usersoftwaremicrosoftinternet explorerurlsearchhooks{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorertoolbar{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully repaired: [Registry Value] hkey_current_usersoftwaremicrosoftinternet explorersearchscopesDefaultScope
Successfully repaired: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopesDefaultScope
Successfully repaired: [Registry Value] hkey_users.defaultsoftwaremicrosoftinternet explorersearchscopesDefaultScope
Successfully repaired: [Registry Value] hkey_userss-1-5-18softwaremicrosoftinternet explorersearchscopesDefaultScope
Successfully repaired: [Registry Value] hkey_userss-1-5-19softwaremicrosoftinternet explorersearchscopesDefaultScope
Successfully repaired: [Registry Value] hkey_userss-1-5-20softwaremicrosoftinternet explorersearchscopesDefaultScope
Successfully repaired: [Registry Value] hkey_usersS-1-5-21-1078081533-1085031214-839522115-1003softwaremicrosoftinternet explorersearchscopesDefaultScope
Successfully repaired: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopes{0633ee93-d776-472f-a0ff-e1416b8b2e3a}DisplayName
Successfully repaired: [Registry Value] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopes{0633ee93-d776-472f-a0ff-e1416b8b2e3a}URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machinesoftwareconduit
Successfully deleted: [Registry Key] hkey_local_machinesoftwareconduitengine
Successfully deleted: [Registry Key] hkey_current_usersoftwarewinamp toolbar
Successfully deleted: [Registry Key] hkey_local_machinesoftwarewinamp toolbar
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassesappidbho.dll
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassesappidwinamptbserver.exe
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclassesconduit.engine
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.aoltbsearch
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.aoltbsearch.1
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.aoltoolband
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.aoltoolband.1
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.downloader
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.downloader.1
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.toolbarinfo
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.toolbarinfo.1
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.toolbarparams
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptb.toolbarparams.1
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] hkey_local_machinesoftwareclasseswinamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key-Heur] HKEY_LOCAL_MACHINEsoftwareclassesToolbar.CT2247187
Successfully deleted: [Registry Key] hkey_classes_rootclsid{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_usersoftwaremicrosoftinternet explorersearchscopes{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_rootclsid{25cee8ec-5730-41bc-8b58-22ddc8ab8c20}
Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorerbrowser helper objects{25cee8ec-5730-41bc-8b58-22ddc8ab8c20}
Successfully deleted: [Registry Key] hkey_classes_rootclsid{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_rootclsid{57bca5fa-5dbb-45a2-b558-1755c3f6253b}
Successfully deleted: [Registry Key] hkey_current_usersoftwaremicrosoftinternet explorersearchscopes{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_local_machinesoftwaremicrosoftinternet explorersearchscopes{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_current_usersoftwaremicrosoftinternet explorersearchscopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_current_usersoftwaremicrosoftinternet explorersearchscopes{c04b7d22-5aec-4561-8f49-27f6269208f6}
Successfully deleted: [Registry Key] hkey_classes_rootclsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}
Successfully deleted: [Registry Key] hkey_classes_rootclsid{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Key] hkey_current_usersoftwaremicrosoftinternet explorersearchscopes{afbcb7e0-f91a-4951-9f31-58fee57a25c4}
Successfully deleted: [Registry Key] "hkey_current_usersoftwareappdatalowaskbardis"
~~~ Files
Successfully deleted: [File] "C:Program Filesmozilla firefoxpluginsnpcouponprinter.dll"
Successfully deleted: [File] "C:Program Filesmozilla firefoxpluginsnpmozcouponprinter.dll"
Successfully deleted: [File] "C:WINDOWSsystem32conduitengine.tmp"
~~~ Folders
Successfully deleted: [Folder] "C:Documents and SettingsAll Usersapplication datawinamp toolbar"
Successfully deleted: [Folder] "C:Documents and SettingsRhondaApplication Datadvdvideosoftiehelpers"
Successfully deleted: [Folder] "C:Documents and SettingsRhondaLocal SettingsApplication Datawinamp toolbar"
Successfully deleted: [Folder] "C:Program Filesconduitengine"
Successfully deleted: [Folder] "C:Program Filescoupons"
Successfully deleted: [Folder] "C:Program Fileswinamp toolbar"
~~~ FireFox
Successfully deleted: [File] C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultuser.js
Successfully deleted: [File] C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultsearchpluginsaskcom.xml
Successfully deleted: [File] C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultsearchpluginsconduit.xml
Successfully deleted: [Folder] C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultconduitcommon
Successfully deleted: [Folder] C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultwinamptoolbardata
Successfully deleted: [Folder] C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultextensionsstaged
Successfully deleted: [Folder] C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultextensions{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Successfully deleted: [Registry Value] hkey_local_machinesoftwaremozillafirefoxextensionsclickpotatolite@clickpotatolite.com
Successfully deleted the following from C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultprefs.js
user_pref("CT2247187..clientLogIsEnabled", true);
user_pref("CT2247187..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2247187..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2247187.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2247187.CommunitiesChangesLastCheckTime", "Wed May 18 2011 13:30:07 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.CommunityChanged", true);
user_pref("CT2247187.CurrentServerDate", "18-5-2011");
user_pref("CT2247187.DialogsAlignMode", "LTR");
user_pref("CT2247187.DialogsGetterLastCheckTime", "Wed May 18 2011 13:25:46 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.DownloadDomainsCheckInterval", "168");
user_pref("CT2247187.DownloadDomainsListLastCheckTime", "Wed May 18 2011 13:25:42 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.DownloadDomainsListLastServerUpdateTime", "1201069983");
user_pref("CT2247187.DownloadReferralCookieData", "");
user_pref("CT2247187.FirstServerDate", "18-5-2011");
user_pref("CT2247187.FirstTimeFF3", true);
user_pref("CT2247187.GroupingServerCheckInterval", 1440);
user_pref("CT2247187.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2247187.HasUserGlobalKeys", true);
user_pref("CT2247187.Initialize", true);
user_pref("CT2247187.InitializeCommonPrefs", true);
user_pref("CT2247187.InstallationAndCookieDataSentCount", 2);
user_pref("CT2247187.InstalledDate", "Wed May 18 2011 13:26:00 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.InvalidateCache", false);
user_pref("CT2247187.IsGrouping", false);
user_pref("CT2247187.IsMulticommunity", true);
user_pref("CT2247187.IsOpenThankYouPage", true);
user_pref("CT2247187.IsOpenUninstallPage", true);
user_pref("CT2247187.LanguagePackLastCheckTime", "Wed May 18 2011 13:25:47 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2247187.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2247187.LastLogin_3.3.3.2", "Wed May 18 2011 13:25:44 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.LatestVersion", "3.3.3.2");
user_pref("CT2247187.Locale", "en");
user_pref("CT2247187.MCDetectTooltipHeight", "83");
user_pref("CT2247187.MCDetectTooltipShow", true);
user_pref("CT2247187.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2247187.MCDetectTooltipWidth", "295");
user_pref("CT2247187.RadioIsPodcast", false);
user_pref("CT2247187.RadioLastCheckTime", "Wed May 18 2011 13:25:45 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.RadioLastUpdateIPServer", "3");
user_pref("CT2247187.RadioLastUpdateServer", "128929877726170000");
user_pref("CT2247187.RadioMediaID", "10957728");
user_pref("CT2247187.RadioMediaType", "Media Player");
user_pref("CT2247187.RadioMenuSelectedID", "EBRadioMenu_CT224718710957728");
user_pref("CT2247187.RadioStationName", "Rap%20(Uncensored)");
user_pref("CT2247187.RadioStationURL", "hxxp://www.1club.fm/go/tunein.aspx?station=raw");
user_pref("CT2247187.SearchFromAddressBarIsInit", true);
user_pref("CT2247187.SearchInNewTabEnabled", true);
user_pref("CT2247187.SearchInNewTabIntervalMM", 1440);
user_pref("CT2247187.SearchInNewTabLastCheckTime", "Wed May 18 2011 13:25:44 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2247187.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2247187.ServiceMapLastCheckTime", "Wed May 18 2011 13:25:42 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.SettingsLastCheckTime", "Wed May 18 2011 13:25:42 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.SettingsLastUpdate", "1304242869");
user_pref("CT2247187.ThirdPartyComponentsInterval", 504);
user_pref("CT2247187.ThirdPartyComponentsLastCheck", "Wed May 18 2011 13:25:41 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.ThirdPartyComponentsLastUpdate", "1246786978");
user_pref("CT2247187.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2247187");
user_pref("CT2247187.UserID", "UN83080384183382479");
user_pref("CT2247187.ValidationData_Toolbar", 2);
user_pref("CT2247187.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
user_pref("CT2247187.components.1000082", false);
user_pref("CT2247187.components.1010001", false);
user_pref("CT2247187.components.128847263891375953", false);
user_pref("CT2247187.components.129066416652342809", false);
user_pref("CT2247187.components.129143810623275080", false);
user_pref("CT2247187.components.129415741154562666", false);
user_pref("CT2247187.components.129466481521850704", false);
user_pref("CT2247187.components.129470857361013040", false);
user_pref("CT2247187.components.129472911381737500", false);
user_pref("CT2247187.components.129475924762325509", false);
user_pref("CT2247187.components.129482767434387624", false);
user_pref("CT2247187.components.8376440747724315881", false);
user_pref("CT2247187.generalConfigFromLogin", "{"SocialDomains":"social.conduit.com;apps.conduit.com;services.apps.conduit.com","AppsDetectionUrlPattern":"hxxp://appdow
user_pref("CT2247187.globalFirstTimeInfoLastCheckTime", "Wed May 18 2011 13:25:47 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.isAppTrackingManagerOn", true);
user_pref("CT2247187.myStuffEnabled", true);
user_pref("CT2247187.myStuffPublihserMinWidth", 400);
user_pref("CT2247187.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2247187.myStuffServiceIntervalMM", 1440);
user_pref("CT2247187.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2247187.testingCtid", "");
user_pref("CT2247187.toolbarAppMetaDataLastCheckTime", "Wed May 18 2011 13:25:47 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.toolbarContextMenuLastCheckTime", "Wed May 18 2011 13:25:47 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2247187.usagesFlag", 2);
user_pref("CT2438727..clientLogIsEnabled", false);
user_pref("CT2438727..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2438727..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2438727.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2438727.AppTrackingLastCheckTime", "Mon May 30 2011 12:39:54 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.CTID", "CT2438727");
user_pref("CT2438727.CommunitiesChangesLastCheckTime", "0");
user_pref("CT2438727.CurrentServerDate", "19-2-2013");
user_pref("CT2438727.DialogsAlignMode", "LTR");
user_pref("CT2438727.DialogsGetterLastCheckTime", "Mon Feb 18 2013 17:03:17 GMT-0500 (Eastern Standard Time)");
user_pref("CT2438727.DownloadReferralCookieData", "");
user_pref("CT2438727.FirstServerDate", "3-3-2010");
user_pref("CT2438727.FirstTime", true);
user_pref("CT2438727.FirstTimeFF3", true);
user_pref("CT2438727.GroupingInvalidateCache", false);
user_pref("CT2438727.GroupingLastCheckTime", "0");
user_pref("CT2438727.GroupingLastServerUpdateTime", "0");
user_pref("CT2438727.GroupingServerCheckInterval", 1440);
user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2438727.HasUserGlobalKeys", true);
user_pref("CT2438727.Initialize", true);
user_pref("CT2438727.InitializeCommonPrefs", true);
user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
user_pref("CT2438727.InstalledDate", "Wed Mar 03 2010 04:51:46 GMT-0500 (Eastern Standard Time)");
user_pref("CT2438727.InvalidateCache", false);
user_pref("CT2438727.IsGrouping", false);
user_pref("CT2438727.IsMulticommunity", false);
user_pref("CT2438727.IsOpenThankYouPage", true);
user_pref("CT2438727.IsOpenUninstallPage", true);
user_pref("CT2438727.LanguagePackLastCheckTime", "Mon Feb 18 2013 17:03:17 GMT-0500 (Eastern Standard Time)");
user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2438727.LastLogin_2.5.7.3", "Mon May 24 2010 11:19:51 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.LastLogin_2.5.8.6", "Sat Aug 21 2010 09:13:59 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.LastLogin_3.12.2.3", "Sat Jun 02 2012 17:36:47 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.LastLogin_3.13.0.6", "Mon Jul 16 2012 20:05:02 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.LastLogin_3.14.1.0", "Mon Aug 27 2012 01:14:41 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.LastLogin_3.15.1.0", "Mon Feb 18 2013 17:03:17 GMT-0500 (Eastern Standard Time)");
user_pref("CT2438727.LastLogin_3.3.3.2", "Mon May 23 2011 22:20:43 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.LastLogin_3.3.5.1", "Mon May 30 2011 12:39:40 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.LatestVersion", "3.18.0.7");
user_pref("CT2438727.Locale", "en");
user_pref("CT2438727.LoginCache", 4);
user_pref("CT2438727.MCDetectTooltipHeight", "83");
user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2438727.MCDetectTooltipWidth", "295");
user_pref("CT2438727.MyStuffEnabledAtInstallation", true);
user_pref("CT2438727.RadioLastCheckTime", "0");
user_pref("CT2438727.RadioLastUpdateIPServer", "0");
user_pref("CT2438727.RadioLastUpdateServer", "0");
user_pref("CT2438727.SHRINK_TOOLBAR", 1);
user_pref("CT2438727.SearchBoxWidth", 876);
user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2438727.SearchFromAddressBarIsInit", true);
user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=");
user_pref("CT2438727.SearchInNewTabEnabled", true);
user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
user_pref("CT2438727.SearchInNewTabLastCheckTime", "Mon Feb 18 2013 17:03:12 GMT-0500 (Eastern Standard Time)");
user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT2438727.ServiceMapLastCheckTime", "Mon Feb 18 2013 17:03:12 GMT-0500 (Eastern Standard Time)");
user_pref("CT2438727.SettingsCheckIntervalMin", 120);
user_pref("CT2438727.SettingsLastCheckTime", "Mon Feb 18 2013 17:03:11 GMT-0500 (Eastern Standard Time)");
user_pref("CT2438727.SettingsLastUpdate", "1361197995");
user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Wed May 18 2011 13:32:11 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1275607866");
user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2438727");
user_pref("CT2438727.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2438727.UserID", "UN16088021926477473");
user_pref("CT2438727.ValidationData_Search", 2);
user_pref("CT2438727.ValidationData_Toolbar", 2);
user_pref("CT2438727.alertChannelId", "832836");
user_pref("CT2438727.clientLogIsEnabled", true);
user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2438727.generalConfigFromLogin", "{"ApiMaxAlerts":"12","SocialDomains":"social.conduit.com;apps.conduit.com;services.apps.conduit.com","AppsDetectionUrlP
user_pref("CT2438727.globalFirstTimeInfoLastCheckTime", "Mon May 30 2011 16:39:40 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.homepageProtectorEnableByLogin", true);
user_pref("CT2438727.initDone", true);
user_pref("CT2438727.isAppTrackingManagerOn", true);
user_pref("CT2438727.myStuffEnabled", true);
user_pref("CT2438727.myStuffPublihserMinWidth", 400);
user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2438727.oldAppsList", "129017707048431316,129017707048587567,129509324767711885,129023982676944454,1000034,1000080,1000082,1000234,1000515,1000,1001,1002,1003,100
user_pref("CT2438727.revertSettingsEnabled", false);
user_pref("CT2438727.searchProtectorDialogDelayInSec", 10);
user_pref("CT2438727.searchProtectorEnableByLogin", true);
user_pref("CT2438727.testingCtid", "");
user_pref("CT2438727.toolbarAppMetaDataLastCheckTime", "Mon Feb 18 2013 17:03:17 GMT-0500 (Eastern Standard Time)");
user_pref("CT2438727.toolbarContextMenuLastCheckTime", "Wed May 18 2011 13:32:14 GMT-0400 (Eastern Daylight Time)");
user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2438727.usagesFlag", 2);
user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2438727");
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", ""623ab66e5d2a1d529ae18291ac0664df3"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=741492&fid=737333", ""0"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=832836&fid=828639", ""0"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", ""0"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/644679/640541/US", ""0"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/741492/737333/US", ""0"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/832836/828639/US", ""0"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2247187", ""1303803146"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2345972", ""1281954754"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2438727", ""0"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE", "4pcdAq0MfLwSeKDCm3BGwA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE", "poKjTfHs0NrVUIalKI8jyg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "poKjTfHs0NrVUIalKI8jyg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE", "QmycQXJXVyFVAzIiNllWhQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE", "SuMy8xgBA7+FodOxmk9aiQ==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "SuMy8xgBA7+FodOxmk9aiQ==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", ""803651ba7facb1:0"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", ""07b2625f8cb1:0"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", ""4ead38b3e6bcd1:0"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", ""0d648794549cd1:14f1"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", ""0e0a4327275cd1:151d"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", ""0343677cfb1cd1:0"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", ""07b2625f8cb1:0"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2247187", ""634413082062870000"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2438727", ""c2c6d0a6a878d819d0b87604cdd70d2d"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", ""634231103359500000"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634207581820000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=9/22/2010 1:16:22 PM", "634207581820000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2345972&octid=CT2345972", ""1286790437"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2247187/CT2247187", ""1304242869"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2438727/CT2438727", ""1306530423"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/27/243/CT2438727/Images/Blank.png", ""27f9ceb6f365cb1:0"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/7/176/CT1764407/Images/634219899986281250.gif", ""14819e877b65cb1:0"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", ""634410529136300000"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", ""a91f172f80963451651426e555ff69c0"");
user_pref("CommunityToolbar.EngineHiddenByUser", false);
user_pref("CommunityToolbar.EngineOwner", "CT2247187");
user_pref("CommunityToolbar.EngineOwnerGuid", "{707db484-2428-402d-afb5-d85b387544c7}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "mario_forever");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.OriginalEngineOwner", "");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT2438727,CT2247187");
user_pref("CommunityToolbar.ToolbarsList2", "CT2438727");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed May 18 2011 13:25:44 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat May 28 2011 04:48:18 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon May 30 2011 17:20:54 GMT-0400 (Eastern Daylight Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{1be954b9-eb7b-4e3e-9b90-d9d2d34d3312}");
user_pref("CommunityToolbar.globalUserId", "fd7a2efe-ed87-42d3-80c3-aa0077500f02");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2345972");
user_pref("aol_toolbar.surf.date", "2");
user_pref("aol_toolbar.surf.lastDate", "18");
user_pref("aol_toolbar.surf.lastMonth", "1");
user_pref("aol_toolbar.surf.lastYear", "2013");
user_pref("aol_toolbar.surf.month", "32");
user_pref("aol_toolbar.surf.prevMonth", "66");
user_pref("aol_toolbar.surf.total", "496");
user_pref("aol_toolbar.surf.week", "2");
user_pref("aol_toolbar.surf.year", "97");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultthis.engineName", "Fb-Fans Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111703320353&tb_oid=05-07-20
user_pref("browser.search.order.1", "Ask.com");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT2345972&SearchSource=13");
user_pref("extensions.inboxcomtoolbar@inbox.com.update.url", "hxxp://toolbar.inbox.com/toolbar/firefox/update.aspx?version=%ITEM_VERSION%&status=%ITEM_STATUS%&appVersion=%APP_
user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir)/.*|hxxp://.*depositfiles.com/(([a-z]{2})/files/|auth-).*|hxxp://(www.)*di
user_pref("extensions.toolbar@ask.com.install-event-fired", true);
user_pref("google.toolbar.button_option.cached.gtbSearchBlogs", "<toolbarbutton xmlns="hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" id="gtbSearchBlogs" t
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns="hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" id="gtbSearchPhotos"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns="hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul" id="gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns="hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns="hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
user_pref("winamp_toolbar.default.search.url", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=tb50ffwinamp&s_qt=sb&tb_uuid=2012111703320353&tb_oid=
user_pref("winamp_toolbar.search.searchtype", "web");
Emptied folder: C:Documents and SettingsRhondaApplication Datamozillafirefoxprofilesbbvc4ame.defaultminidumps [14 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 02/19/2013 at 17:26:11.73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to comment
Share on other sites

Hello rocknblues81

Thank you for the logs.

Lets continue as follows:

  • [*]
MalwareBytes AntiMalware:
  • [*]I can see that you have MBAM installed. [*]Double click on your MalwareBytes AntiMalware icon to launch the program. [*]Click on the
"Update" tab and then on "Check for Updates". [*]The program will now install the latest Malware definition files. [*]Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan". [*]Once the program has scanned your computer, a log file will be created in Notepad. [*]Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


  • [*]
If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important. [*]When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer. [*]The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab. [*]Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately. [*]Come back here to this thread and Paste the log in your next reply.

[*]Please run the following scan

  • [*]
Note:Internet Explorer is preferred for this scan, although it will run with other browsers. [*]Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator". [*]Please disable your real time security programs before performing the scan.


  • [*]Scan your system with
Eset Online Scanner [*]Place a check mark in the box YES, I accept the Terms Of Use. [*]Click the Posted Image button. [*]For alternate browsers only: (Microsoft Internet Explorer users can skip these steps). [*]Click on Posted Image to download the ESET Smart Installer. Save it to your desktop. [*]Double click on the Posted Image icon on your desktop.


  • [*]Check
Posted Image [*]Click the Posted Image button. [*]Accept any security warnings from your browser. [*]Check Posted Image [*]Make sure that the option to "Remove Found Threats" is UN checked. [*]Push the "Start" button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push Posted Image [*]Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Push the Posted Image button. [*]Push Posted Image

[*]Security Check

  • [*]Please download
Security Check by screen317 from here or here and save the file (called securitycheck.exe) to your desktop. [*]Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box (NOTE: If you are running Vista or Win7 please Right click and select "Run as Administrator".. [*]A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.

Please post the required logs in your next reply and let me know how the machine is running now.

 

 

Link to comment
Share on other sites

MB Log:

 

 

Malwarebytes' Anti-Malware 1.41
Database version: 2964
Windows 5.1.2600 Service Pack 3
2/22/2013 5:00:56 PM
mbam-log-2013-02-22 (17-00-56).txt
Scan type: Quick Scan
Objects scanned: 98513
Time elapsed: 6 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Check up log:
Results of screen317's Security Check version 0.99.59
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Lavasoft Ad-Watch Live! Anti-Virus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Out of date HijackThis installed!
SpywareBlaster 4.6
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
HijackThis 2.0.2
AVG PC Tuneup 2011
CCleaner
Java 6 Update 13
Java 7 Update 15
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.3.181.22 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 18.0.2 Firefox out of Date!
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 0%
````````````````````End of Log``````````````````````
Nothing was found with the online scanner. And it gave me no option to save a log or anything.
The computer... It's still the same thing. The only thing it's doing is freezing for a couple of mins when I hit start -----> Shutdown. Then it freezes for 3 or so, and then it lets me shut the computer down. Strange.
Link to comment
Share on other sites

Hello rocknblues81

The computer... It's still the same thing. The only thing it's doing is freezing for a couple of mins when I hit start -----> Shutdown.

Then it freezes for 3 or so, and then it lets me shut the computer down. Strange.

It may possibly be a hardware problem. There was malware on this system but your latest scans are coming back clean.

Lets try the following:


System File Checker


Click on "Start" and then on "Run".
Copy and paste the following text into the Run box that opens:

sfc /scannow

Press Enter.
Let the system file checker run unhindered.
Note: The program may (or it may not) ask you for your Windows XP installation CD - please insert it at the prompt. If it doesn't ask you for the CD this means that it wasn't necessary to replace any files.
You may have to exit the scan should you be notified that an installation disk is required and you do not have one.

Please rescan with DDS and post the new logs in your next reply for me to review.

 

Link to comment
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by Rhonda at 7:02:05 on 2013-02-25
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2037.1268 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ================
.
C:WINDOWSsystem32spoolsv.exe
C:Program FilesSUPERAntiSpywareSASCORE.EXE
C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
C:Program FilesAVGAVG2013avgwdsvc.exe
C:Program FilesBonjourmDNSResponder.exe
C:WINDOWSsystem32dlcxcoms.exe
C:Program FilesCanonIJPLMIJPLMSVC.EXE
C:Program FilesJavajre7binjqs.exe
C:Program FilesCommon FilesLightScribeLSSrvc.exe
C:WINDOWSsystem32IoctlSvc.exe
C:Program FilesAlcohol SoftAlcohol 120StarWindStarWindServiceAE.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSVC.EXE
C:WINDOWSsystem32SearchIndexer.exe
C:WINDOWSSystem32alg.exe
C:Program FilesCommon FilesMicrosoft SharedWindows LiveWLIDSvcM.exe
C:WINDOWSExplorer.EXE
C:WINDOWSRTHDCPL.EXE
C:WINDOWSsystem32igfxpers.exe
C:WINDOWSsystem32igfxsrvc.exe
C:Program FilesCanonMyPrinterBJMyPrt.exe
C:Program FilesCommon FilesNikonMonitorNkMonitor.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesRealRealPlayerupdaterealsched.exe
C:Program FilesAVGAVG2013avgui.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Program FilesCommon FilesAheadLibNMBgMonitor.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesAheadLibNMIndexingService.exe
C:Program FilesCommon FilesAheadLibNMIndexStoreSvr.exe
C:Program FilesiPodbiniPodService.exe
C:Program FilesMicrosoftBingBar7.1.391.0SeaPort.exe
C:Program FilesVSOConvertX5ConvertXtoDvd.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:Program FilesGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32wbemwmiprvse.exe
C:WINDOWSsystem32svchost.exe -k DcomLaunch
C:WINDOWSsystem32svchost.exe -k rpcss
C:WINDOWSSystem32svchost.exe -k netsvcs
C:WINDOWSsystem32svchost.exe -k NetworkService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k LocalService
C:WINDOWSsystem32svchost.exe -k imgsvc
C:WINDOWSsystem32svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:program filescommon filesadobeacrobatactivexAcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:program filescanoneasy-webprint exewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:program filesjavajre7binssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:program filescommon filesmicrosoft sharedwindows liveWindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:program filesgooglegoogletoolbarnotifier5.7.8313.1002swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:program filesmicrosoftbingbar7.1.391.0BingExt.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:program filesjavajre7binjp2ssv.dll
BHO: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - c:program filesgooglechromeapplication24.0.1312.57npchrome_frame.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:program filescanoneasy-webprint exewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:program filescanoneasy-webprint exewpexhlp.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program filesgooglegoogle toolbarGoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:program filescanoneasy-webprint exewpexhlp.dll
uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:program filescommon filesaheadlibNMBgMonitor.exe"
uRun: [ctfmon.exe] c:windowssystem32ctfmon.exe
uRun: [swg] "c:program filesgooglegoogletoolbarnotifierGoogleToolbarNotifier.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [igfxTray] c:windowssystem32igfxtray.exe
mRun: [Persistence] c:windowssystem32igfxpers.exe
mRun: [MDS_Menu] "c:program filesolympusibmuitransfermuistartmenu.exe" "c:program filesolympusib" updatewithcreateonce "softwareolympusib1.0"
mRun: [CanonMyPrinter] c:program filescanonmyprinterBJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:program filescanonsolutionmenuCNSLMAIN.exe /logon
mRun: [Nikon Transfer Monitor] c:program filescommon filesnikonmonitorNkMonitor.exe
mRun: [AppleSyncNotifier] c:program filescommon filesapplemobile device supportAppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:program filesadobereader 9.0readerReader_sl.exe"
mRun: [Adobe ARM] "c:program filescommon filesadobearm1.0AdobeARM.exe"
mRun: [QuickTime Task] "c:program filesquicktimeqttask.exe" -atboottime
mRun: [iTunesHelper] "c:program filesitunesiTunesHelper.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:program filesmalwarebytes' anti-malwarembam.exe" /runcleanupscript
mRun: [TkBellExe] "c:program filesrealrealplayerupdaterealsched.exe" -osboot
mRun: [AVG_UI] "c:program filesavgavg2013avgui.exe" /TRAYONLY
mRun: [sunJavaUpdateSched] "c:program filescommon filesjavajava updatejusched.exe"
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic="&"inst=NzctNzM2NDM3NTIzLVhPMTArMi1RSVgxKzQtWDIwMTArMi1GMTBNMTBEKzItTElDKzIyLUZMMTArMS1TUDErMS1TUDFUQisxLVNVRCsxLVMxSSsxLVNVMysxLUREVCsyMTg0OS1ERDEwRisxLUxTRCsyLVNUMTBGQVBQKzEtTDEwTSsxLUYxME0xMkFOKzMzLUVVTEErMS1TVDEyRkFQUCsx"&"prod=0"&"ver=10.0.1409
StartupFolder: c:docume~1alluse~1startm~1programsstartupwindow~1.lnk - c:program fileswindows desktop searchWindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-WindowsSystem: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Winamp Search - c:documents and settingsall usersapplication datawinamp toolbarietoolbarresourcesen-uslocalsearch.html
IE: Free YouTube to Mp3 Converter - c:documents and settingsrhondaapplication datadvdvideosoftiehelpersyoutubetomp3.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:program fileswindows livewriterWriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:program filesspybot - search & destroySDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:program filesmessengermsmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1360786047062
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces{E976E438-CF57-4591-9737-4C85782733FC} : NameServer = 192.168.1.1
TCP: Interfaces{E976E438-CF57-4591-9737-4C85782733FC} : DHCPNameServer = 192.168.1.1
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:program filesgooglechromeapplication24.0.1312.57npchrome_frame.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:windowssystem32WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:program fileswindows desktop searchMSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:program filessuperantispywareSASSEH.DLL
LSA: Authentication Packages = msv1_0 nwprovau
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:program filesgooglechromeapplication24.0.1312.57installerchrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:documents and settingsrhondaapplication datamozillafirefoxprofilesbbvc4ame.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=2013022051103877&tb_oid=20-02-2013&tb_mrud=21-02-2013&query=
FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprpchromebrowserrecordext.dll
FF - plugin: c:documents and settingsall usersapplication datarealrealplayerbrowserrecordpluginmozillapluginsnprphtml5videoshim.dll
FF - plugin: c:documents and settingsrhondaapplication datafacebooknpfbplugin_1_0_3.dll
FF - plugin: c:documents and settingsrhondaapplication datamove networkspluginsnpqmp071505000011.dll
FF - plugin: c:documents and settingsrhondalocal settingsapplication datayahoo!browserplus2.9.8pluginsnpybrowserplus_2.9.8.dll
FF - plugin: c:program filesadobereader 9.0readerairnppdf32.dll
FF - plugin: c:program filescanoneasy-photoprint exNPEZFFPI.DLL
FF - plugin: c:program filesgooglegoogle earthpluginnpgeplugin.dll
FF - plugin: c:program filesgoogleupdate1.3.21.135npGoogleUpdate3.dll
FF - plugin: c:program filesjavajre7binplugin2npjp2.dll
FF - plugin: c:program filesmicrosoft silverlight5.1.10516.0npctrlui.dll
FF - plugin: c:program filesmozilla firefoxpluginsNPcol400.dll
FF - plugin: c:program filesmozilla firefoxpluginsnpwachk.dll
FF - plugin: c:program fileswindows livephoto galleryNPWLPG.dll
FF - plugin: c:windowssystem32npdeployJava1.dll
FF - plugin: c:windowssystem32npptools.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 21:26; {20a82645-c095-46ed-80e3-08825760534b}; c:windowsmicrosoft.netframeworkv3.5windows presentation foundationDotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-07-01 23:58; {3112ca9c-de6d-4884-a869-9855de68056c}; c:documents and settingsall usersapplication datagoogletoolbar for firefox{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:windowssystem32driversavgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:windowssystem32driversavglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:windowssystem32driversavgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:windowssystem32driversavgrkx86.sys [2012-9-14 35552]
R0 Lbd;Lbd;c:windowssystem32driversLbd.sys [2010-9-9 64288]
R0 pavboot;pavboot;c:windowssystem32driverspavboot.sys [2009-10-29 28552]
R1 AVGIDSDriver;AVGIDSDriver;c:windowssystem32driversavgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:windowssystem32driversavgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:windowssystem32driversavgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:windowssystem32driversavgtdix.sys [2012-9-21 164832]
R1 SASDIFSV;SASDIFSV;c:program filessuperantispywareSASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:program filessuperantispywareSASKUTIL.SYS [2010-2-17 67664]
R2 !SASCORE;SAS Core Service;c:program filessuperantispywareSASCORE.EXE [2010-7-22 116608]
R2 avgwd;AVG WatchDog;c:program filesavgavg2013avgwdsvc.exe [2012-10-22 196664]
R2 dlcx_device;dlcx_device;c:windowssystem32dlcxcoms.exe -service --> c:windowssystem32dlcxcoms.exe -service [?]
R2 fssfltr;FssFltr;c:windowssystem32driversfssfltr_tdi.sys [2009-3-30 54752]
R2 StarWindServiceAE;StarWind AE Service;c:program filesalcohol softalcohol 120starwindStarWindServiceAE.exe [2009-12-23 370688]
R3 BBUpdate;BBUpdate;c:program filesmicrosoftbingbar7.1.391.0SeaPort.EXE [2012-6-11 240208]
S2 AVGIDSAgent;AVGIDSAgent;c:program filesavgavg2013avgidsagent.exe [2012-11-15 5814904]
S2 BBSvc;BingBar Service;c:program filesmicrosoftbingbar7.1.391.0BBSvc.EXE [2012-6-11 193616]
S2 Ca533av;Icatch(IV) Video Camera Device;c:windowssystem32driversCa533av.sys [2009-8-14 515803]
S3 cpuz132;cpuz132;??c:docume~1rhondalocals~1tempcpuz132cpuz132_x32.sys --> c:docume~1rhondalocals~1tempcpuz132cpuz132_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:windowssystem32DNINDIS5.sys [2009-3-29 17149]
S3 fsssvc;Windows Live Family Safety Service;c:program fileswindows livefamily safetyfsssvc.exe [2009-8-5 704864]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:program fileslavasoftad-awareAAWService.exe [2010-8-12 1737728]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:program fileslavasoftad-awarekernexplorer.sys [2010-8-12 15232]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:windowssystem32driversOlyCamComm.sys [2010-4-25 21648]
S3 SASENUM;SASENUM;c:program filessuperantispywareSASENUM.SYS [2010-2-17 12872]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=c:progra~1mi1933~1officeFRONTPG.EXE
.
=============== Created Last 30 ================
.
2013-02-23 21:13:42 94112 ----a-w- c:windowssystem32WindowsAccessBridge.dll
2013-02-23 18:06:36 -------- d-----w- c:program filesESET
2013-02-19 22:19:33 -------- d-----w- c:windowsERUNT
2013-02-19 22:19:24 -------- d-----w- C:JRT
2013-02-18 10:29:05 98816 ----a-w- c:windowssed.exe
2013-02-18 10:29:05 256000 ----a-w- c:windowsPEV.exe
2013-02-18 10:29:05 208896 ----a-w- c:windowsMBR.exe
2013-02-18 10:15:54 -------- d-----w- C:$AVG
2013-02-13 20:18:10 522240 -c----w- c:windowssystem32dllcachejsdbgui.dll
2013-02-13 20:13:55 3072 -c----w- c:windowssystem32dllcacheiacenc.dll
2013-02-13 20:13:55 3072 ------w- c:windowssystem32iacenc.dll
2013-02-13 20:08:37 15384 ----a-w- c:windowssystem32wuapi.dll.mui
.
==================== Find3M ====================
.
2013-02-23 21:13:26 143872 ----a-w- c:windowssystem32javacpl.cpl
2013-02-23 21:13:25 861088 ----a-w- c:windowssystem32npdeployJava1.dll
2013-02-23 21:13:25 782240 -c--a-w- c:windowssystem32deployJava1.dll
2013-01-26 03:55:44 552448 ----a-w- c:windowssystem32oleaut32.dll
2013-01-07 01:19:45 2148864 ----a-w- c:windowssystem32ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- c:windowssystem32ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:windowssystem32win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:windowssystem32mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:windowssystem32quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:windowssystem32wininet.dll
2012-12-26 20:16:28 43520 ----a-w- c:windowssystem32licmgr10.dll
2012-12-26 20:16:28 1469440 ------w- c:windowssystem32inetcpl.cpl
2012-12-24 06:40:59 385024 ----a-w- c:windowssystem32html.iec
2012-12-16 12:23:59 290560 ----a-w- c:windowssystem32atmfd.dll
.
============= FINISH: 7:03:00.35 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: DeviceHarddiskVolume1
Install Date: 3/29/2009 5:30:35 PM
System Uptime: 2/24/2013 2:22:27 PM (17 hours ago)
.
Motherboard: Dell Inc. | | 0RY007
Processor: Intel® Pentium® Dual CPU E2140 @ 1.60GHz | Socket 775 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 134.593 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP302: 11/28/2012 1:45:05 PM - System Checkpoint
RP303: 11/30/2012 4:44:00 AM - System Checkpoint
RP304: 12/1/2012 4:50:05 AM - System Checkpoint
RP305: 12/2/2012 7:00:24 PM - System Checkpoint
RP306: 12/3/2012 11:25:26 PM - System Checkpoint
RP307: 12/4/2012 11:45:08 PM - System Checkpoint
RP308: 12/7/2012 2:22:20 PM - System Checkpoint
RP309: 12/8/2012 5:20:31 PM - System Checkpoint
RP310: 12/9/2012 8:30:16 PM - System Checkpoint
RP311: 12/10/2012 8:39:40 PM - System Checkpoint
RP312: 12/11/2012 10:27:57 PM - System Checkpoint
RP313: 12/13/2012 2:09:17 AM - System Checkpoint
RP314: 12/13/2012 5:56:38 PM - Installed AVG 2013
RP315: 12/13/2012 5:57:35 PM - Installed AVG 2013
RP316: 12/14/2012 9:30:17 PM - System Checkpoint
RP317: 12/16/2012 1:52:57 AM - System Checkpoint
RP318: 12/17/2012 3:43:35 PM - System Checkpoint
RP319: 12/19/2012 8:06:54 AM - System Checkpoint
RP320: 12/20/2012 4:56:16 PM - System Checkpoint
RP321: 12/21/2012 8:42:37 PM - System Checkpoint
RP322: 12/22/2012 8:51:16 PM - System Checkpoint
RP323: 12/23/2012 9:50:24 PM - System Checkpoint
RP324: 12/25/2012 1:26:51 AM - System Checkpoint
RP325: 12/26/2012 2:29:56 AM - System Checkpoint
RP326: 12/27/2012 9:36:43 AM - System Checkpoint
RP327: 12/28/2012 8:18:33 PM - System Checkpoint
RP328: 12/30/2012 4:41:05 PM - System Checkpoint
RP329: 12/31/2012 6:10:39 PM - System Checkpoint
RP330: 1/1/2013 6:49:41 PM - System Checkpoint
RP331: 1/3/2013 12:44:03 AM - System Checkpoint
RP332: 1/4/2013 1:19:43 AM - System Checkpoint
RP333: 1/5/2013 3:07:14 AM - System Checkpoint
RP334: 1/6/2013 7:42:06 PM - System Checkpoint
RP335: 1/8/2013 8:01:48 AM - System Checkpoint
RP336: 1/9/2013 8:48:27 AM - System Checkpoint
RP337: 1/10/2013 8:15:19 PM - System Checkpoint
RP338: 1/11/2013 8:23:43 PM - System Checkpoint
RP339: 1/12/2013 8:56:56 PM - System Checkpoint
RP340: 1/14/2013 6:39:43 AM - System Checkpoint
RP341: 1/15/2013 6:50:50 AM - System Checkpoint
RP342: 1/15/2013 6:36:59 PM - Removed Java 6 Update 37
RP343: 1/15/2013 6:37:41 PM - Installed Java 7 Update 11
RP344: 1/16/2013 7:04:23 PM - System Checkpoint
RP345: 1/19/2013 6:33:24 PM - System Checkpoint
RP346: 1/20/2013 11:45:23 PM - System Checkpoint
RP347: 1/22/2013 1:56:21 PM - System Checkpoint
RP348: 1/23/2013 6:59:56 PM - System Checkpoint
RP349: 1/25/2013 5:09:13 PM - System Checkpoint
RP350: 1/26/2013 5:14:48 PM - System Checkpoint
RP351: 1/27/2013 5:19:10 PM - System Checkpoint
RP352: 1/28/2013 5:59:56 PM - System Checkpoint
RP353: 1/29/2013 7:42:50 PM - System Checkpoint
RP354: 1/30/2013 8:37:12 PM - System Checkpoint
RP355: 1/31/2013 8:52:13 PM - System Checkpoint
RP356: 2/2/2013 12:04:37 PM - System Checkpoint
RP357: 2/2/2013 3:29:05 PM - Removed Java 7 Update 11
RP358: 2/3/2013 3:44:27 PM - System Checkpoint
RP359: 2/5/2013 2:52:54 PM - System Checkpoint
RP360: 2/7/2013 12:15:02 PM - System Checkpoint
RP361: 2/8/2013 12:50:22 PM - System Checkpoint
RP362: 2/9/2013 12:55:42 PM - System Checkpoint
RP363: 2/10/2013 10:39:25 PM - System Checkpoint
RP364: 2/11/2013 10:46:16 PM - System Checkpoint
RP365: 2/13/2013 12:19:03 AM - System Checkpoint
RP366: 2/13/2013 3:19:30 PM - Software Distribution Service 3.0
RP367: 2/14/2013 7:25:49 PM - System Checkpoint
RP368: 2/15/2013 10:28:17 PM - System Checkpoint
RP369: 2/17/2013 12:05:01 AM - System Checkpoint
RP370: 2/18/2013 12:56:55 AM - System Checkpoint
RP371: 2/18/2013 4:43:34 AM - Removed AVG 2013
RP372: 2/18/2013 4:45:01 AM - Removed AVG 2013
RP373: 2/18/2013 5:04:39 AM - Removed Ask Toolbar.
RP374: 2/18/2013 5:14:56 AM - Installed AVG 2013
RP375: 2/18/2013 5:15:25 AM - Installed AVG 2013
RP376: 2/19/2013 9:05:14 AM - System Checkpoint
RP377: 2/20/2013 11:12:07 AM - System Checkpoint
RP378: 2/22/2013 10:29:11 PM - System Checkpoint
RP379: 2/23/2013 4:12:47 PM - Removed Java 7 Update 13
RP380: 2/25/2013 12:43:52 AM - System Checkpoint
.
==== Installed Programs ======================
.
50 FREE MP3s +1 Free Audiobook!
7-Zip 4.65
AC3Filter (remove only)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
Aiseesoft Total Media Converter
Aiseesoft Total Video Converter
Ant Movie Catalog
Any Video Converter 3.0.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
Artisan DVD/DivX Player
Avant Browser (remove only)
AVG 2011
AVG 2012
AVG 2013
AVG PC Tuneup 2011
Bing Bar
Bonjour
Canon Easy-WebPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.0
Canon MP560 series MP Drivers
Canon MP560 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
Command & Conquer Tiberian Sun
Conexant D850 56K V.9x DFVc Modem
ConvertXtoDVD 4.1.19.365
CueClub
Dell Driver Download Manager
Dell Resource CD
Digital Camera
Driver Whiz
DScaler 5 Mpeg Decoders
DVD Shrink 3.2
ESET Online Scanner v3
Facebook Plug-In
File Uploader
FLVPlayer4Free Free FLV Player 3.8.0.0
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.7
FrostWire 4.20.9
Google Chrome
Google Chrome Frame
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPL MPEG-1/2 DirectShow Decoder Filter
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB960043)
Icatch(IV) Camera Driver
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.12.0
iTunes
Java 7 Update 15
Java Auto Updater
Java 6 Update 13
JDownloader
Junk Mail filter update
Last.fm Scrobbler 2.1.30
LightScribe 1.4.136.1
Malwarebytes' Anti-Malware
McAfee Security Scan
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MobileMe Control Panel
Monopoly v2.00.101 Crack - By Maggot Brain
Move Media Player
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
Nikon Message Center
Nikon Transfer
OLYMPUS ib
Opera 10.51
Panda ActiveScan 2.0
Picture Control Utility
PowerDVD
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Segoe UI
Smilebox
SPCA533
Spybot - Search & Destroy
SpywareBlaster 4.6
SUPERAntiSpyware Free Edition
Texas Hold'em Poker (Trial version) 7.21
Texas Hold'em Poker 7.21
The Print Shop 2.0 Professional
Ultimate Reference Suite
Ultra MKV Converter 4.1.0213
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
ViewNX
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
WebFldrs XP
Westwood Shared Internet Components
Winamp
Winamp Detector Plug-in
WinAVI Video Converter 9.0
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World's Best Board Games
Xvid 1.2.1 final uninstall
Yahoo! BrowserPlus 2.9.8
Yahoo! Messenger
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
2/25/2013 6:58:57 AM, information: Windows File Protection [64021] - The system file c:windowssystem32inetsrvcertmap.ocx could not be copied into the DLL cache. The specific error code is 0x000004c7 [The operation was canceled by the user. ]. This file is necessary to maintain system stability.
2/25/2013 6:58:57 AM, information: Windows File Protection [64018] - Windows File Protection file scan was cancelled by user interaction, user name is Rhonda.
2/25/2013 6:57:05 AM, information: Windows File Protection [64016] - Windows File Protection file scan was started.
2/24/2013 2:24:31 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/20/2013 4:38:25 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
2/20/2013 4:38:25 AM, error: Service Control Manager [7000] - The Icatch(IV) Video Camera Device service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/18/2013 5:21:02 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.4. The machine with the IP address 192.168.1.3 did not allow the name to be claimed by this machine.
.
==== End Of File ===========================
It asked for a disc and I don't have one....
I take it my problem is probably more serious than a trojan. This computer is around 5 or 6 years old, so I've had it for a while.
Link to comment
Share on other sites

Hello rocknblues81

It asked for a disc and I don't have one....

It sounds as though there may be some corruption of your core system files.

In order to to replace the files you will need to get hold of an XP installation disk (either from a friend or from a computer store).

I take it my problem is probably more serious than a trojan

Well, right now your machine appears to be malware free, but whether or not replacing the damaged system files fixes the problem is another matter. You have to get your hands on an installation disk to find out.

Your latest DDS log appears to be clean so lets remove our tools in the steps below:

  • [*]
Please Uninstall Combofix
  • [*]Click on
"Start" and then on "Run". [*]Now type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.

[*]Removal of Tools

  • [*]
DDS, aswMBR and Junkware Removal Tool can be deleted from yur machine.

[*]Re-enable your drivers

  • [*]To re-enable your Emulation drivers, double click on
DeFogger to run the tool.

  • [*]The application window will appear. [*]Click the
Re-enable button to re-enable your CD Emulation drivers. [*]Click Yes to continue [*]A 'Finished!' message will appear. [*]Click OK [*]DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.
Your Emulation drivers are now re-enabled.


Once you have completed the above steps you should be good to go! If you have any further questions, please feel free to ask.
[*]Finally, please take the time to read through the information provided below:

Enhance your System Security

  • [*]For an excellent list of
free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.

  • [*]
IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan. [*]Once complete, remember to re-engage your resident security before going online.

Web Browsers and Browser Security

Firefox

  • [*]You can download
Firefox from here.

No-Script

  • [*]If you use Firefox as your default browser,
No-Script can provide additional security by preventing malicious scripts from being executed on your system. [*]You can download No-Script by clicking here.

Internet Explorer

  • [*]The newest version of
Internet Explorer is available from here. [*]Please Note: IE9 is not configured to run on XP machines.

SpywareBlaster

  • [*]If you use Internet Explorer as your default browser,
SpywareBlaster would be a valuable addition to your online security. [*]SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system. [*]You can download SpywareBlaster by clicking here.

Web of Trust

  • [*]When using search engines,
Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer. [*]Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop). [*]You can download Web of Trust by clicking here.

Keep your Software Updated

  • [*]Outdated software can sometimes have vulnerabilities that are exploitable by malware. [*]Check if there are available updates for your installed software with
Secunia's Online Software Inspector by clicking here.

Passwords

  • [*]Learn how to create strong passwords by clicking
here and test the strength of the passwords you already use by clicking here.

General Reading

  • [*]
PC Safety and Security - What do I need? [*]How to prevent Malware (by Miekiemoes)

Learn How To Combat Malware

  • [*]Would you like to learn how to fight back against malware and help others? Enroll at the
What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

 

Link to comment
Share on other sites

Hello rocknblues81

 

 

Can you atleast leave this open until tomorrow to make sure I don't have anymore issues?

Certainly, but as I said, your machine appears to be malware free.

 

 

If replacing the system files (using sfc /scannow and the installation disk) does not solve the remaining issues then you may be looking at a hardware issue, in which case you would be best served by seeking further assistance in our User to User forum (hardware problems are not my speciality).

 

Let me know how you get on tomorrow :)

Link to comment
Share on other sites

Thank you. May I remove security check also? and Defogger?

 

I just want to add that I don't think I picked up viruses from P2P stuff. I was suffering yahoo for captions and I seem to have picked up a virus that way.

 

It appears we're about done here. I really am grateful for the help.

Edited by rocknblues81
Link to comment
Share on other sites

May I remove security check also? and Defogger?

Go right ahead.

 

 

I really am grateful for the help.

You are Very Welcome :)

 

As this issue appears to be resolved this topic is now closed.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...