bbenson831
-
Posts
4 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by bbenson831
-
-
Ok,
All instructions you had given were completed with no trouble. Here are the logs you have requested upon completion.
mbam-log-2012-12-02 (19-14-46).txt
Thanks, Bryan
-
Thank you. Here is the Attach.txt you asked for. Aside from what I said I did above, I have done nothing else to fix the problem. I also forgot to mention that I was hacked into in Sept. this year, but I caught it quickly and dealt with that situation promptly. However, I'm not sure just HOW much damage was done (that I didn't see or find out) since I thought I repaired it.
Thanks, Bryan
-
Hello,
I'm new to this site and normally am able to fix my own problems but this one has me a little stumped. It began with the start menu / All Programs / and any program in there that I would click on would not run. Almost like it lost the target files location just all the sudden. So in order to load any program I wanted from the start menu route, I would instead have to go all the way through the My Computer icon / c: drive / program files / etc. Very annoying to say the least. The next day (today) I tried opening Microsoft Word 2007 and it would not come up. No matter how I tired it would not. So I figured well maybe I go ahead and go threw the motion of fixing. I did disk clean up / Malwarebytes / and then went to re-install AVG but got an error I've never had before. Windows Installer not working properly or installed correctly. So I took the following steps to replace and repair. I finally got it working. AVG detected nothing/ Malwarebytes found 2 pup.MyWebSearch one in Registry key and one in Registry Value but removed them. Other then that nothing else. Well now I can resume installing programs but I still have the issue with the start menu. Its like the CPU doesn't recognized the programs from the start menu but only threw my computer etc etc. Any Ideas on what I can do/options?
Thanks, Bryan
ps I apologize if this is the wrong forum to post.
My OS is XP PRO
Running off an Asus motherboard (in case any needs to know)
Issue began with start menu but grew
in Resolved Malware Removal Logs
Posted
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.5 (12.02.2012:2)
OS: Microsoft Windows XP x86
Ran by Bryan on Sun 12/02/2012 at 19:06:15.18
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1547161642-813497703-682003330-1003\software\microsoft\internet explorer\main\\Search Page
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_classes_root\appid\babyloniepi.dll"
Successfully deleted: [Registry Key] "hkey_classes_root\babyloniepi.babyloniebho"
Successfully deleted: [Registry Key] "hkey_classes_root\babyloniepi.babyloniebho.1"
Successfully deleted: [Registry Key] "hkey_classes_root\babylonofficeaddin.officeaddin"
Successfully deleted: [Registry Key] "hkey_classes_root\babylonofficeaddin.officeaddin.1"
Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\menuext\translate this web page with babylon"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\menuext\translate with babylon"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin"
Successfully deleted: [Registry Key] "hkey_current_user\software\zugo"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com"
Successfully deleted: [Registry Key] "hkey_local_machine\software\metastream"
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6ac0bb10-c922-45e2-857d-2a368fe749e5}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9d425283-d487-4337-bab6-ab8354a81457}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\premium"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Application Data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Local Settings\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\babylon"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\search toolbar"
~~~ FireFox
Successfully deleted: [File] C:\Documents and Settings\Bryan\Application Data\mozilla\firefox\profiles\qvub40zq.default\user.js
Successfully deleted the following from C:\Documents and Settings\Bryan\Application Data\mozilla\firefox\profiles\qvub40zq.default\prefs.js
user_pref("CT1460988.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT1460988.CT1667811.CommunityChanged", true);
user_pref("CT1460988.CT1668860.CommunityChanged", true);
user_pref("CT1460988.CT1668889.CommunityChanged", true);
user_pref("CT1460988.CT1669100.CommunityChanged", true);
user_pref("CT1460988.CT1669115.CommunityChanged", true);
user_pref("CT1460988.CT1670222.CommunityChanged", true);
user_pref("CT1460988.CT1670245.CommunityChanged", true);
user_pref("CT1460988.CT1729581.CommunityChanged", true);
user_pref("CT1460988.CT1729585.CommunityChanged", true);
user_pref("CT1460988.CT1729587.CommunityChanged", true);
user_pref("CT1460988.CT1729593.CommunityChanged", true);
user_pref("CT1460988.CT2164362.CommunityChanged", true);
user_pref("CT1460988.CTID", "CT1460988");
user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.CommunityChanged", true);
user_pref("CT1460988.CurrentServerDate", "24-5-2010");
user_pref("CT1460988.DialogsAlignMode", "LTR");
user_pref("CT1460988.DownloadReferralCookieData", "");
user_pref("CT1460988.EMailNotifierPollDate", "Mon May 24 2010 07:28:37 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.FeedPollDate128460898315556274", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.FeedPollDate128460899415556929", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.FeedPollDate128460899564463182", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.FeedPollDate128460899661963361", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.FeedPollDate128460899768994715", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.FeedPollDate128479826070094154", "Mon May 24 2010 07:28:36 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.FeedTTL128460898315556274", 5);
user_pref("CT1460988.FeedTTL128460899415556929", 20);
user_pref("CT1460988.FeedTTL128460899564463182", 30);
user_pref("CT1460988.FeedTTL128460899661963361", 15);
user_pref("CT1460988.FirstServerDate", "24-5-2010");
user_pref("CT1460988.FirstTime", true);
user_pref("CT1460988.FirstTimeFF3", true);
user_pref("CT1460988.FirstTimeSettingsDone", true);
user_pref("CT1460988.FixPageNotFoundErrors", true);
user_pref("CT1460988.GroupingLastCheckTime", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.GroupingLastErrorCode", "");
user_pref("CT1460988.GroupingLastResponse", true);
user_pref("CT1460988.GroupingLastServerUpdateTime", "129191100235900000");
user_pref("CT1460988.GroupingServerCheckInterval", 1440);
user_pref("CT1460988.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT1460988.Initialize", true);
user_pref("CT1460988.InitializeCommonPrefs", true);
user_pref("CT1460988.InstallationAndCookieDataSentCount", 3);
user_pref("CT1460988.InstallationType", "UnknownIntegration");
user_pref("CT1460988.InstalledDate", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.IsGrouping", true);
user_pref("CT1460988.IsMulticommunity", false);
user_pref("CT1460988.IsOpenThankYouPage", false);
user_pref("CT1460988.IsOpenUninstallPage", true);
user_pref("CT1460988.LanguagePackLastCheckTime", "Sun May 23 2010 18:29:14 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1460988.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT1460988.LastLogin_2.6.0.15", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.LatestVersion", "2.1.0.18");
user_pref("CT1460988.Locale", "en-us");
user_pref("CT1460988.LoginCache", 4);
user_pref("CT1460988.MCDetectTooltipHeight", "83");
user_pref("CT1460988.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1460988.MCDetectTooltipWidth", "295");
user_pref("CT1460988.RadioIsPodcast", false);
user_pref("CT1460988.RadioMediaID", "6820481");
user_pref("CT1460988.RadioMediaType", "Media Player");
user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609886820481");
user_pref("CT1460988.RadioStationName", "100.7%20FM%20ICRT");
user_pref("CT1460988.RadioStationURL", "http://live.giga.net.tw/icrt16.asx");
user_pref("CT1460988.SHRINK_TOOLBAR", 1);
user_pref("CT1460988.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1460988&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT1460988.SearchFromAddressBarIsInit", true);
user_pref("CT1460988.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&q=");
user_pref("CT1460988.SearchInNewTabEnabled", true);
user_pref("CT1460988.SearchInNewTabIntervalMM", 1440);
user_pref("CT1460988.SearchInNewTabLastCheckTime", "Sun May 23 2010 18:29:13 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT1460988.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT1460988.SettingsCheckIntervalMin", 120);
user_pref("CT1460988.SettingsLastCheckTime", "Sun May 23 2010 18:29:10 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.SettingsLastUpdate", "1274629223");
user_pref("CT1460988.ThirdPartyComponentsInterval", 504);
user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Sun May 23 2010 18:29:09 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1274629223");
user_pref("CT1460988.ToggleComponentState129160818675915142", true);
user_pref("CT1460988.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT1460988.UserID", "UN04442162848652453");
user_pref("CT1460988.ValidationData_Toolbar", 0);
user_pref("CT1460988.WeatherNetwork", "");
user_pref("CT1460988.WeatherPollDate", "Mon May 24 2010 07:28:36 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.WeatherUnit", "F");
user_pref("CT1460988.clientLogIsEnabled", false);
user_pref("CT1460988.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1460988.ct1460988.DialogsAlignMode", "LTR");
user_pref("CT1460988.ct1460988.FeedLastCount128460900971181341", 214);
user_pref("CT1460988.ct1460988.FirstTimeSettingsDone", true);
user_pref("CT1460988.ct1460988.GroupingInvalidateCache", false);
user_pref("CT1460988.ct1460988.GroupingLastCheckTime", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.ct1460988.GroupingLastErrorCode", "");
user_pref("CT1460988.ct1460988.GroupingLastResponse", true);
user_pref("CT1460988.ct1460988.GroupingLastServerUpdateTime", "129191100235900000");
user_pref("CT1460988.ct1460988.InvalidateCache", false);
user_pref("CT1460988.ct1460988.LanguagePackLastCheckTime", "Sun May 23 2010 18:29:14 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.ct1460988.Locale", "en-us");
user_pref("CT1460988.ct1460988.RadioLastCheckTime", "Sun May 23 2010 18:29:13 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.ct1460988.RadioLastUpdateIPServer", "3");
user_pref("CT1460988.ct1460988.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1460988.ct1460988.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct1460988&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT1460988.ct1460988.SearchInNewTabLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.ct1460988.SettingsCheckIntervalMin", 120);
user_pref("CT1460988.ct1460988.SettingsLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.ct1460988.SettingsLastUpdate", "1274629223");
user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastCheck", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)");
user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastUpdate", "1274629223");
user_pref("CT1460988.myStuffEnabled", true);
user_pref("CT1460988.myStuffPublihserMinWidth", 400);
user_pref("CT1460988.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1460988.myStuffServiceIntervalMM", 1440);
user_pref("CT1460988.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1460988.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT1460988");
user_pref("CommunityToolbar.ToolbarsList2", "CT1460988");
user_pref("browser.search.defaulturl", "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch");
user_pref("keyword.URL", "http://isearch.avg.com/search?cid={80C691CF-FBB2-4D39-B12C-128407AE7F2F}&mid=158b713191cc3387a186f260f0326c2d-f3d18060dcc114e43e472e645babadf050d7206d〈=en&ds=AVG&pr=fr&d=
user_pref("xpinstall.whitelist.add.36", "");user_pref("browser.startup.homepage", "http://apype.com");
user_pref("keyword.URL", "http://apype.com/results.php?q=");
user_pref("extensions.installCache", "[{\"addons\":{\"3z1Fb2o@skywebsearch.com\":{\"descriptor\":\"C:\\\\Program Files\\\\YuoTubeDownloader\\\\YuoTubeDownloader.xpi\",\"mtime\":1346643907}},\"name\":\
user_pref("extensions.enabledAddons", "3z1Fb2o@skywebsearch.com:3.0.0.0");
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/02/2012 at 19:10:08.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Run by Bryan at 19:21:59 on 2012-12-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.1740 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Paradox Interactive\Europa Universalis III\eu3game.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
mSearchAssistant = hxxp://search.live.com/sphome.aspx
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3F6AF637-CE28-402F-999A-BD8CADB18CC6} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 mpa.one.microsoft.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-30 26984]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-24 24652]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-30 711112]
R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]
R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2010-1-20 37376]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-9-26 21920]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]
S3 cpuz132;cpuz132;\??\c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-27 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]
.
=============== Created Last 30 ================
.
2012-12-03 03:06:12 -------- d-----w- c:\windows\ERUNT
2012-12-03 03:06:07 -------- d-----w- C:\JRT
2012-12-01 02:10:09 -------- d-----w- c:\documents and settings\bryan\application data\AVG2012
2012-12-01 02:08:50 -------- d-----w- c:\documents and settings\bryan\local settings\application data\AVG Secure Search
2012-12-01 02:08:39 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-12-01 02:08:33 -------- d-----w- c:\documents and settings\bryan\application data\AVG Secure Search
2012-12-01 02:08:29 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-12-01 02:08:27 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-12-01 02:08:23 -------- d-----w- c:\program files\AVG Secure Search
2012-12-01 01:47:44 -------- d-----w- c:\documents and settings\bryan\application data\DriverCure
2012-12-01 01:45:34 -------- d-----w- c:\documents and settings\bryan\application data\ElevatedDiagnostics
2012-12-01 01:45:17 -------- d-----w- c:\program files\Microsoft ATS
2012-12-01 01:37:47 -------- d-----w- c:\program files\My Drivers
2012-11-11 20:58:24 -------- d-----w- c:\documents and settings\bryan\local settings\application data\Sun
2012-11-11 20:57:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-11 20:57:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-11-11 20:57:25 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-11 20:57:25 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-22 15:54:09 106496 ----a-w- c:\windows\system32\ATL71.DLL
2012-09-04 10:28:52 65128 ----a-w- c:\windows\apppatch\MATSShim.DLL
.
============= FINISH: 19:22:25.67 ===============
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.12.03.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Bryan :: JIGGA [administrator]
12/2/2012 7:14:46 PM
mbam-log-2012-12-02 (19-14-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 219015
Time elapsed: 4 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)