Jump to content


Photo
- - - - -

Spyware.Password infection

spyware.password

  • This topic is locked This topic is locked
14 replies to this topic

#1 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 23 June 2013 - 04:05 PM

Hi,

 

Yesterday I ran a Malwarebytes scan of my computer and was told that Malwarebytes found spyware.passord.  Malwarebytes removed it but, when browsing on the internet my browser will suddenly redirect me to bizcoaching.info.  I'm unsure if Malwarebytes actually removed the program or this is a symptom of another infection. 

 

Thanks!!



#2 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 23 June 2013 - 04:28 PM

Hello solarsailer and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:
  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Please follow the instructions here and post your log files:
http://forums.malwar...?showtopic=9573

Immediately change all of your passwords from a clean computer.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#3 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 23 June 2013 - 06:06 PM

Attach log

----------------------

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/7/2009 8:13:27 PM
System Uptime: 6/23/2013 6:14:33 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA785GM-US2H
Processor: AMD Athlon™ II X2 245 Processor | Socket M2 | 2913/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 221.481 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP787: 3/24/2013 7:42:30 PM - Software Distribution Service 3.0
RP788: 4/12/2013 10:16:06 PM - Software Distribution Service 3.0
RP789: 4/28/2013 2:52:06 PM - Removed AVG 2013
RP790: 4/28/2013 2:53:34 PM - Removed AVG 2013
RP791: 4/28/2013 2:56:29 PM - Installed AVG 2013
RP792: 4/28/2013 3:03:07 PM - Installed AVG 2013
RP793: 4/29/2013 3:42:29 PM - System Checkpoint
RP794: 4/30/2013 4:52:14 PM - System Checkpoint
RP795: 5/1/2013 5:12:41 PM - System Checkpoint
RP796: 5/2/2013 5:46:03 PM - System Checkpoint
RP797: 5/3/2013 7:34:00 PM - System Checkpoint
RP798: 5/5/2013 12:40:28 PM - System Checkpoint
RP799: 5/6/2013 1:21:46 PM - System Checkpoint
RP800: 5/8/2013 8:14:43 AM - System Checkpoint
RP801: 5/9/2013 11:31:46 AM - System Checkpoint
RP802: 5/11/2013 1:57:22 PM - System Checkpoint
RP803: 5/13/2013 9:19:01 PM - System Checkpoint
RP804: 5/15/2013 12:51:20 PM - System Checkpoint
RP805: 5/15/2013 6:00:36 PM - Software Distribution Service 3.0
RP806: 5/17/2013 11:56:12 AM - System Checkpoint
RP807: 5/18/2013 12:40:44 PM - System Checkpoint
RP808: 5/19/2013 1:59:46 PM - System Checkpoint
RP809: 5/19/2013 3:43:27 PM - Removed EasySaver B9.0610.1 
RP810: 5/20/2013 5:03:17 PM - System Checkpoint
RP811: 5/21/2013 5:24:50 PM - System Checkpoint
RP812: 5/22/2013 6:09:01 PM - System Checkpoint
RP813: 5/24/2013 10:52:37 AM - System Checkpoint
RP814: 5/24/2013 11:10:51 AM - Removed Java 7 Update 9
RP815: 5/25/2013 12:34:32 PM - System Checkpoint
RP816: 5/26/2013 2:45:11 PM - System Checkpoint
RP817: 5/27/2013 4:01:48 PM - System Checkpoint
RP818: 5/28/2013 5:01:06 PM - System Checkpoint
RP819: 5/30/2013 2:30:13 PM - System Checkpoint
RP820: 5/31/2013 3:47:10 PM - System Checkpoint
RP821: 6/2/2013 2:17:38 PM - System Checkpoint
RP822: 6/4/2013 1:25:12 PM - System Checkpoint
RP823: 6/5/2013 1:58:34 PM - System Checkpoint
RP824: 6/6/2013 5:22:02 PM - System Checkpoint
RP825: 6/7/2013 5:46:27 PM - System Checkpoint
RP826: 6/8/2013 8:01:50 PM - System Checkpoint
RP827: 6/9/2013 8:53:12 PM - System Checkpoint
RP828: 6/11/2013 11:56:16 AM - System Checkpoint
RP829: 6/12/2013 11:57:54 AM - System Checkpoint
RP830: 6/12/2013 2:41:27 PM - Software Distribution Service 3.0
RP831: 6/13/2013 3:10:58 PM - System Checkpoint
RP832: 6/14/2013 4:48:28 PM - System Checkpoint
RP833: 6/18/2013 5:55:48 PM - System Checkpoint
RP834: 6/19/2013 8:45:24 PM - System Checkpoint
RP835: 6/20/2013 11:54:48 AM - Removed Dotfuscator Software Services - Community Edition
RP836: 6/21/2013 12:01:41 PM - System Checkpoint
RP837: 6/21/2013 5:38:41 PM - Installed Passware Kit Professional 12.3
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
AMD Processor Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Armored Fist 3
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AVG 2013
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.4
Axis & Allies
Bing Bar
Bonjour
Brain Fitness Program
Browser Configuration Utility
CamStudio OSS Desktop Recorder
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Civilization III Complete Edition
Compatibility Pack for the 2007 Office system
ContinueToSave 1.74
continuetosayvie
Crystal Reports for Visual Studio
DownLite
Dungeon Siege
EasylifeGadget
eKnowledge
Facebook Plug-In
Foxit Reader
Free CD Music Converter 10
Google Chrome
Google Drive
Google Earth
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Update Helper
GTK+ Runtime 2.14.7 rev a (remove only)
HandBrake 0.9.8
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2736182)
Hotfix for Microsoft Team Foundation Server 2010 Object Model - ENU (KB2813041)
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2529927)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2548139)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2549864)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2565057)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2635973)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2736182)
Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2813041)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
iTunes
Java 7 Update 21
Java Auto Updater
JavaFX 2.1.1
LAME v3.98.3 for Audacity
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Age of Empires II
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.1
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++  Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Office Developer Tools (x86)
Microsoft Visual Studio 2010 Professional - ENU
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio Macro Tools
Microsoft XML Parser
MobileMe Control Panel
Moon Tycoon
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MS Access 97 SP2
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
NavyFIELD NorthAmerica
Nero 8 Essentials
neroxml
Notepad++
OpenOffice.org 3.1
Oregon Trail 3
Paint.NET v3.5.1
Passware Kit Professional 12.3
Posit Science InSight
Praetorians
Python 3.3.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Rhye's of Civilization Expanded
Rise of Nations Thrones and Patriots
Safari
safee ysavve
Secure Download Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Visual Studio 2010 Professional - ENU (KB2645410)
Security Update for Microsoft Visual Studio Macro Tools (KB2669970)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Service Pack 1 for SQL Server 2008 (KB968369)
Sid Meier's Civilization 4 - Beyond the Sword
Sid Meier's Civilization 4 Complete
SimCity 3000 Unlimited
Skins
Spotify
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SUPERAntiSpyware
Switch Sound File Converter
Team Apache
TI InterActive!™
TripleA Version 1_6_1_2
Uninstall 1.0.0.1
Unistall Mod
Unity Web Player
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
WCF RIA Services V1.0 SP1
Web Deployment Tool
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
World 2004 (remove only)
Yahoo! Detect
YTD Toolbar v6.6
YTD Video Downloader 4.0
.
==== Event Viewer Messages From Past Week ========
.
6/22/2013 6:46:45 AM, error: Service Control Manager [7022]  - The AVGIDSAgent service hung on starting.
6/22/2013 3:36:34 PM, error: Service Control Manager [7034]  - The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).
6/18/2013 5:28:37 PM, error: Service Control Manager [7023]  - The Application Management service terminated with the following error:  The specified module could not be found.
6/18/2013 5:20:28 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SRTSP SRTSPX
6/18/2013 5:19:14 PM, error: Service Control Manager [7000]  - The Norton Internet Security service failed to start due to the following error:  The system cannot find the path specified.
.
==== End Of File ===========================
 


#4 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 23 June 2013 - 06:10 PM

DDS Log

-------------------

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Greg at 18:24:21 on 2013-06-23
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1790.883 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\6.6\ytdToolbarIE.dll
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: BHO Class: {DD92DE22-ED91-4560-B788-DEE2B26612E6} - c:\program files\devicevm\browser configuration utility\IEHelper.dll
BHO: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\6.6\ytdToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: YTD Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\ytd toolbar\ie\6.6\ytdToolbarIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\greg\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - ?s=100000345&p=ZLman000&si=&a=N994RD1MNQxO_ouXnVSC4g&n=2010100310
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= c:\progra~1\contin~1\sprote~1.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\greg\application data\mozilla\firefox\profiles\toc2u9t4.default\
FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
FF - plugin: c:\documents and settings\greg\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\greg\application data\mozilla\firefox\profiles\toc2u9t4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\greg\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\greg\application data\mozilla\firefox\profiles\toc2u9t4.default\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: !HIDDEN! 2009-12-07 21:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.privitize.autoRvrt, false
FF - user.js: extensions.privitize.rvrt - false
FF - user.js: extensions.privitize.hmpg - true
FF - user.js: extensions.privitize.hpOld0 - 
FF - user.js: extensions.privitize.dfltSrch - true
FF - user.js: extensions.privitize.srchPrvdr - Search The Web (privitize)
FF - user.js: extensions.privitize.dnsErr - true
FF - user.js: extensions.privitize.newTab - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-2-8 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-2-8 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-2-8 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-2-26 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-3-1 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-2-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-2-14 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-21 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2009-11-7 212232]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.2.0\ToolbarUpdater.exe [2013-5-21 1015984]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-7 1684736]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-3-10 24216]
S3 NAVENG;NAVENG;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\naveng.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVENG.SYS [?]
S3 NAVEX15;NAVEX15;\??\c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\navex15.sys --> c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20080829.024\NAVEX15.SYS [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
ShellExec: Foxit Reader.exe: print="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/p "%1" 
ShellExec: Foxit Reader.exe: printto="c:\program files\foxit software\foxit reader\Foxit Reader.exe"/t "%1" "%2" "%3" "%4" 
ShellExec: FOXITR~1.EXE: print="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/p "%1" 
ShellExec: FOXITR~1.EXE: printto="c:\progra~1\foxits~1\foxitr~1\FOXITR~1.EXE"/t "%1" "%2" "%3" "%4" 
.
=============== Created Last 30 ================
.
2013-06-23 22:23:08 -------- d--h--w- c:\windows\PIF
2013-06-22 12:01:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-22 12:01:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-21 21:38:59 -------- d-----w- c:\documents and settings\greg\application data\Passware
2013-06-21 21:38:41 -------- d-----w- c:\program files\Passware
2013-06-21 13:02:20 -------- d-----w- c:\documents and settings\greg\local settings\application data\BCULog
2013-06-21 13:00:50 -------- d-----w- c:\documents and settings\all users\application data\MAgniPiic
2013-06-21 12:57:36 -------- d-----w- c:\documents and settings\greg\application data\DownLite
2013-06-21 12:57:09 -------- d-----w- c:\program files\DownLite
2013-06-21 12:56:42 -------- d-----w- c:\documents and settings\greg\application data\Industriya
2013-06-21 12:51:45 -------- d-----w- c:\documents and settings\all users\application data\SearchNewTab
2013-06-20 15:56:33 -------- d-----w- c:\program files\CCleaner
2013-06-18 21:16:21 -------- d-----w- c:\documents and settings\greg\local settings\application data\CRE
2013-06-18 21:15:15 -------- d-----w- c:\documents and settings\all users\application data\safee ysavve
2013-06-12 16:42:14 -------- d-----w- c:\documents and settings\greg\application data\.minecraft
2013-05-30 18:11:06 -------- d-----w- c:\documents and settings\greg\application data\SUPERAntiSpyware.com
2013-05-30 18:10:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-30 18:10:55 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-05-28 17:36:54 -------- d-----w- c:\documents and settings\greg\application data\Minecraft 1.5.2
2013-05-26 16:42:31 -------- d-----w- c:\program files\TLC
2013-05-26 16:42:17 289280 ----a-w- c:\windows\uninst.exe
.
==================== Find3M  ====================
.
2013-06-12 01:31:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 01:31:59 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-24 15:11:21 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-24 15:11:20 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-24 15:11:19 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-24 15:11:19 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-21 16:06:57 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-19 13:34:27 17488 ----a-w- c:\windows\gdrv.sys
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-29 06:53:48 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
.
============= FINISH: 18:25:31.03 ===============
 


#5 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 June 2013 - 07:09 AM

Step 1

Please uninstall this application: YTD Toolbar v6.6


Step 2

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 3

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
Step 4
  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.


Step 5

Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.


In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner
  • Malwarebytes' Anti-Malware log
  • ComboFix log

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#6 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 24 June 2013 - 08:23 AM

JRT Log

-----------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Greg on Mon 06/24/2013 at  8:32:01.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\dw7
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-842925246-1647877149-725345543-1004\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\menuext\&search
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\discoveryhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\gifanimator.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imtrprogress.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\imweb.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\discoveryhelper.imesh6discovery.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\imweb.imwebcontrol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" 
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" 
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\Greg\Application Data\industriya"
Successfully deleted: [Folder] "C:\Documents and Settings\Greg\Local Settings\Application Data\opencandy"
Successfully deleted: [Folder] "C:\Program Files\continuetosave"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\searchplugins\privitize.xml
Successfully deleted: [Folder] C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\conduitcommon
Successfully deleted: [Folder] C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\extensions\staged
Failed to delete: [Folder] C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\extensions\ytd@mybrowserbar.com
Successfully deleted: [Folder] C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\extensions\{739DF940-C5EE-4BAB-9D7E-270894AE687A}
Successfully deleted: [Folder] C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\extensions\{7AFFBFAE-C4E2-4915-8C0F-00FA3EC610A1}
Successfully deleted: [Folder] C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\extensions\{7B13EC3E-999A-4B70-B9CB-2617B8323822}
Successfully deleted the following from C:\Documents and Settings\Greg\Application Data\mozilla\firefox\profiles\toc2u9t4.default\prefs.js
 
user_pref("browser.search.selectedEngine", "Search The Web (privitize)");
user_pref("browser.search.order.1", "Search The Web (privitize)");
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 06/24/2013 at  8:34:10.07
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


#7 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 24 June 2013 - 08:25 AM

AdwCleaner Log 

------------------------

 

# AdwCleaner v2.303 - Logfile created 06/24/2013 at 08:38:09
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Greg - GREG-NEW
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Greg\Desktop\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : BCUService
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\chpkclalkifffkhkaccoekoiacinandd
Deleted on reboot : C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fghbhblegnnkealgjkkbipepjdedlbci
Deleted on reboot : C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ljaacnlcmahgkijflipagjmdippkbijo
Deleted on reboot : C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lofhccknnfomeehfjjhjjfbinfkhdmoc
Deleted on reboot : C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\DOCUME~1\Greg\LOCALS~1\Temp\Industriya
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\continuetosayvie
Folder Deleted : C:\Documents and Settings\All Users\Application Data\MAgniPiic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\safee ysavve
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SearchNewTab
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\continuetosayvie
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\safee ysavve
Folder Deleted : C:\Documents and Settings\Greg\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\toc2u9t4.default\Conduit
Folder Deleted : C:\Documents and Settings\Greg\Application Data\NCdownloader
Folder Deleted : C:\Documents and Settings\Greg\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Greg\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Program Files\DeviceVM
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\DeviceVM
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3B5FB28-B857-904E-051A-7B5D15BE7EFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{279E9C3B-8CF5-F95D-048D-151345594AEB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B2D71EF-DC10-D493-E66D-E91F834479D6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3B5FB28-B857-904E-051A-7B5D15BE7EFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{14F35FFC-522A-4DD1-A07E-6B8B65C6891E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{69d3f709-9de2-479f-980f-532d46895703}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{819FFE21-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AC329328-7EC4-4C34-B672-0A2B90CB9B00}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{ec96f516-51b2-4b46-8451-8665f5a6ba2b}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{f07fbd3e-2048-44a4-9065-71bf551e2672}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{924C3DC2-8E4E-432E-F973-9A2174A39774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EB03EF39-C655-D560-FA95-79182B837D64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{924C3DC2-8E4E-432E-F973-9A2174A39774}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v17.0.1 (en-US)
 
File : C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\toc2u9t4.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Documents and Settings\Greg\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [11531 octets] - [24/06/2013 08:38:09]
 
########## EOF - C:\AdwCleaner[S1].txt - [11592 octets] ##########
 


#8 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 24 June 2013 - 08:27 AM

Malwarebytes Log
--------------------------------
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.06.24.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Greg :: GREG-NEW [administrator]
 
6/24/2013 8:45:01 AM
mbam-log-2013-06-24 (08-45-01).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228574
Time elapsed: 7 minute(s), 9 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#9 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 24 June 2013 - 08:30 AM

ComboFix 13-06-24.01 - Greg 06/24/2013   9:04.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.1790.935 [GMT -4:00]
Running from: c:\documents and settings\Greg\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\_ctypes.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\_elementtree.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\_hashlib.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\_multiprocessing.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\_socket.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\_ssl.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\pyexpat.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\pysqlite2._sqlite.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\python27.dll
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\pythoncom27.dll
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\PyWinTypes27.dll
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\select.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\unicodedata.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32api.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32com.shell.shell.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32crypt.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32event.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32file.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32inet.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32pdh.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32process.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32profile.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32security.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\win32ts.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\windows._cacheinvalidation.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wx._controls_.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wx._core_.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wx._gdi_.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wx._html2.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wx._misc_.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wx._windows_.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wx._wizard.pyd
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wxbase294u_net_vc90.dll
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wxbase294u_vc90.dll
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wxmsw294u_adv_vc90.dll
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wxmsw294u_core_vc90.dll
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wxmsw294u_html_vc90.dll
c:\docume~1\Greg\LOCALS~1\Temp\_MEI27522\wxmsw294u_webview_vc90.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Greg\Local Settings\Application Data\assembly\tmp
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\_ctypes.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\_elementtree.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\_hashlib.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\_multiprocessing.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\_socket.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\_ssl.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\pyexpat.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\pysqlite2._sqlite.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\python27.dll
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\pythoncom27.dll
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\PyWinTypes27.dll
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\select.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\unicodedata.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32api.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32com.shell.shell.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32crypt.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32event.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32file.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32inet.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32pdh.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32process.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32profile.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32security.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\win32ts.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\windows._cacheinvalidation.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wx._controls_.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wx._core_.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wx._gdi_.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wx._html2.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wx._misc_.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wx._windows_.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wx._wizard.pyd
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wxbase294u_net_vc90.dll
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wxbase294u_vc90.dll
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wxmsw294u_adv_vc90.dll
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wxmsw294u_core_vc90.dll
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wxmsw294u_html_vc90.dll
c:\documents and settings\Greg\Local Settings\Temp\_MEI27522\wxmsw294u_webview_vc90.dll
c:\documents and settings\Greg\WINDOWS
c:\windows\system32\Cache
c:\windows\system32\Cache\07d79ea6e9197458.fb
c:\windows\system32\Cache\0b51027f0d1fc725.fb
c:\windows\system32\Cache\123676587363b210.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\71edcc43c8e5b583.fb
c:\windows\system32\Cache\937efc10453662c2.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\c70c951ed3fcd413.fb
c:\windows\system32\Cache\cc1d4efff3a2d012.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e9cd894ee8637e65.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fa87d76cb1aaf7f0.fb
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-24 to 2013-06-24  )))))))))))))))))))))))))))))))
.
.
2013-06-24 13:12 . 2013-06-24 13:12 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-06-24 13:12 . 2013-06-24 13:12 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-06-24 13:12 . 2013-06-24 13:12 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-06-24 13:12 . 2013-06-24 13:12 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-06-24 13:12 . 2013-06-24 13:12 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-06-24 13:12 . 2013-06-24 13:12 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-06-24 13:12 . 2013-06-24 13:12 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-06-24 13:12 . 2013-06-24 13:12 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-06-24 13:12 . 2013-06-24 13:12 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-06-24 13:12 . 2013-06-24 13:12 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-06-24 13:12 . 2013-06-24 13:12 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-06-24 13:12 . 2013-06-24 13:12 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-06-24 13:11 . 2013-06-24 13:11 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-06-24 13:11 . 2013-06-24 13:11 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-06-24 13:11 . 2013-06-24 13:11 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-06-24 12:31 . 2013-06-24 12:31 -------- d-----w- c:\windows\ERUNT
2013-06-24 12:31 . 2013-06-24 12:31 -------- d-----w- C:\JRT
2013-06-23 22:23 . 2013-06-23 22:23 -------- d--h--w- c:\windows\PIF
2013-06-22 12:01 . 2013-06-22 12:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-22 12:01 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-21 21:38 . 2013-06-21 21:38 -------- d-----w- c:\documents and settings\Greg\Application Data\Passware
2013-06-21 21:38 . 2013-06-21 21:38 -------- d-----w- c:\program files\Passware
2013-06-21 13:02 . 2013-06-21 13:02 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\BCULog
2013-06-21 12:57 . 2013-06-21 12:57 -------- d-----w- c:\documents and settings\Greg\Application Data\DownLite
2013-06-21 12:57 . 2013-06-21 12:57 -------- d-----w- c:\program files\DownLite
2013-06-20 15:56 . 2013-06-20 15:56 -------- d-----w- c:\program files\CCleaner
2013-06-18 21:16 . 2013-06-18 21:16 -------- d-----w- c:\documents and settings\Greg\Local Settings\Application Data\CRE
2013-06-12 16:42 . 2013-06-18 20:06 -------- d-----w- c:\documents and settings\Greg\Application Data\.minecraft
2013-05-30 18:11 . 2013-05-30 18:11 -------- d-----w- c:\documents and settings\Greg\Application Data\SUPERAntiSpyware.com
2013-05-30 18:10 . 2013-06-03 17:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-30 18:10 . 2013-05-30 18:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-05-28 17:36 . 2013-05-28 17:36 -------- d-----w- c:\documents and settings\Greg\Application Data\Minecraft 1.5.2
2013-05-26 16:42 . 2013-05-26 16:42 -------- d-----w- c:\program files\TLC
2013-05-26 16:42 . 1997-09-23 15:02 289280 ----a-w- c:\windows\uninst.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 01:31 . 2012-04-10 20:27 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 01:31 . 2011-05-15 13:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-24 15:11 . 2013-05-24 15:11 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-24 15:11 . 2013-05-24 15:11 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-24 15:11 . 2012-07-17 20:07 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-24 15:11 . 2010-05-04 21:03 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-21 16:06 . 2012-11-21 14:09 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-05-19 13:34 . 2009-11-11 00:37 17488 ----a-w- c:\windows\gdrv.sys
2013-05-07 22:30 . 2006-02-28 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2006-02-28 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-13 02:36 . 2013-03-16 17:20 2379552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-04-10 01:31 . 2006-02-28 12:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-29 06:53 . 2013-02-27 03:40 208184 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-11-29 08:27 . 2012-12-18 23:05 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 20:10 576976 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-01-04 202024]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-06-03 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-03 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-29 4408368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\Greg\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean.exe\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"c:\\Program Files\\Atari\\Axis & Allies\\AA.exe"=
"c:\\Program Files\\Firaxis Games\\Civilization III Complete\\Conquests\\Civ3Conquests.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\Greg\\Application Data\\Spotify\\spotify.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
"c:\\Documents and Settings\\Greg\\My Documents\\Software downloads\\Passware Kit Forensic 11\\PasswareKit Forensic 11 Portable\\PasswareKit Forensic 11 Portable\\PasswareKitForensic.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2/8/2013 4:37 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2/8/2013 4:37 AM 245048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2/8/2013 4:37 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2/26/2013 11:40 PM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [3/1/2013 10:32 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2/8/2013 4:37 AM 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2/14/2013 3:52 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [11/21/2012 10:09 AM 37664]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [5/14/2013 12:54 AM 4937264]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [4/18/2013 4:34 AM 283136]
R2 vToolbarUpdater15.2.0;vToolbarUpdater15.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [5/21/2013 12:07 PM 1015984]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/7/2009 8:22 PM 1684736]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 6:44 PM 183560]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [3/10/2010 9:18 AM 24216]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 11:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 3:09 AM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 3:23 AM 366936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-21 12:40 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 01:31]
.
2013-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 12:46]
.
2013-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-08 12:46]
.
2010-08-06 c:\windows\Tasks\switchDowngrade.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 22:39]
.
2010-08-21 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-05-08 22:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\toc2u9t4.default\
FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\Greg\Application Data\Mozilla\Firefox\Profiles\toc2u9t4.default\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: !HIDDEN! 2009-12-07 21:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-EasylifeGadget Updater - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\EASYLI~1\Setup.exe
AddRemove-SP_09b71135 - c:\program files\ContinueToSave\uninstall.exe
AddRemove-{1F4BF66D-4E54-7EF3-043D-8B2605CDBDBC} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{BECE0~1\Setup.exe
AddRemove-{74283913-E031-91A5-F964-235DA8C65ED2} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{2FF60~1\Setup.exe
AddRemove-{815A9CB3-5785-A314-4B93-A1CCCBEF06C1} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{0D467~1\Setup.exe
AddRemove-{8B319692-E94F-496C-AB87-A16D50D2B464} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{8B319~1\Setup.exe
AddRemove-{EAECEA7B-AA29-FDB1-C943-FA7AC25EDCAF} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~1\{7AF8B~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-24 09:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-842925246-1647877149-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(972)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\RTHDCPL.EXE
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Completion time: 2013-06-24  09:20:36 - machine was rebooted
ComboFix-quarantined-files.txt  2013-06-24 13:20
.
Pre-Run: 237,638,549,504 bytes free
Post-Run: 239,398,793,216 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - F9AD5B16B048BA5C510EDBED825728CA
8F558EB6672622401DA993E1E865C861


#10 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 June 2013 - 10:12 AM

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#11 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 24 June 2013 - 01:31 PM

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\BarowwsoeSave4.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Documents and Settings\All Users\Start Menu\Programs\RAR File Open Knife - Free Opener\RAR File Open Knife - Free Opener Updates.lnk LNK/URL.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Greg\Desktop\Paul USB\Computer Stuff\Finished programs\capslock.vbs MSIL/Agent.EH trojan cleaned by deleting - quarantined
C:\Documents and Settings\Greg\Desktop\Paul USB\Computer Stuff\Finished programs\cd.vbs VBS/EjectCD.D application cleaned by deleting - quarantined
C:\Documents and Settings\Greg\Desktop\Paul USB\Computer Stuff\Vbs outline\capslock.txt MSIL/Agent.EH trojan cleaned by deleting - quarantined
C:\Documents and Settings\Greg\Desktop\Paul USB\Computer Stuff\Vbs outline\cd code.txt VBS/EjectCD.D application cleaned by deleting - quarantined
C:\Documents and Settings\Greg\Desktop\Paul USB\Computer Stuff\Vbs outline\cd code.vbs VBS/EjectCD.D application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP799\A0135945.exe a variant of Win32/Bundled.Toolbar.Ask.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142231.exe a variant of Win32/Conduit.SearchProtect.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142244.exe Win32/GenUpdater application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142261.exe a variant of Win32/Adware.SpeedingUpMyPC.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142264.exe a variant of Win32/SpeedingUpMyPC application deleted - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142286.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142287.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142288.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142290.dll probably a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142294.exe multiple threats cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142295.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142296.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142297.dll a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142298.exe a variant of Win32/Conduit.SearchProtect.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP832\A0142300.dll probably a variant of Win32/Conduit.SearchProtect.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP835\A0142949.exe Win32/InstalleRex.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP835\A0142950.exe Win32/InstalleRex.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP835\A0142974.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP835\A0142975.exe a variant of Win32/Bundled.Toolbar.Ask.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP835\A0142976.exe a variant of Win32/Bundled.Toolbar.Ask.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP835\A0143033.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP835\A0143064.exe Win32/InstalleRex.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP837\A0143512.dll Win32/GenUpdater application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP837\A0143514.exe Win32/GenUpdater application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP837\A0143521.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP837\A0143522.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0143885.rbf Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0143886.rbf a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0143899.msi probably a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144296.exe Win32/InstalleRex.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144297.exe a variant of Win32/YourFileDownloader.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144298.exe a variant of Win32/YourFileDownloader.A application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144299.exe Win32/Adware.1ClickDownload.AJ application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144327.exe Win32/InstalleRex.J application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144329.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144330.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144331.exe Win32/TopMedia.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144332.exe a variant of Win32/YourFileDownloader.B application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144333.exe Win32/InstallCore.BL application cleaned by deleting - quarantined
C:\System Volume Information\_restore{55038D67-B95D-40FC-9558-3D035E600623}\RP839\A0144335.exe Win32/InstallCore.BL application cleaned by deleting - quarantined


#12 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 24 June 2013 - 05:03 PM

Clean all of your restore points:
http://support.microsoft.com/kb/555367

Let me know how are things then.
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#13 solarsailer

solarsailer

    New Member

  • Members
  • Pip
  • 9 posts

Posted 25 June 2013 - 08:38 AM

Everything seems much better.  Are there any other scans that I should run?



#14 Maniac

Maniac

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 21,392 posts
  • Gender:Male
  • Location:Bulgaria, EU

Posted 25 June 2013 - 08:43 AM

No, we have to do some cleanup.

Step 1
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
Step 2
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes
Step 3

Please uninstall ESET Online Scanner


Step 4

Some malware prevention tips:
users.telenet.be/bluepatchy/miekiemoes/prevention.html


Safe surfing! :)
My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here paypal.gif

#15 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 40,980 posts
  • Gender:Male
  • Location:US

Posted 27 June 2013 - 03:21 AM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users