Geddy1961

hi.yes i downloaded piriform ccleaner and used it.what happens now ?

hi.i recently made a thread here.about getting outgoing alerts when i opened internet explorer. support here ranme through alot of programs to fix this problem. since this has been done.i am unable to viw any videos i have downloaded mentioning file types etc how can i put it back to the way it was before ? and what could have changed since i did what iw was asked to here to my pc ?

ive tried running tfc 2 times.each time it doesnt really do anything.and when i click exit it freezes and i have to turn off computer at the wall i closed any windows programs that were running.how long does ittake to finish,it it works at all ?

so thats it ?

computer seems abit quicker,plus i have not had any of those outgoing alerts yet

i did everything it said,installing adobe and newer version of java.do i still have to delete the infected files the esetscan found ?

ComboFix 13-02-07.02 - User 09/02/2013 19:51:36.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1190 [GMT 0:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . FILE :: "c:\documents and settings\User\My Documents\Programs\va32.exe" "c:\documents and settings\User\My Documents\winamp5623_full_emusic-7plus_all.exe" "c:\program files\MyWebFace_5aEI\Installr\1.bin\5aEIPlug.dll" "c:\program files\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll" "e:\music\K\PHOTOS\freeripmp3-setup.exe" "e:\music\K\PHOTOS\Programs\VCDCutterSetup.exe" "e:\seagate backup\COMPUTER\C\Documents and Settings\Owner\My Documents\Programs\VCDCutterSetup.exe" . file zipped: c:\program files\SearchPredict\SearchPredict.dll . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\User\Local Settings\Temporary Internet Files\mcc2A.tmp c:\documents and settings\User\My Documents\Programs\va32.exe c:\documents and settings\User\My Documents\winamp5623_full_emusic-7plus_all.exe c:\program files\SearchPredict c:\program files\SearchPredict\Chrome\SearchPredictChrome.crx c:\program files\SearchPredict\PRFireFox\chrome.manifest c:\program files\SearchPredict\PRFireFox\chrome\content\searchpredict\logo.png c:\program files\SearchPredict\PRFireFox\chrome\content\searchpredict\ps.js c:\program files\SearchPredict\PRFireFox\chrome\content\searchpredict\ps.xul c:\program files\SearchPredict\PRFireFox\install.rdf c:\program files\SearchPredict\SearchPredict.dll e:\music\K\PHOTOS\freeripmp3-setup.exe e:\music\K\PHOTOS\Programs\VCDCutterSetup.exe e:\seagate backup\COMPUTER\C\Documents and Settings\Owner\My Documents\Programs\VCDCutterSetup.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_cvzsxufo . . ((((((((((((((((((((((((( Files Created from 2013-01-09 to 2013-02-09 ))))))))))))))))))))))))))))))) . . 2013-02-09 19:16 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{38455C59-BCDC-407A-A2D6-AAFFD3C232B9}\mpengine.dll 2013-02-09 16:41 . 2013-02-09 16:41 -------- d-----w- c:\program files\ESET 2013-02-09 15:43 . 2013-02-09 15:43 -------- d-----w- c:\windows\ERUNT 2013-02-09 15:43 . 2013-02-09 15:43 -------- d-----w- C:\JRT 2013-02-08 08:40 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-28 20:47 . 1998-06-18 00:00 32768 ----a-w- c:\windows\system32\REGTOOL5.DLL 2013-01-28 20:47 . 2013-01-28 20:51 -------- d-----w- c:\program files\Driving Theory Test Professional 2013-01-23 13:09 . 2013-01-23 16:31 -------- d-----w- c:\documents and settings\User\MSYNC 2013-01-23 13:08 . 2013-01-23 13:08 -------- d-----w- c:\program files\Media Mushroom Limited 2013-01-21 18:42 . 2013-01-21 18:42 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Samsung 2013-01-21 18:42 . 2013-01-21 18:42 -------- d-----w- c:\documents and settings\User\Application Data\Samsung 2013-01-21 18:41 . 2012-09-20 04:35 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-01-21 18:41 . 2012-09-20 04:35 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-01-21 18:29 . 2013-01-21 18:29 -------- d-----w- c:\program files\MyFree Codec 2013-01-21 18:03 . 2012-12-18 10:06 4659712 ----a-w- c:\windows\system32\Redemption.dll 2013-01-21 18:02 . 2012-12-18 10:06 821824 ----a-w- c:\windows\system32\dgderapi.dll 2013-01-21 18:02 . 2012-12-18 10:06 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2013-01-21 18:01 . 2013-01-21 18:41 -------- d-----w- c:\program files\Samsung 2013-01-21 18:01 . 2013-01-21 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung 2013-01-21 17:52 . 2013-01-21 17:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations 2013-01-15 18:57 . 2013-02-07 22:25 19352 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2013-01-15 18:57 . 2013-02-07 22:25 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2013-01-15 18:57 . 2013-02-07 22:25 262552 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2013-01-15 18:57 . 2013-02-07 22:25 116120 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2013-01-15 18:57 . 2013-02-07 22:25 917400 ----a-w- c:\program files\Mozilla Firefox\firefox.exe 2013-01-15 18:57 . 2013-02-07 22:25 277400 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll 2013-01-15 18:57 . 2013-01-15 18:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2013-01-15 18:57 . 2013-01-15 18:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2013-01-15 18:57 . 2013-02-07 22:25 59288 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2013-01-15 18:57 . 2013-02-07 22:25 478104 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2013-01-15 18:57 . 2013-02-07 22:25 2850712 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2013-01-15 18:57 . 2013-02-07 22:25 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2013-01-15 18:56 . 2013-01-15 18:56 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2013-01-15 18:56 . 2013-01-15 18:56 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2013-01-15 18:56 . 2013-02-07 22:25 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2013-01-15 18:56 . 2013-02-07 22:25 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-09 19:08 . 2012-03-31 21:06 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-09 19:08 . 2011-11-10 19:39 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2011-11-06 14:11 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-15 16:56 . 2012-07-02 13:44 477616 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-01-15 16:56 . 2011-11-11 12:06 473520 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-15 15:14 . 2012-07-02 13:44 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-18 10:06 . 2012-12-18 10:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-12-18 10:06 . 2012-12-18 10:06 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-12-18 10:06 . 2012-12-18 10:06 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-12-18 10:06 . 2012-12-18 10:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-12-18 10:06 . 2012-12-18 10:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-12-18 10:06 . 2012-12-18 10:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-12-18 10:06 . 2012-12-18 10:06 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-12-18 10:06 . 2012-12-18 10:06 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-12-18 10:06 . 2012-12-18 10:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-12-18 10:06 . 2012-12-18 10:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-12-18 10:06 . 2012-12-18 10:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-12-18 10:06 . 2012-12-18 10:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-12-18 10:06 . 2012-12-18 10:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-12-18 10:06 . 2012-12-18 10:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-12-18 10:06 . 2012-12-18 10:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-12-18 10:06 . 2012-12-18 10:06 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-12-18 10:06 . 2012-12-18 10:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-12-18 10:06 . 2012-12-18 10:06 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-12-18 10:06 . 2012-12-18 10:06 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-12-18 10:06 . 2012-12-18 10:06 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-12-18 10:06 . 2012-12-18 10:06 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-12-18 10:06 . 2012-12-18 10:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-12-18 10:06 . 2012-12-18 10:06 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-12-18 10:06 . 2012-12-18 10:06 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-12-18 10:06 . 2012-12-18 10:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-12-18 10:06 . 2011-11-06 12:33 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49 . 2012-07-14 18:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-03 12:06 . 2012-12-03 12:06 42760 ----a-w- c:\windows\system32\certsentry.dll 2012-12-03 12:06 . 2012-12-03 12:06 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-12-03 12:06 . 2012-12-03 12:06 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-03 12:06 . 2012-12-03 12:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2013-02-07 22:25 . 2013-01-15 18:57 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}] 2012-08-22 11:10 2660016 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}] 2012-08-25 13:15 427688 ----a-w- c:\program files\DAP\LinkVerifier.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408] "SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-02-04 1493704] "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2012-08-25 3774680] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304] "D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2012-08-22 09:09 13672 ----a-w- c:\program files\Citrix\GoToAssist\830\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\DAP\\dapupd.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= . R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [06/11/2011 11:58 24064] R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [05/03/2012 09:50 147456] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/09/2012 13:21 398184] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/07/2012 18:49 682344] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [16/02/2012 19:19 90112] R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [20/08/2012 12:31 369152] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [06/11/2011 11:58 176640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/07/2012 18:49 21104] S0 cerc6;cerc6; [x] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [21/01/2013 18:41 83168] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [25/12/2011 13:33 18560] S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [09/10/2009 20:23 33792] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [10/11/2011 19:48 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [10/11/2011 19:48 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [10/11/2011 19:48 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [10/11/2011 19:48 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [10/11/2011 19:48 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [10/11/2011 19:48 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [10/11/2011 19:48 109736] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [21/01/2013 18:41 181344] . Contents of the 'Scheduled Tasks' folder . 2013-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:08] . 2013-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-26 07:50] . 2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-26 07:50] . 2013-02-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25] . 2011-11-11 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job - c:\program files\Microsoft LifeCam\LifeExp.exe [2010-05-20 15:27] . 2013-02-09 c:\windows\Tasks\SBWUpdateTask_Logon_cbef6ec-0023AE7E1D75.job - c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2012-08-25 13:15] . 2013-02-09 c:\windows\Tasks\SBWUpdateTask_Time_cbef6ec-0023AE7E1D75.job - c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2012-08-25 13:15] . 2013-02-09 c:\windows\Tasks\User_Feed_Synchronization-{B63C40F8-7EA7-49A7-80E3-8F685E85CD33}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 04:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchAssistant = hxxp://www.google.com IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: &Verify with DAP - c:\program files\DAP\dapverify.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\SpeedBit Video Accelerator\LSP3.2.2.5\SBLSP.dll TCP: DhcpNameServer = 192.168.1.254 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\ FF - ExtSQL: 2013-02-06 21:41; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} FF - ExtSQL: 2013-02-09 19:16; mcciwbch@motive.com; c:\program files\Mozilla Firefox\extensions\mcciwbch@motive.com . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-09 19:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553ba074-c4f1-4bf2-b05b-04d57f7a73eb}] @Denied: (Full) (Everyone) "Model"=dword:00000107 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):89,73,d4,3b,4d,f1,cb,02,c7,21,6f,c6,4b,06,08,26,75,25,a4,67,ce, 3d,50,87,27,80,59,88,0d,3d,b4,de,46,c8,ea,e7,ab,e4,06,35,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1096) c:\program files\Citrix\GoToAssist\830\G2AWinLogon.dll . - - - - - - - > 'lsass.exe'(1184) c:\program files\SpeedBit Video Accelerator\LSP3.2.2.5\SBLSP.dll c:\program files\SpeedBit Video Accelerator\DLL3.3.0.7\ConfigDB.dll . - - - - - - - > 'explorer.exe'(2116) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe c:\windows\system32\igfxsrvc.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe . ************************************************************************** . Completion time: 2013-02-09 20:04:01 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-09 20:03 ComboFix2.txt 2013-02-09 19:13 . Pre-Run: 113,547,833,344 bytes free Post-Run: 113,538,424,832 bytes free . - - End Of File - - AF8C2E5B586B9398846F08060EB70B24 Upload was successful

ComboFix 13-02-07.02 - User 09/02/2013 18:58:00.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1159 [GMT 0:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\hpe7D.dll c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\553CA6CA.TMP c:\documents and settings\User\GoToAssistDownloadHelper.exe C:\Documents C:\Install.exe c:\program files\MyWebFace_5aEI c:\program files\MyWebFace_5aEI\Installr\1.bin\5aEIPlug.dll c:\program files\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll c:\program files\MyWebFace_5aEI\Installr\1.bin\NP5aEISb.dll c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll C:\Thumbs.db c:\windows\system32\muzapp.exe E:\Autorun.inf E:\install.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MYWEBSEARCHSERVICE . . ((((((((((((((((((((((((( Files Created from 2013-01-09 to 2013-02-09 ))))))))))))))))))))))))))))))) . . 2013-02-09 18:09 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9E37517C-7376-4254-9A98-EE8FDB6E2809}\mpengine.dll 2013-02-09 16:41 . 2013-02-09 16:41 -------- d-----w- c:\program files\ESET 2013-02-09 15:43 . 2013-02-09 15:43 -------- d-----w- c:\windows\ERUNT 2013-02-09 15:43 . 2013-02-09 15:43 -------- d-----w- C:\JRT 2013-02-08 08:40 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-01-28 20:47 . 1998-06-18 00:00 32768 ----a-w- c:\windows\system32\REGTOOL5.DLL 2013-01-28 20:47 . 2013-01-28 20:51 -------- d-----w- c:\program files\Driving Theory Test Professional 2013-01-23 13:09 . 2013-01-23 16:31 -------- d-----w- c:\documents and settings\User\MSYNC 2013-01-23 13:08 . 2013-01-23 13:08 -------- d-----w- c:\program files\Media Mushroom Limited 2013-01-21 18:42 . 2013-01-21 18:42 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Samsung 2013-01-21 18:42 . 2013-01-21 18:42 -------- d-----w- c:\documents and settings\User\Application Data\Samsung 2013-01-21 18:41 . 2012-09-20 04:35 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-01-21 18:41 . 2012-09-20 04:35 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-01-21 18:29 . 2013-01-21 18:29 -------- d-----w- c:\program files\MyFree Codec 2013-01-21 18:03 . 2012-12-18 10:06 4659712 ----a-w- c:\windows\system32\Redemption.dll 2013-01-21 18:02 . 2012-12-18 10:06 821824 ----a-w- c:\windows\system32\dgderapi.dll 2013-01-21 18:02 . 2012-12-18 10:06 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2013-01-21 18:01 . 2013-01-21 18:41 -------- d-----w- c:\program files\Samsung 2013-01-21 18:01 . 2013-01-21 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung 2013-01-21 17:52 . 2013-01-21 17:52 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations 2013-01-15 18:57 . 2013-02-07 22:25 19352 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll 2013-01-15 18:57 . 2013-02-07 22:25 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll 2013-01-15 18:57 . 2013-02-07 22:25 262552 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2013-01-15 18:57 . 2013-02-07 22:25 116120 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe 2013-01-15 18:57 . 2013-02-07 22:25 917400 ----a-w- c:\program files\Mozilla Firefox\firefox.exe 2013-01-15 18:57 . 2013-02-07 22:25 277400 ----a-w- c:\program files\Mozilla Firefox\freebl3.dll 2013-01-15 18:57 . 2013-01-15 18:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2013-01-15 18:57 . 2013-01-15 18:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2013-01-15 18:57 . 2013-02-07 22:25 59288 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2013-01-15 18:57 . 2013-02-07 22:25 478104 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2013-01-15 18:57 . 2013-02-07 22:25 2850712 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll 2013-01-15 18:57 . 2013-02-07 22:25 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2013-01-15 18:56 . 2013-01-15 18:56 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2013-01-15 18:56 . 2013-01-15 18:56 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2013-01-15 18:56 . 2013-02-07 22:25 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe 2013-01-15 18:56 . 2013-02-07 22:25 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-09 19:08 . 2012-03-31 21:06 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-09 19:08 . 2011-11-10 19:39 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-30 10:53 . 2011-11-06 14:11 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-15 16:56 . 2012-07-02 13:44 477616 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-01-15 16:56 . 2011-11-11 12:06 473520 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-15 15:14 . 2012-07-02 13:44 73728 ----a-w- c:\windows\system32\javacpl.cpl 2012-12-18 10:06 . 2012-12-18 10:06 90112 ----a-w- c:\windows\MAMCityDownload.ocx 2012-12-18 10:06 . 2012-12-18 10:06 330240 ----a-w- c:\windows\MASetupCaller.dll 2012-12-18 10:06 . 2012-12-18 10:06 30568 ----a-w- c:\windows\MusiccityDownload.exe 2012-12-18 10:06 . 2012-12-18 10:06 974848 ----a-w- c:\windows\system32\cis-2.4.dll 2012-12-18 10:06 . 2012-12-18 10:06 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll 2012-12-18 10:06 . 2012-12-18 10:06 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll 2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll 2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\MK_Lyric.dll 2012-12-18 10:06 . 2012-12-18 10:06 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll 2012-12-18 10:06 . 2012-12-18 10:06 569344 ----a-w- c:\windows\system32\muzdecode.ax 2012-12-18 10:06 . 2012-12-18 10:06 491520 ----a-w- c:\windows\system32\muzapp.dll 2012-12-18 10:06 . 2012-12-18 10:06 49152 ----a-w- c:\windows\system32\MaJGUILib.dll 2012-12-18 10:06 . 2012-12-18 10:06 45320 ----a-w- c:\windows\system32\MAMACExtract.dll 2012-12-18 10:06 . 2012-12-18 10:06 45056 ----a-w- c:\windows\system32\MaXMLProto.dll 2012-12-18 10:06 . 2012-12-18 10:06 45056 ----a-w- c:\windows\system32\MACXMLProto.dll 2012-12-18 10:06 . 2012-12-18 10:06 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll 2012-12-18 10:06 . 2012-12-18 10:06 352256 ----a-w- c:\windows\system32\MSLUR71.dll 2012-12-18 10:06 . 2012-12-18 10:06 258048 ----a-w- c:\windows\system32\muzoggsp.ax 2012-12-18 10:06 . 2012-12-18 10:06 245760 ----a-w- c:\windows\system32\MSCLib.dll 2012-12-18 10:06 . 2012-12-18 10:06 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe 2012-12-18 10:06 . 2012-12-18 10:06 200704 ----a-w- c:\windows\system32\muzwmts.dll 2012-12-18 10:06 . 2012-12-18 10:06 155648 ----a-w- c:\windows\system32\MSFLib.dll 2012-12-18 10:06 . 2012-12-18 10:06 143360 ----a-w- c:\windows\system32\3DAudio.ax 2012-12-18 10:06 . 2012-12-18 10:06 135168 ----a-w- c:\windows\system32\muzaf1.dll 2012-12-18 10:06 . 2012-12-18 10:06 131072 ----a-w- c:\windows\system32\muzmpgsp.ax 2012-12-18 10:06 . 2012-12-18 10:06 122880 ----a-w- c:\windows\system32\muzeffect.ax 2012-12-18 10:06 . 2012-12-18 10:06 118784 ----a-w- c:\windows\system32\MaDRM.dll 2012-12-18 10:06 . 2012-12-18 10:06 110592 ----a-w- c:\windows\system32\muzmp4sp.ax 2012-12-18 10:06 . 2011-11-06 12:33 319456 ----a-w- c:\windows\system32\DIFxAPI.dll 2012-12-16 12:23 . 2008-04-14 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49 . 2012-07-14 18:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-03 12:06 . 2012-12-03 12:06 42760 ----a-w- c:\windows\system32\certsentry.dll 2012-12-03 12:06 . 2012-12-03 12:06 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-12-03 12:06 . 2012-12-03 12:06 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-03 12:06 . 2012-12-03 12:06 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-11-13 01:25 . 2008-04-14 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2013-02-07 22:25 . 2013-01-15 18:57 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}] 2011-10-27 17:21 502424 ----a-w- c:\program files\SearchPredict\SearchPredict.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{92A9ACF4-9333-43AE-9698-DB283326F87F}] 2012-08-22 11:10 2660016 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{D5974A72-C81C-4DC3-BE77-A8A7BBC8864E}] 2012-08-25 13:15 427688 ----a-w- c:\program files\DAP\LinkVerifier.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408] "SpeedBitVideoAccelerator"="c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2012-02-04 1493704] "DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2012-08-25 3774680] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-12-20 1476104] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-07-16 1044480] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-16 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-16 170520] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-16 141848] "btbb_McciTrayApp"="c:\program files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2012-11-23 2011824] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-05-07 98304] "D-Link D-Link Wireless N DWA-140"="c:\program files\D-Link\DWA-140 revB\AirNCFG.exe" [2009-05-07 1683456] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2012-09-28 298376] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-12-09 74752] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist] 2012-08-22 09:09 13672 ----a-w- c:\program files\Citrix\GoToAssist\830\g2awinlogon.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\SoulseekNS\\slsk.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Winamp\\winamp.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpBrowser.exe"= "c:\\Program Files\\BT Broadband Desktop Help\\btbb\\BTHelpNotifier.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\DAP\\dapupd.exe"= "c:\\Program Files\\DAP\\DAP.exe"= "c:\\WINDOWS\\system32\\ARFC\\wrtc.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [06/11/2011 11:58 24064] R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [05/03/2012 09:50 147456] R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/09/2012 13:21 398184] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [14/07/2012 18:49 682344] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [16/02/2012 19:19 90112] R2 pcCMService;pcCMService;c:\program files\Common Files\Motive\pcCMService.exe [20/08/2012 12:31 369152] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [06/11/2011 11:58 176640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [14/07/2012 18:49 21104] S0 cerc6;cerc6; [x] S1 cvzsxufo;cvzsxufo;\??\c:\windows\system32\drivers\cvzsxufo.sys --> c:\windows\system32\drivers\cvzsxufo.sys [?] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [21/01/2013 18:41 83168] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [25/12/2011 13:33 18560] S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [09/10/2009 20:23 33792] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [10/11/2011 19:48 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [10/11/2011 19:48 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [10/11/2011 19:48 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [10/11/2011 19:48 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [10/11/2011 19:48 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [10/11/2011 19:48 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [10/11/2011 19:48 109736] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [21/01/2013 18:41 181344] . Contents of the 'Scheduled Tasks' folder . 2013-02-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:08] . 2013-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-26 07:50] . 2013-02-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-11-26 07:50] . 2013-02-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 16:25] . 2011-11-11 c:\windows\Tasks\Microsoft_Hardware_Launch_LifeExp_exe.job - c:\program files\Microsoft LifeCam\LifeExp.exe [2010-05-20 15:27] . 2013-02-09 c:\windows\Tasks\SBWUpdateTask_Logon_cbef6ec-0023AE7E1D75.job - c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2012-08-25 13:15] . 2013-02-09 c:\windows\Tasks\SBWUpdateTask_Time_cbef6ec-0023AE7E1D75.job - c:\program files\Common Files\Speedbit\SbUpdate\SBUpdate.exe [2012-08-25 13:15] . 2013-02-09 c:\windows\Tasks\User_Feed_Synchronization-{B63C40F8-7EA7-49A7-80E3-8F685E85CD33}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 04:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchAssistant = hxxp://www.google.com IE: &Download with &DAP - c:\program files\DAP\dapextie.htm IE: &Verify with DAP - c:\program files\DAP\dapverify.htm IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\SpeedBit Video Accelerator\LSP3.2.2.5\SBLSP.dll TCP: DhcpNameServer = 192.168.1.254 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\DAP\dapie.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\ FF - ExtSQL: 2013-02-06 21:41; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} . - - - - ORPHANS REMOVED - - - - . HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-02-09 19:07 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{553ba074-c4f1-4bf2-b05b-04d57f7a73eb}] @Denied: (Full) (Everyone) "Model"=dword:00000107 "Therad"=dword:0000001e "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,88,79,0d,22,8e,33,17,75,e6,82,db,74,d6,1f,ea,8f,64,51,35,36,23,e5,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) "scansk"=hex(0):89,73,d4,3b,4d,f1,cb,02,c7,21,6f,c6,4b,06,08,26,75,25,a4,67,ce, 3d,50,87,27,80,59,88,0d,3d,b4,de,46,c8,ea,e7,ab,e4,06,35,00,00,00,00,00,00,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1096) c:\program files\Citrix\GoToAssist\830\G2AWinLogon.dll . - - - - - - - > 'lsass.exe'(1184) c:\program files\SpeedBit Video Accelerator\LSP3.2.2.5\SBLSP.dll c:\program files\SpeedBit Video Accelerator\DLL3.3.0.7\ConfigDB.dll . - - - - - - - > 'explorer.exe'(3160) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe c:\windows\system32\igfxsrvc.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe c:\documents and settings\User\Application Data\Motive\btbb\dthupdate\BTBBUpdate.exe c:\program files\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe . ************************************************************************** . Completion time: 2013-02-09 19:13:14 - machine was rebooted ComboFix-quarantined-files.txt 2013-02-09 19:13 . Pre-Run: 112,841,400,320 bytes free Post-Run: 113,592,090,624 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 59EACEA843A51EE697A0234CC668A1EE

esetscan C:\Documents and Settings\User\My Documents\winamp5623_full_emusic-7plus_all.exe Win32/OpenCandy application C:\Documents and Settings\User\My Documents\Programs\va32.exe a variant of Win32/Bundled.Toolbar.Ask application C:\Program Files\MyWebFace_5aEI\Installr\1.bin\5aEIPlug.dll a variant of Win32/Toolbar.MyWebSearch application C:\Program Files\MyWebFace_5aEI\Installr\1.bin\5aEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application E:\MUSIC\K\PHOTOS\freeripmp3-setup.exe multiple threats E:\MUSIC\K\PHOTOS\Programs\VCDCutterSetup.exe multiple threats E:\Seagate Backup\COMPUTER\C\Documents and Settings\Owner\My Documents\Programs\VCDCutterSetup.exe multiple threats

ok.is still scanning.though nearly at the end of it. computer seems ok.not been browsing etc as anti virus is switched off while scanning

scan is running has found 4 infected files up to now.as it says here to press "list of threats found button" after scan will that remove them ? or just do everything it tells me to here ?

do i still need to run this scan on eset ?

Malwarebytes Anti-Malware (PRO) 1.70.0.1100 www.malwarebytes.org Database version: v2013.02.09.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 User :: DELL-360 [administrator] Protection: Enabled 09/02/2013 16:10:09 mbam-log-2013-02-09 (16-10-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206015 Time elapsed: 4 minute(s), 51 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

# AdwCleaner v2.111 - Logfile created 02/09/2013 at 16:03:35 # Updated 05/02/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : User - DELL-360 # Boot Mode : Normal # Running from : C:\Documents and Settings\User\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll Folder Deleted : C:\Documents and Settings\User\Start Menu\Programs\FreeRIP Folder Deleted : C:\WINDOWS\system32\WNLT ***** [Registry] ***** Key Deleted : HKCU\Software\FunWebProducts Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77} Key Deleted : HKCU\Software\WNLT Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403} Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E} Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2421} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WNLT Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT Key Deleted : HKLM\Software\WNLT Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts] ***** [internet Browsers] ***** -\\ Internet Explorer v8.0.6001.18702 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v18.0.2 (en-GB) File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\kvvgi3y1.default\prefs.js [OK] File is clean. -\\ Google Chrome v [unable to get version] File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [12515 octets] - [09/02/2013 16:03:35] ########## EOF - C:\AdwCleaner[s1].txt - [12576 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.6.2 (02.02.2013:2) OS: Microsoft Windows XP x86 Ran by User on 09/02/2013 at 15:43:36.60 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [service] ib updater Successfully deleted: [service] ib updater ~~~ Registry Values Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\smessaging Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{0329e7d6-6f54-462d-93f6-f5c3118badf2} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{0329e7d6-6f54-462d-93f6-f5c3118badf2} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\abouturls\\Tabs Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{d4027c7f-154a-4066-a1ad-4243d8127440} ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_current_user\software\conduit Successfully deleted: [Registry Key] hkey_local_machine\software\conduit Successfully deleted: [Registry Key] hkey_current_user\software\datamngr Successfully deleted: [Registry Key] hkey_current_user\software\ib updater Successfully deleted: [Registry Key] hkey_local_machine\software\ib updater Successfully deleted: [Registry Key] hkey_current_user\software\igearsettings Successfully deleted: [Registry Key] hkey_current_user\software\im Successfully deleted: [Registry Key] hkey_current_user\software\iminstaller Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\menuext\&search Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\extension.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbcommonutils.dll Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\tbhelper.exe Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler Successfully deleted: [Registry Key] hkey_local_machine\software\classes\comobject.deskbarenabler.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject Successfully deleted: [Registry Key] hkey_local_machine\software\classes\extension.extensionhelperobject.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\linkurysmartbar.bho Successfully deleted: [Registry Key] hkey_local_machine\software\classes\linkurysmartbar.dockingpanel Successfully deleted: [Registry Key] hkey_local_machine\software\classes\linkurysmartbar.linkurymenuform Successfully deleted: [Registry Key] hkey_local_machine\software\classes\linkurysmartbar.linkurysmartbar Successfully deleted: [Registry Key] hkey_local_machine\software\classes\linkurysmartbar.linkurysmartbarbandobject Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbcommonutils.commonutils.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbdownloadmanager.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbpropertymanager.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.tbrequest.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper Successfully deleted: [Registry Key] hkey_local_machine\software\classes\tbhelper.toolbarhelper.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.contextmenunotifier.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.custominternetsecurityimpl.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager Successfully deleted: [Registry Key] hkey_local_machine\software\classes\toolbar3.searchprovidermanager.1 Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook Successfully deleted: [Registry Key] hkey_local_machine\software\classes\urlsearchhook.toolbarurlsearchhook.1 Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0055c089-8582-441b-a0bf-17b458c2a3a8} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{0329e7d6-6f54-462d-93f6-f5c3118badf2} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{336d0c35-8a85-403a-b9d2-65c292c39087} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{336d0c35-8a85-403a-b9d2-65c292c39087} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57cadc46-58ff-4105-b733-5a9f3fc9783c} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{7a5c22fe-972c-4b1e-8521-e045f74e5f2e} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{99079a25-328f-4bd4-be04-00955acaa0a7} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ae07101b-46d4-4a98-af68-0333ea26e113} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ca3eb689-8f09-4026-aa10-b9534c691ce0} Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{cff4db9b-135f-47c0-9269-b4c6572fd61a} Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\freerip" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\strongvault online backup" Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\opencandy" Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\searchquband" Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\strongvault" Successfully deleted: [Folder] "C:\Documents and Settings\User\Application Data\toolbar4" Successfully deleted: [Folder] "C:\Documents and Settings\User\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\stronghold_llc" Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\strongvault online backup" Successfully deleted: [Folder] "C:\Program Files\freerip" Successfully deleted: [Folder] "C:\Program Files\ib updater" Successfully deleted: [Folder] "C:\Program Files\wiseconvert" Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin" ~~~ FireFox Successfully deleted: [File] C:\user.js Successfully deleted: [Registry Value] hkey_local_machine\software\mozilla\firefox\extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087} Successfully deleted the following from C:\Documents and Settings\User\Application Data\mozilla\firefox\profiles\kvvgi3y1.default\prefs.js user_pref("browser.search.defaulturl", "hxxp://home.speedbit.com/search.aspx?aff=115&q="); user_pref("browser.startup.homepage", "hxxp://home.speedbit.com/?aff=115"); user_pref("browser.startup.homepage_override_url", "hxxp://home.speedbit.com/?aff=115"); user_pref("keyword.URL", "hxxp://home.speedbit.com/search.aspx?aff=115&q="); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 09/02/2013 at 15:50:19.70 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

as administrator is asking me for a password ?

DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_39 Run by User at 15:16:06 on 2013-02-09 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1223 [GMT 0:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe C:\WINDOWS\vVX1000.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Samsung\Kies\Kies.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\WINDOWS\system32\ANIWConnService.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\IB Updater\ExtensionUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uWindow Title = >>> 'Full Speed' Enabled <<< uSearch Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} uSearch Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\ib updater\Extension32.dll BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned> BHO: SBCONVERT Class: {A1056498-D09A-41E4-864B-505EDD640D9E} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files\dap\LinkVerifier.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [speedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe uRun: [updateFlow.btbb] "c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" -hidden -appkey=btbb "-url=file://c:\documents and settings\user\application data\motive\btbb\dthupdate\PreUpdate.html?delay=60" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [VX1000] c:\windows\vVX1000.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\dwa-140 revb\AirNCFG.exe mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sMessaging] c:\documents and settings\user\local settings\application data\strongvault online backup\SMessaging.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [userFaultCheck] c:\windows\system32\dumprep 0 -u mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: &Search - <no file> IE: &Verify with DAP - c:\program files\dap\dapverify.htm IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\speedbit video accelerator\lsp3.2.2.5\SBLSP.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1320585147328 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{56371F02-5AF3-4740-B579-671BF06180FF} : DHCPNameServer = 192.168.1.254 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\830\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\kvvgi3y1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q= FF - prefs.js: browser.search.selectedEngine - SpeedBit Search FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115 FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mywebface_5aei\installr\1.bin\NP5aEISb.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: 2013-02-06 21:41; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2011-11-6 24064] R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2012-3-5 147456] R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2012-11-3 188760] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-14 682344] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2012-2-16 90112] R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-8-20 369152] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2011-11-6 176640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-14 21104] S0 cerc6;cerc6; [x] S1 cvzsxufo;cvzsxufo;\??\c:\windows\system32\drivers\cvzsxufo.sys --> c:\windows\system32\drivers\cvzsxufo.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-21 83168] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-12-25 18560] S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792] S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-3-5 715520] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2011-11-10 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2011-11-10 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2011-11-10 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2011-11-10 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2011-11-10 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2011-11-10 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2011-11-10 109736] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-21 181344] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-02-09 09:41:27 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1caa0761-27c8-40d5-bec4-f70e1cda200c}\mpengine.dll 2013-02-08 08:40:15 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-01-28 20:47:38 32768 ----a-w- c:\windows\system32\REGTOOL5.DLL 2013-01-28 20:47:27 -------- d-----w- c:\program files\Driving Theory Test Professional 2013-01-23 13:09:22 -------- d-----w- c:\documents and settings\user\MSYNC 2013-01-23 13:08:59 -------- d-----w- c:\program files\Media Mushroom Limited 2013-01-21 18:42:19 -------- d-----w- c:\documents and settings\user\local settings\application data\Samsung 2013-01-21 18:42:16 -------- d-----w- c:\documents and settings\user\application data\Samsung 2013-01-21 18:41:32 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-01-21 18:41:31 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-01-21 18:29:53 -------- d-----w- c:\program files\MyFree Codec 2013-01-21 18:03:09 4659712 ----a-w- c:\windows\system32\Redemption.dll 2013-01-21 18:02:42 821824 ----a-w- c:\windows\system32\dgderapi.dll 2013-01-21 18:02:42 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2013-01-21 18:01:32 -------- d-----w- c:\program files\Samsung 2013-01-21 18:01:32 -------- d-----w- c:\documents and settings\all users\application data\Samsung 2013-01-21 17:52:49 -------- d-----w- c:\documents and settings\user\local settings\application data\Downloaded Installations 2013-01-15 18:57:15 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2013-01-15 18:57:14 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe 2013-01-15 18:57:14 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-01-15 18:57:14 277400 ----a-w- c:\program files\mozilla firefox\freebl3.dll 2013-01-15 18:57:14 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2013-01-15 18:57:14 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2013-01-15 18:57:14 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2013-01-15 18:57:14 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2013-01-15 18:57:13 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2013-01-15 18:57:13 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2013-01-15 18:57:13 2850712 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2013-01-15 18:57:13 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2013-01-15 18:56:58 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2013-01-15 18:56:58 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2013-01-15 18:56:55 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-01-15 18:56:55 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe . ==================== Find3M ==================== . 2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-15 16:56:10 477616 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-01-15 16:56:07 473520 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-15 15:14:01 73728 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-09 16:07:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 16:07:09 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 16:07:04 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-03 12:06:36 42760 ----a-w- c:\windows\system32\certsentry.dll 2012-12-03 12:06:23 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-03 12:06:23 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-12-03 12:06:22 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 15:16:42.29 =============== DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_39 Run by User at 15:16:06 on 2013-02-09 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2037.1223 [GMT 0:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . ============== Running Processes ================ . C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Speedbit\SbUpdate\SBUpdate.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe C:\WINDOWS\vVX1000.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\D-Link\DWA-140 revB\AirNCFG.exe C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe C:\Program Files\DAP\DAP.EXE C:\Program Files\Samsung\Kies\Kies.exe C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\WINDOWS\system32\ANIWConnService.exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\IB Updater\ExtensionUpdaterService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\Program Files\Common Files\Motive\pcCMService.exe C:\PROGRA~1\SPEEDB~2\VideoAcceleratorService.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uWindow Title = >>> 'Full Speed' Enabled <<< uSearch Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} uSearch Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} uSearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=GB&userid=5c9729fe-89d4-42f3-9fc6-1862c0bb4aaf&affid=113129&searchtype=ds&babsrc=lnkry&q={searchTerms} BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\ib updater\Extension32.dll BHO: SearchPredictObj Class: {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - c:\program files\searchpredict\SearchPredict.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: SBCONVERT Class: {92A9ACF4-9333-43AE-9698-DB283326F87F} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll BHO: {99079a25-328f-4bd4-be04-00955acaa0a7} - <orphaned> BHO: SBCONVERT Class: {A1056498-D09A-41E4-864B-505EDD640D9E} - c:\program files\speedbit video downloader\toolbar\SpeedBitVideoDownloader.dll BHO: SpeedBit Link Verification Helper: {D5974A72-C81C-4DC3-BE77-A8A7BBC8864E} - c:\program files\dap\LinkVerifier.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: GrabberObj Class: {FF7C3CF0-4B15-11D1-ABED-709549C10000} - c:\program files\speedbit video downloader\toolbar\Grabber.dll TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> TB: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [speedBitVideoAccelerator] "c:\program files\speedbit video accelerator\VideoAccelerator.exe" /startup uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe uRun: [updateFlow.btbb] "c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe" -hidden -appkey=btbb "-url=file://c:\documents and settings\user\application data\motive\btbb\dthupdate\PreUpdate.html?delay=60" mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [btbb_McciTrayApp] "c:\program files\bt broadband desktop help\btbb\BTHelpNotifier.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe" mRun: [VX1000] c:\windows\vVX1000.exe mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [D-Link D-Link Wireless N DWA-140] c:\program files\d-link\dwa-140 revb\AirNCFG.exe mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [sMessaging] c:\documents and settings\user\local settings\application data\strongvault online backup\SMessaging.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [userFaultCheck] c:\windows\system32\dumprep 0 -u mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: &Download with &DAP - c:\program files\dap\dapextie.htm IE: &Search - <no file> IE: &Verify with DAP - c:\program files\dap\dapverify.htm IE: Download &all with DAP - c:\program files\dap\dapextie2.htm IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe LSP: c:\program files\speedbit video accelerator\lsp3.2.2.5\SBLSP.dll DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} - hxxp://assets.photobox.com/assets/v/ra3RgI_VSoCPalw7aL2ig_0fSS8.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1320585147328 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{56371F02-5AF3-4740-B579-671BF06180FF} : DHCPNameServer = 192.168.1.254 Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\program files\dap\dapie.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\830\G2AWinLogon.dll Notify: igfxcui - igfxdev.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\kvvgi3y1.default\ FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=115&q= FF - prefs.js: browser.search.selectedEngine - SpeedBit Search FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=115 FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=115&q= FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\common files\motive\npMotive.dll FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mywebface_5aei\installr\1.bin\NP5aEISb.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll FF - plugin: c:\windows\system32\npdeployJava1.dll FF - plugin: c:\windows\system32\npptools.dll FF - ExtSQL: 2013-02-06 21:41; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552] R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2011-11-6 24064] R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2012-3-5 147456] R2 IB Updater;IB Updater;c:\program files\ib updater\ExtensionUpdaterService.exe [2012-11-3 188760] R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-9-12 398184] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-7-14 682344] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2012-2-16 90112] R2 pcCMService;pcCMService;c:\program files\common files\motive\pcCMService.exe [2012-8-20 369152] R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~2\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~2\VideoAcceleratorService.exe -start -scm [?] R3 k57w2k;Broadcom NetLink Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2011-11-6 176640] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-7-14 21104] S0 cerc6;cerc6; [x] S1 cvzsxufo;cvzsxufo;\??\c:\windows\system32\drivers\cvzsxufo.sys --> c:\windows\system32\drivers\cvzsxufo.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-1-21 83168] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2011-12-25 18560] S3 LeapFrog-USBLAN;LeapFrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2009-10-9 33792] S3 rt2870;D-Link 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-3-5 715520] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2011-11-10 86824] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2011-11-10 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2011-11-10 114600] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2011-11-10 108328] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2011-11-10 26024] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2011-11-10 104616] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2011-11-10 109736] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-1-21 181344] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2013-02-09 09:41:27 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{1caa0761-27c8-40d5-bec4-f70e1cda200c}\mpengine.dll 2013-02-08 08:40:15 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2013-01-28 20:47:38 32768 ----a-w- c:\windows\system32\REGTOOL5.DLL 2013-01-28 20:47:27 -------- d-----w- c:\program files\Driving Theory Test Professional 2013-01-23 13:09:22 -------- d-----w- c:\documents and settings\user\MSYNC 2013-01-23 13:08:59 -------- d-----w- c:\program files\Media Mushroom Limited 2013-01-21 18:42:19 -------- d-----w- c:\documents and settings\user\local settings\application data\Samsung 2013-01-21 18:42:16 -------- d-----w- c:\documents and settings\user\application data\Samsung 2013-01-21 18:41:32 181344 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2013-01-21 18:41:31 83168 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2013-01-21 18:29:53 -------- d-----w- c:\program files\MyFree Codec 2013-01-21 18:03:09 4659712 ----a-w- c:\windows\system32\Redemption.dll 2013-01-21 18:02:42 821824 ----a-w- c:\windows\system32\dgderapi.dll 2013-01-21 18:02:42 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2013-01-21 18:01:32 -------- d-----w- c:\program files\Samsung 2013-01-21 18:01:32 -------- d-----w- c:\documents and settings\all users\application data\Samsung 2013-01-21 17:52:49 -------- d-----w- c:\documents and settings\user\local settings\application data\Downloaded Installations 2013-01-15 18:57:15 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll 2013-01-15 18:57:14 917400 ----a-w- c:\program files\mozilla firefox\firefox.exe 2013-01-15 18:57:14 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll 2013-01-15 18:57:14 277400 ----a-w- c:\program files\mozilla firefox\freebl3.dll 2013-01-15 18:57:14 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2013-01-15 18:57:14 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2013-01-15 18:57:14 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2013-01-15 18:57:14 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe 2013-01-15 18:57:13 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2013-01-15 18:57:13 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2013-01-15 18:57:13 2850712 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2013-01-15 18:57:13 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe 2013-01-15 18:56:58 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll 2013-01-15 18:56:58 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll 2013-01-15 18:56:55 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe 2013-01-15 18:56:55 157712 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe . ==================== Find3M ==================== . 2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe 2013-01-15 16:56:10 477616 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-01-15 16:56:07 473520 ----a-w- c:\windows\system32\deployJava1.dll 2013-01-15 15:14:01 73728 ----a-w- c:\windows\system32\javacpl.cpl 2013-01-09 16:07:09 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-01-09 16:07:09 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 16:07:04 16369160 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-12-14 16:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-03 12:06:36 42760 ----a-w- c:\windows\system32\certsentry.dll 2012-12-03 12:06:23 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-12-03 12:06:23 1060864 ----a-w- c:\windows\system32\mfc71.dll 2012-12-03 12:06:22 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys . ============= FINISH: 15:16:42.29 ===============

i am still getting outgoing blocked potenially malicious sites,,giving an ip adress whe i open internet explorer i changed my homepage.and yet it still happens any idea how to stop this happening ?

thanks for the advice.much appreciated

hi over the last few days,evrytime i open internet explorer i get the bubble saying access to a malicious site has been blocked..outgoing...and gives an ip address.do i have anything to worry about ? and how do i stop it ?

hi.i scanned my pc this morning and it found 3 objects pup.installbrain - registry key pup.installbrain - file pup.installbrain - memory process when i clicked on get infomation from vendor,it just goes to malwarebytes download page does anyone know what these objects are ? and their severity ? thanks.