bbenson831

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 3.7.5 (12.02.2012:2) OS: Microsoft Windows XP x86 Ran by Bryan on Sun 12/02/2012 at 19:06:15.18 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1547161642-813497703-682003330-1003\software\microsoft\internet explorer\main\\Search Page ~~~ Registry Keys Successfully deleted: [Registry Key] "hkey_classes_root\appid\babyloniepi.dll" Successfully deleted: [Registry Key] "hkey_classes_root\babyloniepi.babyloniebho" Successfully deleted: [Registry Key] "hkey_classes_root\babyloniepi.babyloniebho.1" Successfully deleted: [Registry Key] "hkey_classes_root\babylonofficeaddin.officeaddin" Successfully deleted: [Registry Key] "hkey_classes_root\babylonofficeaddin.officeaddin.1" Successfully deleted: [Registry Key] "hkey_current_user\software\conduit" Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\menuext\translate this web page with babylon" Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\menuext\translate with babylon" Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin" Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin" Successfully deleted: [Registry Key] "hkey_current_user\software\zugo" Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap" Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit" Successfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com" Successfully deleted: [Registry Key] "hkey_local_machine\software\metastream" Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6ac0bb10-c922-45e2-857d-2a368fe749e5} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1} Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9d425283-d487-4337-bab6-ab8354a81457} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\premium" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\speedypc software" Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia" Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Application Data\babylon" Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Application Data\speedypc software" Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Local Settings\Application Data\babylon" Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Local Settings\Application Data\conduit" Successfully deleted: [Folder] "C:\Program Files\babylon" Successfully deleted: [Folder] "C:\Program Files\conduit" Successfully deleted: [Folder] "C:\Program Files\search toolbar" ~~~ FireFox Successfully deleted: [File] C:\Documents and Settings\Bryan\Application Data\mozilla\firefox\profiles\qvub40zq.default\user.js Successfully deleted the following from C:\Documents and Settings\Bryan\Application Data\mozilla\firefox\profiles\qvub40zq.default\prefs.js user_pref("CT1460988.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx"); user_pref("CT1460988.CT1667811.CommunityChanged", true); user_pref("CT1460988.CT1668860.CommunityChanged", true); user_pref("CT1460988.CT1668889.CommunityChanged", true); user_pref("CT1460988.CT1669100.CommunityChanged", true); user_pref("CT1460988.CT1669115.CommunityChanged", true); user_pref("CT1460988.CT1670222.CommunityChanged", true); user_pref("CT1460988.CT1670245.CommunityChanged", true); user_pref("CT1460988.CT1729581.CommunityChanged", true); user_pref("CT1460988.CT1729585.CommunityChanged", true); user_pref("CT1460988.CT1729587.CommunityChanged", true); user_pref("CT1460988.CT1729593.CommunityChanged", true); user_pref("CT1460988.CT2164362.CommunityChanged", true); user_pref("CT1460988.CTID", "CT1460988"); user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.CommunityChanged", true); user_pref("CT1460988.CurrentServerDate", "24-5-2010"); user_pref("CT1460988.DialogsAlignMode", "LTR"); user_pref("CT1460988.DownloadReferralCookieData", ""); user_pref("CT1460988.EMailNotifierPollDate", "Mon May 24 2010 07:28:37 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.FeedPollDate128460898315556274", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.FeedPollDate128460899415556929", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.FeedPollDate128460899564463182", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.FeedPollDate128460899661963361", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.FeedPollDate128460899768994715", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.FeedPollDate128479826070094154", "Mon May 24 2010 07:28:36 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.FeedTTL128460898315556274", 5); user_pref("CT1460988.FeedTTL128460899415556929", 20); user_pref("CT1460988.FeedTTL128460899564463182", 30); user_pref("CT1460988.FeedTTL128460899661963361", 15); user_pref("CT1460988.FirstServerDate", "24-5-2010"); user_pref("CT1460988.FirstTime", true); user_pref("CT1460988.FirstTimeFF3", true); user_pref("CT1460988.FirstTimeSettingsDone", true); user_pref("CT1460988.FixPageNotFoundErrors", true); user_pref("CT1460988.GroupingLastCheckTime", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.GroupingLastErrorCode", ""); user_pref("CT1460988.GroupingLastResponse", true); user_pref("CT1460988.GroupingLastServerUpdateTime", "129191100235900000"); user_pref("CT1460988.GroupingServerCheckInterval", 1440); user_pref("CT1460988.GroupingServiceUrl", "http://grouping.services.conduit.com/"); user_pref("CT1460988.Initialize", true); user_pref("CT1460988.InitializeCommonPrefs", true); user_pref("CT1460988.InstallationAndCookieDataSentCount", 3); user_pref("CT1460988.InstallationType", "UnknownIntegration"); user_pref("CT1460988.InstalledDate", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.IsGrouping", true); user_pref("CT1460988.IsMulticommunity", false); user_pref("CT1460988.IsOpenThankYouPage", false); user_pref("CT1460988.IsOpenUninstallPage", true); user_pref("CT1460988.LanguagePackLastCheckTime", "Sun May 23 2010 18:29:14 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440); user_pref("CT1460988.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx"); user_pref("CT1460988.LastLogin_2.6.0.15", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.LatestVersion", "2.1.0.18"); user_pref("CT1460988.Locale", "en-us"); user_pref("CT1460988.LoginCache", 4); user_pref("CT1460988.MCDetectTooltipHeight", "83"); user_pref("CT1460988.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); user_pref("CT1460988.MCDetectTooltipWidth", "295"); user_pref("CT1460988.RadioIsPodcast", false); user_pref("CT1460988.RadioMediaID", "6820481"); user_pref("CT1460988.RadioMediaType", "Media Player"); user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609886820481"); user_pref("CT1460988.RadioStationName", "100.7%20FM%20ICRT"); user_pref("CT1460988.RadioStationURL", "http://live.giga.net.tw/icrt16.asx"); user_pref("CT1460988.SHRINK_TOOLBAR", 1); user_pref("CT1460988.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1460988&octid=EB_ORIGINAL_CTID&SearchSource=1"); user_pref("CT1460988.SearchFromAddressBarIsInit", true); user_pref("CT1460988.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&q="); user_pref("CT1460988.SearchInNewTabEnabled", true); user_pref("CT1460988.SearchInNewTabIntervalMM", 1440); user_pref("CT1460988.SearchInNewTabLastCheckTime", "Sun May 23 2010 18:29:13 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); user_pref("CT1460988.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"); user_pref("CT1460988.SettingsCheckIntervalMin", 120); user_pref("CT1460988.SettingsLastCheckTime", "Sun May 23 2010 18:29:10 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.SettingsLastUpdate", "1274629223"); user_pref("CT1460988.ThirdPartyComponentsInterval", 504); user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Sun May 23 2010 18:29:09 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1274629223"); user_pref("CT1460988.ToggleComponentState129160818675915142", true); user_pref("CT1460988.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112"); user_pref("CT1460988.UserID", "UN04442162848652453"); user_pref("CT1460988.ValidationData_Toolbar", 0); user_pref("CT1460988.WeatherNetwork", ""); user_pref("CT1460988.WeatherPollDate", "Mon May 24 2010 07:28:36 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.WeatherUnit", "F"); user_pref("CT1460988.clientLogIsEnabled", false); user_pref("CT1460988.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); user_pref("CT1460988.ct1460988.DialogsAlignMode", "LTR"); user_pref("CT1460988.ct1460988.FeedLastCount128460900971181341", 214); user_pref("CT1460988.ct1460988.FirstTimeSettingsDone", true); user_pref("CT1460988.ct1460988.GroupingInvalidateCache", false); user_pref("CT1460988.ct1460988.GroupingLastCheckTime", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.ct1460988.GroupingLastErrorCode", ""); user_pref("CT1460988.ct1460988.GroupingLastResponse", true); user_pref("CT1460988.ct1460988.GroupingLastServerUpdateTime", "129191100235900000"); user_pref("CT1460988.ct1460988.InvalidateCache", false); user_pref("CT1460988.ct1460988.LanguagePackLastCheckTime", "Sun May 23 2010 18:29:14 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.ct1460988.Locale", "en-us"); user_pref("CT1460988.ct1460988.RadioLastCheckTime", "Sun May 23 2010 18:29:13 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.ct1460988.RadioLastUpdateIPServer", "3"); user_pref("CT1460988.ct1460988.RadioLastUpdateServer", "128929877726170000"); user_pref("CT1460988.ct1460988.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct1460988&octid=EB_ORIGINAL_CTID&SearchSource=1"); user_pref("CT1460988.ct1460988.SearchInNewTabLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.ct1460988.SettingsCheckIntervalMin", 120); user_pref("CT1460988.ct1460988.SettingsLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.ct1460988.SettingsLastUpdate", "1274629223"); user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastCheck", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)"); user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastUpdate", "1274629223"); user_pref("CT1460988.myStuffEnabled", true); user_pref("CT1460988.myStuffPublihserMinWidth", 400); user_pref("CT1460988.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); user_pref("CT1460988.myStuffServiceIntervalMM", 1440); user_pref("CT1460988.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); user_pref("CT1460988.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties"); user_pref("CommunityToolbar.ToolbarsList", "CT1460988"); user_pref("CommunityToolbar.ToolbarsList2", "CT1460988"); user_pref("browser.search.defaulturl", "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"); user_pref("keyword.URL", "http://isearch.avg.com/search?cid={80C691CF-FBB2-4D39-B12C-128407AE7F2F}&mid=158b713191cc3387a186f260f0326c2d-f3d18060dcc114e43e472e645babadf050d7206d〈=en&ds=AVG&pr=fr&d= user_pref("xpinstall.whitelist.add.36", "");user_pref("browser.startup.homepage", "http://apype.com"); user_pref("keyword.URL", "http://apype.com/results.php?q="); user_pref("extensions.installCache", "[{\"addons\":{\"3z1Fb2o@skywebsearch.com\":{\"descriptor\":\"C:\\\\Program Files\\\\YuoTubeDownloader\\\\YuoTubeDownloader.xpi\",\"mtime\":1346643907}},\"name\":\ user_pref("extensions.enabledAddons", "3z1Fb2o@skywebsearch.com:3.0.0.0"); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sun 12/02/2012 at 19:10:08.93 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2 Run by Bryan at 19:21:59 on 2012-12-02 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.1740 [GMT -8:00] . AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes ================ . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Creative\Shared Files\CTAudSvc.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Paradox Interactive\Europa Universalis III\eu3game.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\explorer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com mSearchAssistant = hxxp://search.live.com/sphome.aspx BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [CTHelper] CTHELPER.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{3F6AF637-CE28-402F-999A-BD8CADB18CC6} : DHCPNameServer = 192.168.0.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 mpa.one.microsoft.com . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920] R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-30 26984] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-24 24652] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-30 711112] R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304] R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480] R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2010-1-20 37376] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232] R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-9-26 21920] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736] S3 cpuz132;cpuz132;\??\c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-27 79360] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] . =============== File Associations =============== . FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice] . =============== Created Last 30 ================ . 2012-12-03 03:06:12 -------- d-----w- c:\windows\ERUNT 2012-12-03 03:06:07 -------- d-----w- C:\JRT 2012-12-01 02:10:09 -------- d-----w- c:\documents and settings\bryan\application data\AVG2012 2012-12-01 02:08:50 -------- d-----w- c:\documents and settings\bryan\local settings\application data\AVG Secure Search 2012-12-01 02:08:39 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search 2012-12-01 02:08:33 -------- d-----w- c:\documents and settings\bryan\application data\AVG Secure Search 2012-12-01 02:08:29 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-12-01 02:08:27 -------- d-----w- c:\program files\common files\AVG Secure Search 2012-12-01 02:08:23 -------- d-----w- c:\program files\AVG Secure Search 2012-12-01 01:47:44 -------- d-----w- c:\documents and settings\bryan\application data\DriverCure 2012-12-01 01:45:34 -------- d-----w- c:\documents and settings\bryan\application data\ElevatedDiagnostics 2012-12-01 01:45:17 -------- d-----w- c:\program files\Microsoft ATS 2012-12-01 01:37:47 -------- d-----w- c:\program files\My Drivers 2012-11-11 20:58:24 -------- d-----w- c:\documents and settings\bryan\local settings\application data\Sun 2012-11-11 20:57:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-11 20:57:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2012-11-11 20:57:25 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-11 20:57:25 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-22 15:54:09 106496 ----a-w- c:\windows\system32\ATL71.DLL 2012-09-04 10:28:52 65128 ----a-w- c:\windows\apppatch\MATSShim.DLL . ============= FINISH: 19:22:25.67 =============== Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.03.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Bryan :: JIGGA [administrator] 12/2/2012 7:14:46 PM mbam-log-2012-12-02 (19-14-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219015 Time elapsed: 4 minute(s), 21 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Ok, All instructions you had given were completed with no trouble. Here are the logs you have requested upon completion. JRT.txt mbam-log-2012-12-02 (19-14-46).txt dds.txt Thanks, Bryan

Thank you. Here is the Attach.txt you asked for. Aside from what I said I did above, I have done nothing else to fix the problem. I also forgot to mention that I was hacked into in Sept. this year, but I caught it quickly and dealt with that situation promptly. However, I'm not sure just HOW much damage was done (that I didn't see or find out) since I thought I repaired it. Thanks, Bryan attach.zip

Hello, I'm new to this site and normally am able to fix my own problems but this one has me a little stumped. It began with the start menu / All Programs / and any program in there that I would click on would not run. Almost like it lost the target files location just all the sudden. So in order to load any program I wanted from the start menu route, I would instead have to go all the way through the My Computer icon / c: drive / program files / etc. Very annoying to say the least. The next day (today) I tried opening Microsoft Word 2007 and it would not come up. No matter how I tired it would not. So I figured well maybe I go ahead and go threw the motion of fixing. I did disk clean up / Malwarebytes / and then went to re-install AVG but got an error I've never had before. Windows Installer not working properly or installed correctly. So I took the following steps to replace and repair. I finally got it working. AVG detected nothing/ Malwarebytes found 2 pup.MyWebSearch one in Registry key and one in Registry Value but removed them. Other then that nothing else. Well now I can resume installing programs but I still have the issue with the start menu. Its like the CPU doesn't recognized the programs from the start menu but only threw my computer etc etc. Any Ideas on what I can do/options? Thanks, Bryan ps I apologize if this is the wrong forum to post. My OS is XP PRO Running off an Asus motherboard (in case any needs to know) dds.txt