ipepper
-
Posts
24 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by ipepper
-
-
OK I take it back - when I turn the MS Security Essentials real time protection on things start hanging again.
-
better... file downloads don't seem to hangup anymore.
The overall performance (browser-wise) is better. The overall system performance remains about 50% from where it used to be. -
Here you go...
RogueKiller V8.4.0 [Dec 18 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Admin [Admin rights]
Mode : Scan -- Date : 12/18/2012 18:42:40
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 5 ¤¤¤
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ] HKLM\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD2500JB-00REA0 +++++
--- User ---
[MBR] 1c1d3deb69840e93181e332dfa55fdd6
[bSP] c192851ad45fabb46a2564533df54248 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 99998 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204796620 | Size: 138466 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_12182012_02d1842.txt >>
RKreport[1]_S_12182012_02d1842.txt
-
Done - I could not run defrag with "%systemdrive%" so I used C: instead. It seems slightly better than before but it still hangs frequently.
-
Done - Performance is slightly better browser-wise. PC still hangs periodically.
-
Here's the junkware log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.9.6 (12.07.2012:1)
OS: Microsoft Windows XP x86
Ran by Admin on Fri 12/07/2012 at 20:46:40.40
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/07/2012 at 20:56:45.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
Not noticing any difference in performance. Everything seems to work, it just takes 5 minutes for a web page to load (for example). It can take about 30 seconds to switch between windows. Not sure if this will help but here are some observations. I was curious and looked at the runnung processes in windows task manager and found multiple instancs of chrome.exe running when I only had 1 window and 1 tab open. I monitored the processes while trying to open the following web page (after googling for an answer). The web page took about 5 minutes to load and I.E. was hogging over 250MB memory. I tried opening the same web page in chrome which took just as long but chrome only used about 80MB. The strange thing is that the CPU usage is usually under 30% while I am waiting for it to complete a simple task.
http://productforums.google.com/forum/#!topic/chrome/og-xdL55RJM
-
Here's the Kaspersky log:
Status: Disinfected (events: 2)
12/4/2012 10:16:04 PM Disinfected Trojan program Trojan.Win32.Oficla.eo UM_Exchange\Archive1\Top of Personal Folders\Inbox\[From:McConville, Amanda][subject:FW: Fedex Invoice copy N8894787][Time:2010/08/24 15:34:42]/FEDEXInvoiceEE572504OP.zip High
12/4/2012 10:16:03 PM Disinfected Trojan program Trojan.Win32.Oficla.eo UM_Exchange\Archive1\Top of Personal Folders\Inbox\[From:McConville, Amanda][subject:FW: Fedex Invoice copy N8894787][Time:2010/08/24 15:34:42]/FEDEXInvoiceEE572504OP.zip/FedexInvoice_EE776129.exe High
Status: Deleted (events: 2)
12/5/2012 7:10:46 AM Deleted Trojan program Trojan.Win32.Swisyn.cnpe D:\Shared Drive\backup\Programs\Bleeping\OTL.exe High
12/5/2012 6:15:58 PM Deleted Trojan program Trojan.Win32.Swisyn.cnpe D:\System Volume Information\_restore{BBCB31A8-FC60-4E6F-83E1-FF8611C6E7DD}\RP1126\A0119895.exe High
-
Here are the logs:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=badc5ec42a880742ba171922e0cd9fe6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-04 01:01:21
# local_time=2012-12-03 08:01:21 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 82177391 82177391 0 0
# compatibility_mode=5891 16776533 42 87 0 50514151 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=0
# found=0
# cleaned=0
# scan_time=0
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=badc5ec42a880742ba171922e0cd9fe6
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-12-04 02:50:29
# local_time=2012-12-03 09:50:29 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 82177651 82177651 0 0
# compatibility_mode=5891 16776869 42 87 0 50514411 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=93889
# found=3
# cleaned=3
# scan_time=6291
D:\Shared Drive\backup\Programs\Coupon Printers\Coupons Dot Com Printer\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Shared Drive\backup\Programs\DVD_Video\Players\VLCfree\VLC_32.exe a variant of Win32/InstallIQ application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
D:\Shared Drive\backup\Programs\Utilities\PandoraRecovery Undelete\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-03 22:06:29
-----------------------------
22:06:29.359 OS Version: Windows 5.1.2600 Service Pack 3
22:06:29.359 Number of processors: 1 586 0x102
22:06:29.359 ComputerName: DELL1 UserName: Admin
22:06:30.481 Initialize success
22:11:00.249 AVAST engine defs: 12120301
22:11:12.737 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:11:12.737 Disk 0 Vendor: WDC_WD2500JB-00REA0 20.00K20 Size: 238475MB BusType: 3
22:11:12.747 Disk 0 MBR read successfully
22:11:12.747 Disk 0 MBR scan
22:11:12.827 Disk 0 Windows XP default MBR code
22:11:12.827 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 99998 MB offset 63
22:11:12.827 Disk 0 Partition - 00 0F Extended LBA 138466 MB offset 204796620
22:11:12.857 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 138466 MB offset 204796683
22:11:12.867 Disk 0 scanning sectors +488376000
22:11:12.997 Disk 0 scanning C:\WINDOWS\system32\drivers
22:11:25.735 Service scanning
22:11:41.278 Modules scanning
22:11:48.838 Disk 0 trace - called modules:
22:11:49.169 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
22:11:49.169 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82382ab8]
22:11:49.169 3 CLASSPNP.SYS[f8576fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x823a26d0]
22:11:49.830 AVAST engine scan C:\WINDOWS
22:12:03.309 AVAST engine scan C:\WINDOWS\system32
22:15:44.818 AVAST engine scan C:\WINDOWS\system32\drivers
22:16:09.193 AVAST engine scan C:\Documents and Settings\Admin
22:23:00.965 AVAST engine scan C:\Documents and Settings\All Users
22:24:05.648 Scan finished successfully
22:36:04.151 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Admin\Desktop\MBR.dat"
22:36:04.161 The log file has been saved successfully to "C:\Documents and Settings\Admin\Desktop\aswMBR.txt"
-
Jeff, thanks for the help and advice. I will definately take the time to research malware prevention. ComboFix is uninstalled and I.E. security settings were already as recommended. One thing I forgot to ask... since Java is installed but does not show up in the control panel, should I reinstall it? MS Security Essentials did not like the last Java update so should I tell SE to trust it?
-
Thanks for helping Maniac. Here are the logs.
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.12.02.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: DELL1 [administrator]
12/2/2012 8:54:48 AM
mbam-log-2012-12-02 (08-54-48).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 236930
Time elapsed: 11 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
===========================================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Admin at 9:16:23 on 2012-12-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.180 [GMT -5:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\program files\real\realplayer\update\realsched.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - <orphaned>
BHO: AutorunsDisabled - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [KBD] c:\hp\kbd\KBD.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoru~1\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {00140000-B1BA-11CE-ABC6-F5B2E79D9E3F} - file:///F:/LTOCX14N.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1165807308463
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349019991182
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.76.76 75.75.75.75
TCP: Interfaces\{228C18C5-7E2B-4AD9-9498-29C248E27831} : DHCPNameServer = 75.75.76.76 75.75.75.75
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AutorunsDisabled - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
S3 3dfxvs;3dfxvs;c:\windows\system32\drivers\3dfxvsm.sys [2006-12-9 148352]
S3 PsShutdownSvc;PsShutdown;c:\windows\system32\PSSDNSVC.EXE [2009-6-15 61440]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-11-25 47360]
S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2009-11-25 47360]
S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-11-25 28032]
S4 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2006-2-28 14336]
.
=============== File Associations ===============
.
ShellExec: ymp.exe: open="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
ShellExec: ymp.exe: play="c:\program files\yahoo!\yahoo! music jukebox\YahooMusicEngine.exe" -play "%1"
.
=============== Created Last 30 ================
.
2012-12-02 13:06:53 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ccb6beaf-5f89-4da7-b24f-30492c84e107}\mpengine.dll
.
==================== Find3M ====================
.
2012-11-11 11:10:59 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-11 11:10:59 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-22 08:37:31 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 19:32:08 88688 ----a-w- c:\windows\system32\cpwmon2k.dll
2006-02-28 12:00:00 94784 --sh--w- c:\windows\twain.dll
2008-04-14 00:12:07 50688 --sh--w- c:\windows\twain_32.dll
2011-02-08 13:33:55 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12:01 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 00:12:01 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 00:12:01 343040 --sha-w- c:\windows\system32\msvcrt.dll
2010-12-20 17:32:15 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12:02 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 00:12:32 11776 --sh--w- c:\windows\system32\regsvr32.exe
.
============= FINISH: 9:17:26.14 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/9/2006 7:46:24 PM
System Uptime: 12/2/2012 7:55:50 AM (2 hours ago)
.
Motherboard: Dell Computer Corporation | | OptiPlex GX400
Processor: Intel® Pentium® 4 CPU 1.70GHz | Microprocessor | 1694/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 18.317 GiB free.
D: is FIXED (NTFS) - 135 GiB total, 14.085 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1060: 9/28/2012 11:46:36 PM - Software Distribution Service 3.0
RP1061: 9/29/2012 12:34:11 AM - Software Distribution Service 3.0
RP1062: 9/30/2012 9:10:44 AM - Software Distribution Service 3.0
RP1063: 9/30/2012 10:35:05 AM - Installed Multimedia / Internet Keyboard Driver VerR8.15
RP1064: 9/30/2012 11:01:25 AM - Removed Multimedia / Internet Keyboard Driver VerR8.15
RP1065: 9/30/2012 9:15:00 PM - Printer Driver CutePDF Writer Installed
RP1066: 10/1/2012 7:45:21 PM - Software Distribution Service 3.0
RP1067: 10/2/2012 7:56:47 PM - System Checkpoint
RP1068: 10/3/2012 5:55:08 PM - Software Distribution Service 3.0
RP1069: 10/4/2012 5:59:01 PM - System Checkpoint
RP1070: 10/6/2012 10:14:18 AM - Software Distribution Service 3.0
RP1071: 10/7/2012 11:29:50 AM - Software Distribution Service 3.0
RP1072: 10/8/2012 8:07:13 PM - Software Distribution Service 3.0
RP1073: 10/9/2012 8:14:33 PM - System Checkpoint
RP1074: 10/9/2012 10:22:10 PM - Software Distribution Service 3.0
RP1075: 10/10/2012 6:12:06 PM - Software Distribution Service 3.0
RP1076: 10/11/2012 6:59:28 PM - Software Distribution Service 3.0
RP1077: 10/12/2012 7:19:52 PM - System Checkpoint
RP1078: 10/13/2012 8:59:41 AM - Software Distribution Service 3.0
RP1079: 10/14/2012 9:31:14 AM - Software Distribution Service 3.0
RP1080: 10/15/2012 6:13:05 PM - Software Distribution Service 3.0
RP1081: 10/17/2012 7:32:17 PM - Software Distribution Service 3.0
RP1082: 10/18/2012 7:43:40 PM - System Checkpoint
RP1083: 10/19/2012 6:05:28 PM - Software Distribution Service 3.0
RP1084: 10/20/2012 6:39:58 PM - System Checkpoint
RP1085: 10/21/2012 9:24:15 AM - Software Distribution Service 3.0
RP1086: 10/22/2012 6:21:48 PM - Software Distribution Service 3.0
RP1087: 10/23/2012 6:51:01 PM - System Checkpoint
RP1088: 10/24/2012 6:02:41 PM - Software Distribution Service 3.0
RP1089: 10/26/2012 6:37:24 AM - Software Distribution Service 3.0
RP1090: 10/27/2012 10:12:42 AM - Software Distribution Service 3.0
RP1091: 10/28/2012 10:52:02 AM - Software Distribution Service 3.0
RP1092: 10/28/2012 1:29:04 PM - Software Distribution Service 3.0
RP1093: 10/29/2012 6:17:52 PM - Software Distribution Service 3.0
RP1094: 10/30/2012 8:26:57 PM - System Checkpoint
RP1095: 10/31/2012 6:07:16 PM - Software Distribution Service 3.0
RP1096: 11/1/2012 6:41:54 PM - System Checkpoint
RP1097: 11/2/2012 8:52:26 PM - Software Distribution Service 3.0
RP1098: 11/3/2012 9:16:15 PM - System Checkpoint
RP1099: 11/4/2012 7:37:41 AM - Software Distribution Service 3.0
RP1100: 11/5/2012 6:26:40 PM - Software Distribution Service 3.0
RP1101: 11/7/2012 6:20:08 PM - Software Distribution Service 3.0
RP1102: 11/8/2012 8:37:11 PM - System Checkpoint
RP1103: 11/9/2012 6:42:24 PM - Software Distribution Service 3.0
RP1104: 11/10/2012 7:27:14 PM - System Checkpoint
RP1105: 11/11/2012 6:01:11 AM - Software Distribution Service 3.0
RP1106: 11/12/2012 6:20:03 PM - Software Distribution Service 3.0
RP1107: 11/13/2012 6:28:57 PM - System Checkpoint
RP1108: 11/13/2012 11:04:46 PM - Software Distribution Service 3.0
RP1109: 11/15/2012 6:42:18 AM - Software Distribution Service 3.0
RP1110: 11/17/2012 9:08:06 AM - Software Distribution Service 3.0
RP1111: 11/18/2012 9:19:22 AM - System Checkpoint
RP1112: 11/20/2012 5:56:44 PM - Software Distribution Service 3.0
RP1113: 11/21/2012 8:35:46 PM - System Checkpoint
RP1114: 11/22/2012 9:15:31 AM - Software Distribution Service 3.0
RP1115: 11/23/2012 9:30:26 AM - System Checkpoint
RP1116: 11/24/2012 9:24:36 AM - Software Distribution Service 3.0
RP1117: 11/25/2012 10:21:23 AM - System Checkpoint
RP1118: 11/25/2012 1:37:14 PM - Software Distribution Service 3.0
RP1119: 11/26/2012 2:12:34 PM - System Checkpoint
RP1120: 11/27/2012 6:49:44 PM - Software Distribution Service 3.0
RP1121: 11/28/2012 7:07:25 PM - System Checkpoint
RP1122: 11/30/2012 5:51:42 PM - Software Distribution Service 3.0
RP1123: 12/1/2012 6:44:13 PM - System Checkpoint
RP1124: 12/2/2012 8:06:48 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 4.57
ACDSee
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe® Photoshop® Album Starter Edition 3.0
Apple Application Support
Apple Software Update
ArcSoft PhotoFantasy
ArcSoft PhotoImpression
AT&T Yahoo! Applications
AT&T Yahoo! Music Jukebox
Avi2Dvd 0.4.5 beta
AviSynth 2.5
BitTorrent
BLM 2.7.7
CCleaner
Cisco Systems VPN Client 5.0.06.0160
Citrix XenApp Web Plugin
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 3.0
Dell Driver Download Manager
DivX Content Uploader
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVDStyler v1.8.1
eFax Messenger Plus
Efficient Address Book Free 1.66
Enhanced Multimedia Keyboard Solution
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp business inkjet 1100
HP LaserJet P1000 series
HP Photo Printing Software
HP Precisionscan Pro 3.1
HP Share-to-Web
HPCarePackCore
HPCarePackProducts
hppMSRedist
hppusgP1000
HPSSupply
ImgBurn
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
Japanese Fonts Support For Adobe Reader 8
Java 6 Update 2
Java 6 Update 3
Java 6 Update 5
Java SE Runtime Environment 6 Update 1
K-Lite Mega Codec Pack 6.2.0
LightScribe System Software 1.14.17.1
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
MediaMonkey 3.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
Nero 7 Essentials
neroxml
Netflix Movie Viewer
OGA Notifier 2.0.0048.0
PeerGuardian 2.0
PrintKey2000
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
RivaTuner v2.11
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Signature995
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
SyncBack
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.8
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0
Yahoo! Photos Easy Upload Tool
Yahoo! Photos Print-at-Home Tool
.
==== Event Viewer Messages From Past Week ========
.
12/1/2012 8:40:16 AM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00065B903DE3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
11/26/2012 6:03:47 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 00065B903DE3 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
-
My PC has been running slower and slower and hangs periodically for 3-10 minutes while the hard drive grinds away. I have removed several bugs in the past but I suspect my machine is still infected. I would wipe it and rebuild from scratch but the OS and MS Office has limited install rights. Any help you can provide would be appreciated. I'm just not sure where to start. Here is the most recent Malwarebytes log:
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.10.27.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Admin :: DELL1 [administrator]
10/28/2012 12:53:41 PM
mbam-log-2012-10-28 (12-53-41).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 231904
Time elapsed: 12 minute(s), 9 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Jeff, everything seems to be running fine. Thanks for your help and the fast responses!
-
So far so good
FYI - I noticed ZoneAlarm Firewall is recorded in the ComboFix logs. I uninstalled it some time ago. -
Here you go...
ComboFix 12-11-29.02 - Owner 11/29/2012 22:32:22.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.500 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\504e4dd6-3f117b75 a variant of Java/TrojanDownloader.Agent.NDJ trojan"
"c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\4d809ea6-5cd07129"
"c:\program files\QuotationCafe_45\bar\1.bin\45datact.dll"
"c:\program files\QuotationCafe_45\bar\1.bin\45htmlmu.dll"
"c:\program files\QuotationCafe_45\bar\1.bin\45ieovr.dll"
"c:\program files\QuotationCafe_45\bar\1.bin\45Plugin.dll"
"c:\program files\QuotationCafe_45\bar\1.bin\45skin.dll"
"c:\program files\QuotationCafe_45\bar\1.bin\T8HTML.DLL"
"c:\shared\Backup\Programs\Audio\WinAmp\winamp5581_full_emusic-7plus_en-us.exe"
"c:\shared\Backup\Programs\Coupon Printers\Coupons Dot Com Printer\CouponPrinter.exe"
"c:\shared\Backup\Programs\DVD_Video\Players\VLCfree\VLC_32.exe"
"c:\shared\Backup\Programs\Utilities\PandoraRecovery Undelete\cnet_PandoraRecovery2_1_1Setup_exe.exe"
"c:\shared\Backup\Programs\Winamp\winamp5601_full_emusic-7plus_en-us.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-30 )))))))))))))))))))))))))))))))
.
.
2012-11-30 01:15 . 2012-11-30 01:15 -------- d-----w- c:\program files\ESET
2012-11-28 23:24 . 2012-11-08 15:00 6812136 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{02F08F6D-07D5-4973-A002-1E95201F55E0}\mpengine.dll
2012-11-28 23:23 . 2012-11-08 15:00 6812136 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-25 16:04 . 2012-11-25 16:04 388096 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-11-25 16:03 . 2012-11-25 16:03 -------- d-----w- c:\program files\Trend Micro
2012-11-23 14:19 . 2012-11-23 14:19 -------- d-----w- C:\FFOutput
2012-11-22 14:50 . 2012-11-22 14:50 -------- d-----w- c:\program files\Microsoft Security Client
2012-11-21 23:39 . 2012-11-21 23:39 -------- d-----w- c:\program files\QuotationCafe_45
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 08:37 . 2004-08-12 14:09 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 22:28 . 2012-04-02 23:07 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 22:28 . 2011-06-04 16:19 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2004-08-12 14:06 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-29 23:54 . 2010-11-30 03:41 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-25 03:16 . 2012-10-30 17:06 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-18 22:38 . 2012-06-17 03:10 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-18 22:38 . 2011-12-04 01:07 746984 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-27 03:18 . 2010-12-27 03:18 16896 ----a-w- c:\program files\wmdmhelper.dll
2010-12-27 03:18 . 2010-12-27 03:18 9216 ----a-w- c:\program files\fixrjb.exe
2010-12-27 03:18 . 2010-12-27 03:18 641024 ----a-w- c:\program files\rjbres.dll
2010-12-27 03:18 . 2010-12-27 03:18 45056 ----a-w- c:\program files\ierjplug.dll
2010-12-27 03:18 . 2010-12-27 03:18 360960 ----a-w- c:\program files\rjdlg.dll
2010-12-27 03:18 . 2010-12-27 03:18 34304 ----a-w- c:\program files\rjprog.dll
2010-12-27 03:18 . 2010-12-27 03:18 139264 ----a-w- c:\program files\dunzip32.dll
2010-12-27 03:18 . 2010-12-27 03:18 943344 ----a-w- c:\program files\cddblink.dll
2010-12-27 03:18 . 2010-12-27 03:18 1115376 ----a-w- c:\program files\cddbmusicid.dll
2010-12-27 03:18 . 2010-12-27 03:18 23552 ----a-w- c:\program files\tnetdtct.dll
2010-12-27 03:18 . 2010-12-27 03:18 2041072 ----a-w- c:\program files\cddbcontrol.dll
2010-12-27 03:18 . 2010-12-27 03:18 74240 ----a-w- c:\program files\tsasdk.dll
2010-12-27 03:18 . 2010-12-27 03:18 45056 ----a-w- c:\program files\mmcdda32.dll
2010-12-27 03:18 . 2010-12-27 03:18 48128 ----a-w- c:\program files\tpasdk.dll
2010-12-27 03:18 . 2010-12-27 03:18 67072 ----a-w- c:\program files\rpwa3260.dll
2010-12-27 03:18 . 2010-12-27 03:18 46800 ----a-w- c:\program files\rpshellsearch.dll
2010-12-27 03:18 . 2010-12-27 03:18 16296 ----a-w- c:\program files\realtfon.fon
2010-12-27 03:18 . 2010-12-27 03:18 369320 ----a-w- c:\program files\realconverter.exe
2010-12-27 03:18 . 2010-12-27 03:18 345768 ----a-w- c:\program files\convert.exe
2010-12-27 03:17 . 2010-12-27 03:17 390384 ----a-w- c:\program files\mc_enc_mp4v.dll
2010-12-27 03:17 . 2010-12-27 03:17 371880 ----a-w- c:\program files\realtrimmer.exe
2010-12-27 03:17 . 2010-12-27 03:17 119968 ----a-w- c:\program files\realshare.exe
2010-12-27 03:17 . 2010-12-27 03:17 72192 ----a-w- c:\program files\rjwmapln.dll
2010-12-27 03:17 . 2010-12-27 03:17 719360 ----a-w- c:\program files\dbghelp.dll
2010-12-27 03:17 . 2010-12-27 03:17 46592 ----a-w- c:\program files\rpau3260.dll
2010-12-27 03:17 . 2010-12-27 03:17 27824 ----a-w- c:\program files\rndevicedbbuilder.exe
2010-12-27 03:17 . 2010-12-27 03:17 88064 ----a-w- c:\program files\hxaudiodevicehook.dll
2010-12-27 03:17 . 2010-12-27 03:17 86528 ----a-w- c:\program files\rpplugprot.dll
2010-12-27 03:17 . 2010-12-27 03:17 63168 ----a-w- c:\program files\rpshell.dll
2010-12-27 03:17 . 2010-12-27 03:17 117448 ----a-w- c:\program files\rdsf3260.dll
2010-12-27 03:17 . 2010-12-27 03:17 9728 ----a-w- c:\program files\realjbox.exe
2010-12-27 03:17 . 2010-12-27 03:17 491168 ----a-w- c:\program files\realplay.exe
2010-12-27 03:17 . 2010-12-27 03:17 18120 ----a-w- c:\program files\rphelperapp.exe
2010-12-27 03:17 . 2010-12-27 03:17 415456 ----a-w- c:\program files\recordingmanager.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2012-01-21 719672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE" [2006-02-10 344064]
"RTHDCPL"="RTHDCPL.EXE" [2009-06-12 17887232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-10-6 869376]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [N/A]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\AutorunsDisabled
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]
Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2010-10-6 869376]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 16:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-12-27 03:17 274608 ----a-w- c:\program files\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Turbo Key]
2009-11-24 20:25 1874432 ----a-w- c:\program files\ASUS\Turbo Key\TurboKey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [11/21/2010 1:20 PM 90112]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [1/18/2012 1:44 AM 450848]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [9/26/2010 2:00 PM 1684736]
S3 CompFilter;UVCCompositeFilter;c:\windows\system32\drivers\lvbusflt.sys [1/18/2012 1:44 AM 22176]
S3 MSSQL$UPSBAT;SQL Server (UPSBAT);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 5:29 PM 29293408]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/12/2004 9:06 AM 14336]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [1/21/2012 9:43 PM 96488]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [1/21/2012 9:43 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [1/21/2012 9:43 PM 121576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 22:28]
.
2012-11-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-30 00:34]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-30 00:34]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-606747145-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-26 00:34]
.
2012-11-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-606747145-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-26 00:34]
.
2012-11-29 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2011-01-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-606747145-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2012-11-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1390067357-606747145-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-01-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-606747145-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2012-11-25 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1390067357-606747145-839522115-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: aspdeploy.com\*.umich.cp
Trusted Zone: av-fa-osoft01
Trusted Zone: umich.edu\*.businessobjects
Trusted Zone: umich.edu\*.businessobjects.mpathways.dsc
Trusted Zone: umich.edu\*.finops
Trusted Zone: umich.edu\*.wolverineaccess
Trusted Zone: umich.edu\businessobjects
Trusted Zone: umich.edu\wolverineaccess
TCP: DhcpNameServer = 75.75.76.76 75.75.75.75
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://www.mejuba.com/member/usercontrols/Files/Scripts/ImageUploader6.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-29 22:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\Ótжþ* ]
"DisplayName"=""
"DeviceDesc"=""
"ProviderName"=""
"MFG"="?????"
"ReinstallString"="?µ\01"
"DeviceInstanceIds"=multi:"n\\download\\install\\driver\\2kxp_inf\\cx_19641.inf\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\program files\MediaMonkey\DeskPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-11-29 22:40:57
ComboFix-quarantined-files.txt 2012-11-30 03:40
ComboFix2.txt 2012-11-28 00:14
.
Pre-Run: 20,307,427,328 bytes free
Post-Run: 20,325,285,888 bytes free
.
- - End Of File - - 50876B274FB296CEAD4320F8FD7C36EE
-
Here's the Logs:
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.11.29.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: FAMILYROOM [administrator]
11/29/2012 8:04:44 PM
mbam-log-2012-11-29 (20-04-44).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 223027
Time elapsed: 4 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
==================================
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\504e4dd6-3f117b75 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\38\4d809ea6-5cd07129 multiple threats
C:\Program Files\QuotationCafe_45\bar\1.bin\45datact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files\QuotationCafe_45\bar\1.bin\45htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files\QuotationCafe_45\bar\1.bin\45ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files\QuotationCafe_45\bar\1.bin\45Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\QuotationCafe_45\bar\1.bin\45skin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files\QuotationCafe_45\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Shared\Backup\Programs\Audio\WinAmp\winamp5581_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\Shared\Backup\Programs\Coupon Printers\Coupons Dot Com Printer\CouponPrinter.exe probably a variant of Win32/Adware.Softomate.AD application
C:\Shared\Backup\Programs\DVD_Video\Players\VLCfree\VLC_32.exe a variant of Win32/InstallIQ application
C:\Shared\Backup\Programs\Utilities\PandoraRecovery Undelete\cnet_PandoraRecovery2_1_1Setup_exe.exe a variant of Win32/InstallCore.D application
C:\Shared\Backup\Programs\Winamp\winamp5601_full_emusic-7plus_en-us.exe Win32/OpenCandy application
C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069572.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069574.dll a variant of Win32/Toolbar.MyWebSearch.Q application
C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069575.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069576.dll a variant of Win32/Toolbar.MyWebSearch.Q application
C:\System Volume Information\_restore{4570B652-C7F7-4CE0-AD7E-071FC2591C4D}\RP747\A0069577.dll Win32/Toolbar.MyWebSearch application
-
Jeff,
I do not have a Java icon in the cotrol panel. This might be because MS Security Essentials detected a virus in the last Java update and removed the file?? I have since reinstalled SE because Windows security alerts kept reporting my anti-virus was turned off when it was not. Now the SE history log is empty so I can't tell you what the file or virus name was. Should I continue with the remaining instructions or re-install Java?
-
It seems to take a little longer to boot than it should but it runs fine other than that.
-
Jeff, here's the adwcleaner Log:
# AdwCleaner v2.009 - Logfile created 11/28/2012 at 18:11:02
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - FAMILYROOM
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\PIP
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.91
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1408 octets] - [27/11/2012 22:28:31]
AdwCleaner[s1].txt - [1357 octets] - [28/11/2012 18:11:02]
########## EOF - C:\AdwCleaner[s1].txt - [1417 octets] ##########
-
Jeff, Here's the AdwCleaner lo contents:
# AdwCleaner v2.009 - Logfile created 11/27/2012 at 22:28:31
# Updated 24/11/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Owner - FAMILYROOM
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
***** [Registry] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\PIP
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\Software\PIP
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.91
File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [1279 octets] - [27/11/2012 22:28:31]
########## EOF - C:\AdwCleaner[R1].txt - [1339 octets] ##########
-
Jeff, Here's the ComboFix log.
-
Jeff,
Thanks for the quick response! I downloaded the tools, ran the scans and attached the logs here:
-
I recently used Malwarebytes to remove PUP "MyWebSearch" after noticing my browser was behaving strangely. However, the I.E. toolbar (AKA QuotationCafe_45) is still showing up in the I.E. Add-Ons. I also ran a HijackThis scan but when I clicked the “Analyze This” button I got an error "No Internet Connection Available." I tried turning off the Windows firewall and tried again with the same result.
I have removed various other bugs before and I would just like some help verifying I have sufficiently eradicated everything. The most recent Malwarebytes and HijackThis logs are below. I appreciate any help you can offer.
Thanks in advance,
Pepper
=============================================
Malwarebytes Anti-Malware 1.65.1.1000
Database version: v2012.11.25.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Owner :: FAMILYROOM [administrator]
11/25/2012 9:25:15 AM
mbam-log-2012-11-25 (09-25-15).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 224652
Time elapsed: 8 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 18
HKLM\SYSTEM\CurrentControlSet\Services\QuotationCafe_45Service (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{3b069953-cf59-4926-9d28-a4589c462859} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\TypeLib\{7abc0217-276f-4940-840e-2a0acbeb4249} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Interface\{1D63CC1B-2217-4EEB-B89C-0C3BB3C46D7A} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\QuotationCafe_45.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\QuotationCafe_45.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B069953-CF59-4926-9D28-A4589C462859} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B069953-CF59-4926-9D28-A4589C462859} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuotationCafe_45bar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8619595f-4eef-4164-b040-fb7436301a06} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8619595F-4EEF-4164-B040-FB7436301A06} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8619595F-4EEF-4164-B040-FB7436301A06} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8619595F-4EEF-4164-B040-FB7436301A06} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{6ab96dd7-6e0c-4a7f-93e0-a8a47a685d81} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{8561f2a1-d885-4852-8289-81ae4ad0ad99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8561F2A1-D885-4852-8289-81AE4AD0AD99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8561F2A1-D885-4852-8289-81AE4AD0AD99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8561F2A1-D885-4852-8289-81AE4AD0AD99} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QuotationCafe Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\QUOTAT~2\bar\1.bin\45srchmn.exe" /m=2 /w /h -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|QuotationCafe_45 Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\QUOTAT~2\bar\1.bin\45brmon.exe -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{6AB96DD7-6E0C-4A7F-93E0-A8A47A685D81} (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully.
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.MyWebsearch) -> Bad: (http://home.mywebsea...CFegWMgodxwIAaA) Good: (http://www.google.com) -> Quarantined and repaired successfully.
Folders Detected: 0
(No malicious items detected)
Files Detected: 7
C:\Program Files\QuotationCafe_45\bar\1.bin\45hkstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\QuotationCafe_45\bar\1.bin\45brstub.dll (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\QuotationCafe_45\bar\1.bin\45SrchMn.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\QuotationCafe_45\bar\1.bin\45brmon.exe (PUP.MyWebSearch) -> Delete on reboot.
C:\Program Files\QuotationCafe_45\bar\1.bin\45barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\QuotationCafe_45\bar\1.bin\45SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end)
===========================================
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:56:17 AM, on 11/25/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Shared\Backup\Programs\Windows Utilities\Zoomit\ZoomIt.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users.WINDOWS\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: QuotationCafe - {99bced2f-1db3-4ecd-8e35-8906428a6cfe} - C:\Program Files\QuotationCafe_45\bar\1.bin\45bar.dll (file missing)
O4 - HKLM\..\Run: [ATIPTA] C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe -update activex
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Printkey2000.lnk = C:\Program Files\PrintKey2000\Printkey2000.exe
O4 - Startup: Shortcut to ZoomIt.exe.lnk = Backup\Programs\Windows Utilities\Zoomit\ZoomIt.exe
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: &Search - http://tbedits.quota...2012112118&cv=2
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmi...inAxControl.CAB
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} (asusTek_sysctrl Class) - http://support.asus....k_sys_ctrl3.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus....vex-2.2.5.0.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1285451521765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1341341445343
O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://www.mejuba.co...geUploader6.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.ad...Plus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logme...trl.cab?lmi=724
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
--
End of file - 9098 bytes
The overall performance (browser-wise) is better. The overall system performance remains about 50% from where it used to be.
PC Running Slow and Hangs Frequently
in Resolved Malware Removal Logs
Posted
Ok, thanks for the help. Question... why did you have me uninstall bittorrent? Is there a reason I should'nt install it again?