11 replies to this topic

[rwhelm2003]

Upon opening firefox my homepage gets redirected to Bing search and a thing called free ride games. I'm afraid one of my kids downloaded something that hijacks my browser. I would greatly appreciate any suggestions. i have the attach.txt and dds.txt logs and am going to copy and paste below. Thank you!

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by Robert & Heather at 12:32:42 on 2012-07-28
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.170 [GMT -5:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Ad-Aware Antivirus\Engine\SBAMSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\xManager\PELKBD.EXE
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\AVG\AVG2012\avgscanx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Advanced System Protector\AdvancedSystemProtector.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://verizon.yahoo.com/
uSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {A057A204-BACC-4D26-8398-26FADCF27386} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Singlesnet] c:\program files\singlesnet\singlesnet\Singlesnet.exe
uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem
uRun: [SystweakASP] "c:\program files\regclean pro\SystweakASP.exe" /verysilent
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SoundMax] "c:\program files\analog devices\soundmax\smax4.exe" /tray
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Keyboard Suite Daemon] c:\windows\system32\xmanager\PELKBD.EXE
mRun: [EPSON Stylus CX3800 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATIACA.EXE /P26 "EPSON Stylus CX3800 Series" /O6 "USB001" /M "Stylus CX3800"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [Advanced System Protector_startup] "c:\program files\advanced system protector\AdvancedSystemProtector.exe" autolaunch
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\extend~1.lnk - c:\windows\ehome\RMSysTry.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Big%20City%20Adventure%20-%20Sydney,%20Australia/Images/stg_drm.ocx
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Big%20City%20Adventure%20-%20Sydney,%20Australia/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} - hxxp://asp.mathxl.com/books/_Players/MathPlayer.cab
TCP: DhcpNameServer = 10.0.1.1
TCP: Interfaces\{C68860AB-A444-4ECC-BBEF-55334A8EEC77} : DhcpNameServer = 10.0.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.1.0\ViProtocol.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\robert & heather\application data\mozilla\firefox\profiles\t4q4358c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1320680&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1320680&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\robert & heather\application data\mozilla\firefox\profiles\t4q4358c.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\documents and settings\robert & heather\application data\mozilla\firefox\profiles\t4q4358c.default\extensions\{f92a9fe4-2850-4198-b9d5-279880e49b16}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\robert & heather\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.1.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 40016]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 295248]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2012-7-15 21592]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-7-15 332248]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-4-29 101720]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-7-15 212568]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-2-5 54752]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2012-7-15 74968]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 16720]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-7-15 69208]
R3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-7-15 94040]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30944]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-6-28 15896]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-22 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-22 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2007-6-18 23680]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-7-15 69208]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2012-6-28 113688]
.
=============== Created Last 30 ================
.
2012-07-28 17:09:36 -------- d-----w- c:\documents and settings\all users\application data\Systweak
2012-07-28 17:09:31 17136 ----a-w- c:\windows\system32\sasnative32.exe
2012-07-28 17:09:31 -------- d-----w- c:\program files\Advanced System Protector
2012-07-28 17:08:14 -------- d-----w- c:\documents and settings\robert & heather\application data\Systweak
2012-07-28 17:07:56 17320 ----a-w- c:\windows\system32\roboot.exe
2012-07-28 17:07:38 -------- d-----w- c:\program files\RegClean Pro
2012-07-16 01:36:13 -------- d-----w- c:\documents and settings\robert & heather\local settings\application data\adaware
2012-07-16 01:35:56 -------- d-----w- c:\documents and settings\all users\application data\Ad-Aware Browsing Protection
2012-07-16 01:35:43 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2012-07-16 01:35:43 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2012-07-16 01:35:42 94040 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-07-16 01:35:42 212568 ----a-w- c:\windows\system32\drivers\sbtis.sys
2012-07-16 01:35:23 69208 ----a-w- c:\windows\system32\drivers\SbFwIm.sys
2012-07-16 01:35:21 332248 ----a-w- c:\windows\system32\drivers\SbFw.sys
2012-07-16 01:35:16 -------- d-----w- c:\program files\Ad-Aware Antivirus
2012-07-16 01:33:51 -------- d-----w- c:\documents and settings\robert & heather\application data\Ad-Aware Antivirus
2012-07-16 00:45:38 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-07-16 00:45:38 -------- d-----w- c:\windows\system32\wbem\Repository
2012-07-15 15:24:41 -------- d-----w- c:\documents and settings\robert & heather\local settings\application data\Ilivid Player
2012-07-15 15:21:10 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2012-07-08 16:54:21 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-07-08 16:52:16 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-08 16:48:37 -------- d-----w- c:\documents and settings\robert & heather\application data\PriceGong
2012-07-08 16:46:25 -------- d-----w- c:\program files\Conduit
2012-07-08 16:46:12 -------- d-----w- c:\documents and settings\robert & heather\local settings\application data\Conduit
2012-06-29 04:11:12 -------- d---a-w- c:\documents and settings\robert & heather\.android
2012-06-29 04:11:00 15896 ----a-w- c:\windows\system32\drivers\massfilter_hs.sys
2012-06-29 04:11:00 113688 ----a-w- c:\windows\system32\drivers\zghsvousb.sys
2012-06-29 04:11:00 113688 ----a-w- c:\windows\system32\drivers\zghsnmea.sys
2012-06-29 04:11:00 113688 ----a-w- c:\windows\system32\drivers\zghsmdm.sys
2012-06-29 04:11:00 113688 ----a-w- c:\windows\system32\drivers\zghsdiagmdm.sys
2012-06-29 04:11:00 113688 ----a-w- c:\windows\system32\drivers\zghsdiag.sys
2012-06-29 04:11:00 113688 ----a-w- c:\windows\system32\drivers\zghsat.sys
2012-06-29 04:10:59 32408 ----a-w- c:\windows\system32\drivers\ghsandroid.sys
2012-06-29 04:10:59 32408 ----a-w- c:\windows\system32\drivers\androidusb.sys
2012-06-29 04:10:59 113432 ----a-w- c:\windows\system32\drivers\ghsnmea.sys
2012-06-29 04:10:59 113432 ----a-w- c:\windows\system32\drivers\ghsmdm.sys
2012-06-29 04:10:59 113432 ----a-w- c:\windows\system32\drivers\ghsdiag.sys
2012-06-29 04:10:42 584584 ----a-w- c:\windows\adb.exe
2012-06-29 04:10:42 102936 ----a-w- c:\windows\AdbWinApi.dll
2012-06-29 04:10:42 -------- d-----w- c:\windows\InnoTipLanguage
2012-06-29 04:10:41 -------- d-----w- c:\program files\ZTE Handset USB Driver
.
==================== Find3M ====================
.
2012-07-16 21:28:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 00:29:50 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-05-05 00:29:22 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-05 00:29:16 687504 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 12:36:55.50 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 4/4/2008 4:05:08 PM
System Uptime: 7/28/2012 10:29:35 AM (2 hours ago)
.
Motherboard: | |
Processor: AMD Sempron™ Processor 3000+ | CPU 1 | 1799/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 228 GiB total, 172.966 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\0108110666
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\0108110666
Service: NIC1394
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Linksys NC100 Fast Ethernet Adapter
Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05701317&REV_11\3&267A616A&0&50
Manufacturer: Linksys
Name: Linksys NC100 Fast Ethernet Adapter #2
PNP Device ID: PCI\VEN_1317&DEV_0985&SUBSYS_05701317&REV_11\3&267A616A&0&50
Service: AN983
.
==== System Restore Points ===================
.
RP765: 4/26/2012 8:32:42 PM - System Checkpoint
RP766: 4/29/2012 8:42:05 AM - System Checkpoint
RP767: 4/30/2012 12:35:01 PM - System Checkpoint
RP768: 5/1/2012 4:39:40 PM - System Checkpoint
RP769: 5/4/2012 8:46:22 AM - System Checkpoint
RP770: 5/5/2012 3:24:14 PM - System Checkpoint
RP771: 5/6/2012 4:22:23 PM - System Checkpoint
RP772: 5/9/2012 11:06:09 AM - System Checkpoint
RP773: 5/10/2012 2:30:43 PM - System Checkpoint
RP774: 5/11/2012 5:51:18 PM - System Checkpoint
RP775: 5/13/2012 12:58:49 PM - System Checkpoint
RP776: 5/14/2012 4:27:29 PM - System Checkpoint
RP777: 5/15/2012 6:27:28 PM - System Checkpoint
RP778: 5/18/2012 1:59:12 PM - System Checkpoint
RP779: 5/19/2012 5:45:44 PM - System Checkpoint
RP780: 5/20/2012 8:49:54 PM - System Checkpoint
RP781: 5/21/2012 9:46:36 PM - System Checkpoint
RP782: 5/23/2012 1:46:36 AM - System Checkpoint
RP783: 5/24/2012 6:01:05 AM - System Checkpoint
RP784: 5/25/2012 9:46:38 AM - System Checkpoint
RP785: 5/26/2012 1:31:03 PM - System Checkpoint
RP786: 5/27/2012 2:51:14 PM - System Checkpoint
RP787: 5/29/2012 6:29:50 PM - System Checkpoint
RP788: 5/30/2012 7:36:12 PM - System Checkpoint
RP789: 5/31/2012 11:24:09 PM - System Checkpoint
RP790: 6/2/2012 9:39:18 AM - System Checkpoint
RP791: 6/3/2012 2:28:54 PM - System Checkpoint
RP792: 6/5/2012 7:55:11 AM - System Checkpoint
RP793: 6/5/2012 4:12:05 PM - Installed Java™ 7 Update 4
RP794: 6/5/2012 4:13:31 PM - Installed JavaFX 2.1.0
RP795: 6/7/2012 7:31:19 AM - System Checkpoint
RP796: 6/8/2012 7:54:12 AM - System Checkpoint
RP797: 6/9/2012 1:27:01 PM - System Checkpoint
RP798: 6/11/2012 10:54:33 AM - System Checkpoint
RP799: 6/12/2012 7:28:43 PM - System Checkpoint
RP800: 6/13/2012 9:35:57 PM - System Checkpoint
RP801: 6/15/2012 9:13:09 AM - System Checkpoint
RP802: 6/15/2012 9:34:53 AM - Installed Java™ 7 Update 5
RP803: 6/15/2012 9:35:55 AM - Removed JavaFX 2.1.0
RP804: 6/15/2012 9:36:15 AM - Installed JavaFX 2.1.1
RP805: 6/16/2012 2:26:32 PM - System Checkpoint
RP806: 6/17/2012 4:04:29 PM - System Checkpoint
RP807: 6/18/2012 5:26:09 PM - System Checkpoint
RP808: 6/19/2012 8:48:21 PM - System Checkpoint
RP809: 6/20/2012 10:36:42 PM - System Checkpoint
RP810: 6/22/2012 12:18:11 AM - System Checkpoint
RP811: 6/23/2012 6:01:30 AM - System Checkpoint
RP812: 6/24/2012 8:39:19 AM - System Checkpoint
RP813: 6/26/2012 9:08:32 PM - System Checkpoint
RP814: 6/28/2012 12:19:02 AM - System Checkpoint
RP815: 6/29/2012 8:51:23 AM - System Checkpoint
RP816: 7/3/2012 12:14:55 PM - System Checkpoint
RP817: 7/5/2012 12:24:19 PM - System Checkpoint
RP818: 7/7/2012 3:20:40 PM - System Checkpoint
RP819: 7/8/2012 5:08:40 PM - System Checkpoint
RP820: 7/9/2012 11:23:00 PM - System Checkpoint
RP821: 7/11/2012 2:44:42 AM - System Checkpoint
RP822: 7/12/2012 6:48:48 AM - System Checkpoint
RP823: 7/13/2012 4:29:44 PM - System Checkpoint
RP824: 7/15/2012 10:00:30 AM - Removed Safari
RP825: 7/15/2012 10:13:33 AM - Removed MobileMe Control Panel
RP826: 7/15/2012 7:44:26 PM - Restore Operation
RP827: 7/16/2012 9:17:34 PM - System Checkpoint
RP828: 7/18/2012 11:00:42 AM - System Checkpoint
RP829: 7/19/2012 3:10:37 PM - System Checkpoint
RP830: 7/21/2012 11:46:48 PM - System Checkpoint
RP831: 7/23/2012 2:11:55 AM - System Checkpoint
RP832: 7/24/2012 2:26:09 AM - System Checkpoint
RP833: 7/25/2012 6:11:41 AM - System Checkpoint
RP834: 7/28/2012 12:23:32 PM - RegClean Pro Sat, Jul 28, 12 12:23
.
==== Installed Programs ======================
.
.
Acrobat.com
Ad-Aware 2007
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Flash Player ActiveX
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
Advanced System Protector
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG PC Tuneup 2011
BitPim 1.0.6
Canon Easy-WebPrint EX
Canon MP Navigator EX 3.0
Canon MP250 series MP Drivers
Canon MP250 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Defraggler
Enhanced Multimedia Keyboard Solution
EPSON PhotoCenter
EPSON Web-To-Page
FreeCodec
Garmin Lifetime Updater
Google Chrome
Google Earth
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2443685)
iTunes
Java Auto Updater
Java™ 6 Update 19
Java™ 6 Update 5
Java™ 6 Update 6
Java™ 6 Update 7
Java™ 7 Update 5
JavaFX 2.1.1
Junk Mail filter update
Kensington SlimBlade Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MobileMe Control Panel
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
OpenOffice.org Installer 1.0
Otto
PopCap Browser Plugin
QuickTime
Realtek USB 2.0 Card Reader
RegClean Pro
Runes of Magic
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB982132)
Segoe UI
SiSAGP driver
Sonic Encoders
SoundMAX
Spybot - Search & Destroy
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB971029)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Defender
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
WinZip 11.1
Yahoo! Browser Services
Yahoo! BrowserPlus 2.9.8
ZTE Handset USB Driver
.
==== Event Viewer Messages From Past Week ========
.
7/28/2012 10:33:41 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the COM+ System Application service to connect.
7/28/2012 10:33:41 AM, error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/28/2012 10:33:41 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service COMSysApp with arguments "" in order to run the server: {ECABAFBC-7F19-11D2-978E-0000F8757E2A}
7/21/2012 10:01:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Google Update Service (gupdate) service to connect.
7/21/2012 10:01:38 PM, error: Service Control Manager [7000] - The Security Services Driver (x86) service failed to start due to the following error: The system cannot find the file specified.
7/21/2012 10:01:38 PM, error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

[Maurice Naggar]

Hello,

Before we get started, you must resolve the case of this system having two installed and active antivirus monitors:

Quote

AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Enabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

Select and remove one or the other, and then restart the system fresh.
If it were me, I'd keep Lavasoft and un-install AVG.

There will be much more to do later. But first advise me after you have taken action on the above.

[Maurice Naggar]

Kindly provide a status update.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

[Maurice Naggar]

Re-opened per member request.

I can appreciate that you work long days and had other commitments. Yet this help-request started some two weeks ago.
IF you will be delayed, let me know as soon as possible.

Here's what I suggest to do next. And these won't take that much time.

Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the MBAM scan log.

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
  
• Do NOT click on any Fix buttons.
  
• Exit/Close RogueKiller

[rwhelm2003]

heres the report from rogue killer. I can't get mbam to run, it opens in a wordpad document. RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Robert & Heather [Admin rights]
Mode: Scan -- Date: 08/16/2012 21:51:20

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKLM\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Documents and Settings\Clay\Local Settings\Application Data\ybd.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Rogue.AntiSpy-AH ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 www.1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: HDT722525DLA380 +++++
--- User ---
[MBR] f0dc0763b22fcbf3ae01e55f8b650ffd
[BSP] 9f2c338cd45847b77989b9fbe2d84c5c : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233405 | Size: 233468 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

[Maurice Naggar]

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  
• Then press the Delete button.
  
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

NEXT
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Quick Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When done, Copy and Paste the MBAM scan log

Re-enable your antivirus program.

[Maurice Naggar]

It has been four days. Are you still with me? Do you still need help?
I will close the thread if I do not hear back from you by Tuesday.

[rwhelm2003]

yes i just got back into town today. i will work on it and get back to you by the morning. thanks for your patience.

[Maurice Naggar]

Do you still need help? How is it going ?

[Maurice Naggar]

Please provide a status update. I will close this by Sunday night if I do not hear back from you.

[Maurice Naggar]

Closed due to No response.