Jump to content

PUP virus --- Ouch! I'm infected...


Recommended Posts

I thought I removed this virus once before but it seems I keep getting re-infected.

 

Below is my log file explaining what was found:

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.07.27.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
bsacco :: BS-TOWER [administrator]
 
Protection: Enabled
 
7/26/2013 9:50:42 PM
mbam-log-2013-07-26 (21-50-42).txt
 
Scan type: Flash scan
Scan options enabled: Memory | Startup | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: Registry | File System
Objects scanned: 223364
Time elapsed: 1 minute(s), 59 second(s)
 
Memory Processes Detected: 4
C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe (PUP.Optional.ConduitSearchProtect) -> 3100 -> Delete on reboot.
C:\Program Files\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.ConduitSearchProtect) -> 352 -> Delete on reboot.
C:\Program Files\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab) -> 380 -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab) -> 464 -> Delete on reboot.
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 13
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\TypeLib\{FEB62B15-CC00-4736-AAEC-BA046C9DFF73} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser.1 (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCR\DefaultTabBHO.DefaultTabBrowser (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01} (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\CltMngSvc (PUP.Optional.ConduitSearchProtect) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabSearch (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
HKLM\SYSTEM\CurrentControlSet\Services\DefaultTabUpdate (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
 
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtect (PUP.Optional.ConduitSearchProtect) -> Data: C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SearchProtectAll (PUP.Optional.ConduitSearchProtect) -> Data: C:\Program Files\SearchProtect\bin\cltmng.exe -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 6
C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (PUP.Optional.DefaultTab) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe (PUP.Optional.ConduitSearchProtect) -> Delete on reboot.
C:\Program Files\SearchProtect\bin\cltmng.exe (PUP.Optional.ConduitSearchProtect) -> Quarantined and deleted successfully.
C:\Program Files\SearchProtect\bin\CltMngSvc.exe (PUP.Optional.ConduitSearchProtect) -> Delete on reboot.
C:\Program Files\DefaultTab\DefaultTabSearch.exe (PUP.Optional.DefaultTab) -> Delete on reboot.
C:\Documents and Settings\Administrator\Application Data\DefaultTab\DefaultTab\DTUpdate.exe (PUP.Optional.DefaultTab) -> Delete on reboot.
 
(end)
Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

OK here is Attach.txt log file below:

----------------------------------------------------

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/20/2008 10:20:07 AM
System Uptime: 7/29/2013 7:25:15 AM (3 hours ago)
.
Motherboard: Dell Inc. |  | 0GM819
Processor: Intel Pentium III Xeon processor | CPU | 2659/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 107.112 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP343: 7/26/2013 2:59:14 PM - Software Distribution Service 3.0
RP344: 7/26/2013 4:29:12 PM - System Checkpoint
RP345: 7/26/2013 11:47:15 PM - Software Distribution Service 3.0
RP346: 7/27/2013 3:00:16 AM - Software Distribution Service 3.0
RP347: 7/27/2013 8:42:29 AM - Installed HiJackThis
RP348: 7/27/2013 11:47:27 PM - Software Distribution Service 3.0
RP349: 7/28/2013 6:43:45 AM - Software Distribution Service 3.0
RP350: 7/29/2013 7:19:07 AM - Software Distribution Service 3.0
RP351: 7/29/2013 7:36:56 AM - Software Distribution Service 3.0
RP352: 7/29/2013 9:51:38 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
3ivx MPEG-4 5.0.3 (remove only)
Ace Utilities
Add or Remove Adobe Creative Suite 3 Design Premium
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.3 Professional
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Creative Suite 3 Design Premium
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash CS3
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Setup
Adobe Shockwave Player 12.0
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR} 
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
AIO_Scan
Airfoil
Akamai NetSession Interface
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASAP Utilities
ATI Catalyst Control Center
Audacity 2.0
Belarc Advisor 8.3
Bonjour
BufferChm
Cakewalk Audio FX Pack 2
Cakewalk Audio FX Pack 3
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 3.1
Canon MX870 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
CCleaner
CDBurnerXP
Costco Photo Organizer
Data Lifeguard Diagnostic for Windows 1.24
dBpoweramp Midi Decoder
dBPowerAMP Mp2 and BwfMp2 codec
dBpoweramp Music Converter
dBpoweramp Ogg Vorbis Codec
dBpoweramp Windows Media Audio 10 Codec
Dell Resource CD
Dropbox
Duplicate Music Files Finder 1.5.5
ESET Online Scanner v3
FFmpeg for Audacity on Windows
File Renamer - Basic
FlipShare
Foxit Reader
FreeHDSport TV
Google Chrome
Google Drive
Google Earth Plug-in
Google Gmail Notifier
Google Talk Plugin
Google Update Helper
GoToMeeting 5.2.0.952
HiJackThis
HijackThis 1.99.1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
HP MediaSmart Server 3.0 Update 1
HP Update
Intel® PRO Network Connections Drivers
Intel® Active Management Technology
Intel® Management Engine Interface
iPhone Configuration Utility
Java 7 Update 25
Java Auto Updater
Java 6 Update 31
JavaFX 2.1.1
Jing
join.me
LADSPA_plugins-win-0.4.15
LAME v3.98.3 for Audacity
Line 6 Uninstaller
Magical Jelly Bean KeyFinder
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
MGInsight Inverter Scanner
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist v2
Microsoft Expression Web 2
Microsoft Expression Web 2 MUI (English)
Microsoft IntelliPoint 8.2
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft_VC90_CRT_x86
MIDI-OX
MiniTool Power Data Recovery
MobileMe Control Panel
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.54
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Plugin 1.0
neroxml
Ontrack EasyRecovery Professional
PDF Settings
PHOTOfunSTUDIO 8.1 PE
PHOTOfunSTUDIO HD Edition
PlayOn
Plex Media Server
PS_AIO_Software_min
QuickTime
ReaPlugs
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition 
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB923789)
Similarity 1.1.0
SIW version 2011.10.29
Skype™ 6.3
SONAR 8.0 Producer Edition
Sound Blaster Audigy
SoundMAX
Spotify
SUPERAntiSpyware
Switch Sound File Converter
swMSM
The KMPlayer (remove only)
Toolbox
Tweakui Powertoy for Windows XP
UnloadSupport
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Expression Web 2 (KB957827)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 2.0.6
WD Diagnostics
WD Drive Manager (x86)
WebFldrs XP
Winamp
Winamp Detector Plug-in
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Home Server Connector
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Search 4.0
Windows XP Creativity Fun Packs - Windows Movie Maker 2 - Titles
Windows XP Service Pack 3
WinRAR archiver
WinZip
XML Paper Specification Shared Components Pack 1.0
Xobni
Xobni Core
.
==== Event Viewer Messages From Past Week ========
.
7/29/2013 7:19:06 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
7/26/2013 4:11:43 PM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
7/26/2013 2:58:48 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'shared.tmp' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
7/25/2013 2:24:11 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  BANTExt Fips intelppm MpFilter NetworkX SASDIFSV SASKUTIL
7/25/2013 2:23:28 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
7/25/2013 2:23:16 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/24/2013 7:17:13 AM, error: Print [19]  - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.
7/24/2013 6:51:03 AM, error: Srv [2019]  - The server was unable to allocate from the system nonpaged pool because the pool was empty.
7/23/2013 8:10:06 AM, error: Service Control Manager [7034]  - The HPMSSConnectorService service terminated unexpectedly.  It has done this 1 time(s).
7/23/2013 8:09:57 AM, error: Service Control Manager [7034]  - The XobniService service terminated unexpectedly.  It has done this 1 time(s).
7/23/2013 8:09:49 AM, error: Service Control Manager [7034]  - The MediaMall Server service terminated unexpectedly.  It has done this 3 time(s).
7/23/2013 8:09:28 AM, error: Service Control Manager [7034]  - The MediaCollectorService service terminated unexpectedly.  It has done this 1 time(s).
7/23/2013 8:09:14 AM, error: Service Control Manager [7031]  - The MediaMall Server service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
7/23/2013 8:08:12 AM, error: Service Control Manager [7031]  - The MediaMall Server service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.
7/23/2013 12:13:26 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the Adobe Flash Player Update Service service to connect.
7/23/2013 12:13:26 AM, error: Service Control Manager [7000]  - The Adobe Flash Player Update Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/22/2013 8:46:42 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
7/22/2013 8:40:01 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.
7/22/2013 8:40:01 AM, error: Service Control Manager [7000]  - The WMI Performance Adapter service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
7/22/2013 8:05:34 AM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'c143_appcompat.txt' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
.
==== End Of File ===========================
Link to post
Share on other sites

OK here is DDS log file below:

---------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by bsacco at 10:16:11 on 2013-07-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3326.654 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Xobni\XobniService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Plex\Plex Media Server\Plex Media Server.exe
C:\Program Files\Windows Home Server\WHSTrayApp.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Plex\Plex Media Server\PlexDlnaServer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Plex\Plex Media Server\PlexScriptHost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: BrowserHelper Class: {9A065C65-4EE7-4DDD-9918-F129089A894A} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Home Server Banner: {D73E76A3-F902-45BD-8FC8-95AE8E014671} - c:\program files\windows home server\WHSDeskBands.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Plex Media Server] "c:\program files\plex\plex media server\Plex Media Server.exe"
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"  /MINIMIZED
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [P17Helper] Rundll32 P17.dll,P17Helper
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [iJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\windows\installer\{21e49794-7c13-4e84-8659-55bd378267d5}\WHSTrayApp.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{DDAF0FD6-A7E5-4EDC-A9CB-E63FE9565669} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs= AirfoilInject3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar_ff36.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mediamall\toolbar\npVT.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - ExtSQL: 2013-06-20 12:59; stealer@physacco.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\stealer@physacco.com.xpi
FF - ExtSQL: 2013-06-30 01:44; fhdp3@freehdsp.tv; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\fhdp3@freehdsp.tv.xpi
FF - ExtSQL: 2013-07-20 15:36; plugin@getwebcake.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\plugin@getwebcake.com
FF - ExtSQL: 2013-07-20 15:37; addon@defaulttab.com; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-07-20 15:39; {02edb56b-9b33-435b-b7df-b2843273a694}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{02edb56b-9b33-435b-b7df-b2843273a694}
FF - ExtSQL: 1969-12-31 16:00; {0b38152b-1b20-484d-a11f-5e04a9b0661f}; c:\documents and settings\administrator\application data\mozilla\firefox\profiles\6j5zsw01.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 211560]
R1 MpKsl44f3ebd1;MpKsl44f3ebd1;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d75e5991-3ccd-4e7c-aa50-15e240c42278}\mpksl44f3ebd1.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d75e5991-3ccd-4e7c-aa50-15e240c42278}\MpKsl44f3ebd1.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-15 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-18 701512]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2008-5-20 2521880]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R2 XobniService;XobniService;c:\program files\xobni\XobniService.exe [2011-5-18 62184]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2012-5-7 45288]
R3 L6TPortB;Service - Line 6 TonePort UX2;c:\windows\system32\drivers\L6TPortB.sys [2012-4-3 583296]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-18 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-29 40776]
R3 SmbDrvI;SmbDrvI;c:\windows\system32\drivers\Smb_driver_Intel.sys [2013-6-29 38768]
S3 BackupReader;BackupReader;c:\windows\system32\drivers\BackupReader.sys [2009-10-7 44776]
S3 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 EVault InfoStage Agent;OSP EVault Agent;c:\program files\osp evault\agent\VVAgent.exe [2008-11-11 3223552]
S3 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
S3 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
S3 MediaMall Server;MediaMall Server;c:\program files\mediamall\MediaMallServer.exe [2013-7-16 4239176]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-07-29 16:01:25 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-29 14:37:00 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{5a994315-3caa-4bae-a93a-bda26c18af47}\mpengine.dll
2013-07-28 06:47:30 7143960 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-27 16:14:24 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess
2013-07-27 15:42:32 388096 ----a-r- c:\documents and settings\administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2013-07-24 22:21:47 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Deployment
2013-07-20 22:41:01 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CRE
2013-07-20 22:36:27 -------- d-----w- c:\program files\FreeHDSport TV
2013-07-20 22:36:07 -------- d-----w- c:\program files\FreeHDSport.TV
2013-07-20 22:36:06 -------- d-----w- c:\program files\FirstRowSportApp.com
2013-07-20 19:16:19 23920 ----a-w- c:\windows\system32\drivers\povrtdev.sys
2013-07-20 19:15:30 -------- d-----w- c:\program files\common files\ffdshowEx
2013-07-20 19:15:29 -------- d-----w- c:\program files\MediaMall
2013-07-20 19:14:25 -------- d-----w- c:\documents and settings\all users\application data\MediaMall
2013-07-18 05:13:38 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Plex Media Server
2013-07-16 10:04:40 -------- d-----w- c:\windows\system32\MRT
2013-07-15 07:16:08 -------- d-----w- c:\windows\system32\wbem\repository\FS
2013-07-15 07:16:08 -------- d-----w- c:\windows\system32\wbem\Repository
2013-06-29 17:45:16 -------- d-----w- c:\program files\Synaptics
2013-06-29 17:45:14 38768 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
.
==================== Find3M  ====================
.
2013-07-22 00:35:24 225656 ----a-w- c:\windows\system32\SpoonUninstall.exe
2013-06-29 05:31:09 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-29 05:31:06 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-29 05:31:05 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-29 05:31:05 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-19 04:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-11 22:11:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-11 22:11:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-08 06:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-09 07:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet(3).dll
2013-05-07 22:30:06 1215488 ----a-w- c:\windows\system32\urlmon(3).dll
2013-05-07 22:30:05 105984 ----a-w- c:\windows\system32\url(3).dll
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2012-10-15 21:57:23 22657136 ----a-w- c:\program files\vlc-2.0.2-win32.exe
.
============= FINISH: 10:17:38.26 ===============
Link to post
Share on other sites

Rouge Killer report log below:

-----------------------------------------

 

RogueKiller V8.6.3 [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : bsacco [Admin rights]
Mode : Scan -- Date : 07/29/2013 10:23:44
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1 localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: ST3250310AS +++++
--- User ---
[MBR] f1494a7bca4ad50a0e2e6695b7edf2ae
[bSP] 11d467b9f31927f29d49c85858b51038 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 70 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 144585 | Size: 238339 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_07292013_102344.txt >>
RKreport[0]_H_07252013_141711.txt;RKreport[0]_S_07252013_141651.txt;RKreport[0]_S_07252013_141811.txt
Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

Quick question...

 

I'm running MS XP sp3.

 

I don't seem to have the option to run as "Administrator" for some reason.

 

Can you please help me verify if I'm currently running as Administrator? Maybe I cahnged the name somewhere along the line?

 

THanks,

bob

Link to post
Share on other sites

Duhhhh!  I just re-read the instructions...User error...I double-clicked and ran AdwCleaner. Log results below:

------------------------------------------------------------------------------------------------------------------------------------------

 

# AdwCleaner v2.306 - Logfile created 07/29/2013 at 11:51:02
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : bsacco - BS-TOWER
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\VIRUS TOOL PACKAGE\adwcleaner (1).exe
# Option [search]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
 
***** [Registry] *****
 
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js
 
[OK] File is clean.
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6j5zsw01.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.72
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
 
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
 
*************************
 
AdwCleaner[R5].txt - [3040 octets] - [27/07/2013 08:50:37]
AdwCleaner[R6].txt - [4866 octets] - [29/07/2013 11:51:02]
AdwCleaner[s2].txt - [10575 octets] - [27/07/2013 06:56:11]
AdwCleaner[s3].txt - [2946 octets] - [27/07/2013 08:50:56]
 
########## EOF - C:\AdwCleaner[R6].txt - [5047 octets] ##########
Link to post
Share on other sites

OK it found this: (-\\ Google Chrome v28.0.1500.72 - File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences) 

 

This is about 8-10 different web sites that I want Google Chrome to open upon initial start of Google Chrome Browser. These are my main bookmarked web sites. 

 

IF we run AdwCleaner will it delete this auto setup?

Link to post
Share on other sites

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC
Link to post
Share on other sites

OK, here is the JRT log file:

----------------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by bsacco on Mon 07/29/2013 at 18:35:09.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Failed to delete: [Folder] "C:\Documents and Settings\All Users\application data\boost_interprocess"
 
 
 
~~~ FireFox
 
Emptied folder: C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\6j5zsw01.default\minidumps [4 files]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 07/29/2013 at 18:40:08.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Looks Good.....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.30.01

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

bsacco :: BS-TOWER [administrator]

 

Protection: Enabled

 

7/29/2013 8:17:01 PM

MBAM-log-2013-07-29 (20-37-22).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled: 

Objects scanned: 280143

Time elapsed: 11 minute(s), 16 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 1

C:\Documents and Settings\Administrator\Desktop\kmp.exe (PUP.Optional.AskToolbar) -> No action taken.

 

(end)
Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get "Unsupported operating system. Aborting now", just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.71  

 Windows XP Service Pack 3 x86   

 Internet Explorer 8  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Disabled!  

Microsoft Security Essentials   

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:````````` 

 Out of date HijackThis  installed! 

 SUPERAntiSpyware     

 Malwarebytes Anti-Malware version 1.75.0.1300  

 HijackThis 1.99.1    

 CCleaner     

 JavaFX 2.1.1    

 Java 6 Update 31  

 Java 7 Update 25  

 Adobe Flash Player 11.7.700.224  

 Mozilla Firefox 21.0 Firefox out of Date!  

 Google Chrome 28.0.1500.72  

 Google Chrome 28.0.1500.95  

````````Process Check: objlist.exe by Laurent````````  

 Microsoft Security Essentials MSMpEng.exe 

 Microsoft Security Essentials msseces.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Administrator Desktop VIRUS TOOL PACKAGE SecurityCheck.exe 

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:: 7% 

````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please uninstall these from your add/remove programs:
JavaFX 2.1.1
Java™ 6 Update 31


Java 7 Update 25 <----This is OK

-------------------------------------

 

Mozilla Firefox 21.0 Firefox out of Date! <-----Check for an update if available

 

------------------------------------

Google Chrome 28.0.1500.72 <-----OLD
Google Chrome 28.0.1500.95 <-----OK

You have old versions of Google Chrome on the system.
Please download and run OldChromeRemover.
@Windows Vista/Windows 7-8 users must use “Run As Administrator.”

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (may be down right now)
Cached version:
http://webcache.googleusercontent.com/search?q=cache:T4_y-D1qZAoJ:maddoktor2.com/forums/index.php%3Ftopic%3D46886.0+&cd=3&hl=en&ct=clnk&gl=us

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

OK, I just update my Chrome and here's what folder you have to delete: (just substitute your user name and make sure hidden files and folders is enabled)

C:\Documents and Settings\MrCharlie\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72

http://www.howtogeek.com/howto/windows/display-hidden-folders-in-xp/

MrC

Link to post
Share on other sites

Charlie,

 

I'm not seeing the same path as you...I can follow you all the way up to c\doc and settings\bsacco\Local settings\Application Data\Google.....then I just have two folders

1) Custom Buttons

and

2) Google Desktop

 

and I clicked into EVERY FOLDER and FILE and there is no 28.0.1500.72 to be found. pls advise.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.