StLouisJim

January 4, 2013

Ok Done, but still having the same problems.

January 3, 2013

Problem started when I rebooted and the quick launch bar was missing. I was able to add it back, but everytime I reboot, it have to manually add it. Now the programs will not lauch via doube clicking on them I have to right clight then OPEN to get mail or web broswer to work. So i tried to down load malwarebytes and couldn't install it. I was getting Run Time error 372 ieframe.dll outdated. I would get that message a few times, each when trying to create a short cut. Now I notice that the icons on my desktop can't move. So i cannot drag and dtrop the text file on Combofix. I check the arrange icon properties and they are not locked.

January 3, 2013

combo fix did install Recovery Console

Here is the log:

ComboFix 13-01-03.05 - Owner 01/03/2013 12:58:58.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3582.2830 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Lavasoft Ad-Aware *Disabled/Updated* {964FCE60-0B18-4D30-ADD6-EB178909041C}

FW: Lavasoft Ad-Aware *Disabled* {FF1CD5B7-1553-4625-A258-1775385CED33}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\3E60109CA4.sys

c:\documents and settings\All Users\Application Data\hpe5E9.dll

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Owner\Application Data\PropMgrAsync

c:\documents and settings\Owner\Application Data\PropMgrAsync\PropMgrAsync.cfg

c:\documents and settings\Owner\Application Data\PropMgrAsync\PropMgrAsync.log

c:\documents and settings\Owner\My Documents\~WRL3761.tmp

c:\documents and settings\Owner\My Documents\DPE.DUS

c:\documents and settings\Owner\WINDOWS

c:\program files\BasicSeek

c:\program files\BasicSeek\basicseek.dll

c:\program files\BasicSeek\basicseek.exe

c:\program files\BasicSeek\uninstall.exe

c:\windows\wininit.ini

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_BasicSeek_Service

-------\Service_BasicSeek Service

.

((((((((((((((((((((((((( Files Created from 2012-12-03 to 2013-01-03 )))))))))))))))))))))))))))))))

.

2013-01-03 17:11 . 2013-01-03 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\BasicSeek

2013-01-03 15:46 . 2013-01-03 15:52 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\adawarebp

2013-01-03 14:56 . 2013-01-03 16:56 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-01-03 14:56 . 2013-01-03 14:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2013-01-03 14:55 . 2013-01-03 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2013-01-03 14:55 . 2013-01-03 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-01-03 14:55 . 2012-12-14 22:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-01-03 14:29 . 2013-01-03 14:29 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure

2013-01-03 14:29 . 2013-01-03 14:29 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic

2013-01-03 13:33 . 2013-01-03 13:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

2013-01-03 13:22 . 2013-01-03 13:22 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2013-01-01 16:02 . 2009-01-25 18:14 15224 ----a-w- c:\windows\system32\sdnclean.exe

2012-12-31 19:37 . 2013-01-02 15:21 -------- d-----w- c:\windows\CD27142034CF47DC80B7C409B6CD0DD8.TMP

2012-12-24 08:27 . 2012-12-24 08:27 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Sun

2012-12-21 19:54 . 2012-12-21 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Antivirus

2012-12-21 19:53 . 2012-12-21 19:53 -------- d-----w- c:\documents and settings\Owner\Application Data\LavasoftStatistics

2012-12-21 19:45 . 2012-12-24 03:19 -------- d-----w- c:\program files\Ad-Aware Antivirus

2012-12-21 19:44 . 2013-01-03 15:42 44424 ----a-w- c:\windows\system32\sbbd.exe

2012-12-21 19:44 . 2013-01-03 15:42 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys

2012-12-21 19:43 . 2013-01-03 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection

2012-12-21 19:43 . 2012-12-21 19:43 -------- d-----w- c:\program files\Toolbar Cleaner

2012-12-21 19:42 . 2012-12-21 22:01 -------- d-----w- c:\documents and settings\Owner\Application Data\Ad-Aware Antivirus

2012-12-21 19:31 . 2012-12-21 19:31 -------- d-----w- c:\windows\system32\Adobe

2012-12-21 19:29 . 2012-12-21 19:29 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-21 16:12 . 2012-12-21 16:12 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconF7A21AF7.exe

2012-12-21 16:12 . 2012-12-21 16:12 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconD7F16134.exe

2012-12-21 16:12 . 2012-12-21 16:12 110080 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{DDABC667-56B3-4122-82B0-2F5782EA2F9A}\IconCF33A0CE.exe

2012-12-21 16:11 . 2012-12-21 22:04 -------- d-----w- c:\program files\Enigma Software Group

2012-12-21 16:11 . 2012-12-21 16:12 -------- d-----w- C:\sh4ldr

2012-12-21 16:11 . 2012-12-21 16:12 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP

2012-12-21 13:47 . 2013-01-01 15:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2012-12-21 13:47 . 2013-01-01 16:03 -------- d-----w- c:\program files\Spybot - Search & Destroy 2

2012-12-17 14:13 . 2012-12-17 14:14 -------- d-----w- c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-05 21:46 . 2012-12-05 21:46 -------- d-----w- c:\program files\IObit Toolbar

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-03 02:22 . 2008-09-04 02:17 139832 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2013-01-03 02:21 . 2009-03-01 14:56 281768 ----a-w- c:\windows\system32\PnkBstrB.xtr

2013-01-03 02:21 . 2008-09-04 02:17 281768 ----a-w- c:\windows\system32\PnkBstrB.exe

2013-01-02 21:23 . 2008-09-04 02:17 281768 ----a-w- c:\windows\system32\PnkBstrB.ex0

2012-12-21 19:29 . 2008-09-28 04:07 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-12-21 19:29 . 2012-06-16 19:48 859072 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-12-21 19:29 . 2010-04-23 22:44 779704 ----a-w- c:\windows\system32\deployJava1.dll

2012-12-16 12:23 . 2006-02-28 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-12 08:34 . 2012-04-04 04:49 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-12 08:34 . 2011-06-03 18:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-13 01:25 . 2006-02-28 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys

2012-11-02 02:02 . 2006-02-28 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll

2012-11-01 12:17 . 2006-02-28 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-11-01 12:17 . 2006-02-28 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-11-01 12:17 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-11-01 00:35 . 2006-02-28 12:00 385024 ------w- c:\windows\system32\html.iec

2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\system32\QuickTime.qts

2012-10-13 00:09 . 2011-12-09 15:55 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2008-08-16 23:42 . 2012-12-06 04:29 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-08-16 23:42 . 2012-12-06 04:29 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-08-16 23:42 . 2012-12-06 04:29 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-08-16 23:42 . 2012-12-06 04:29 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-08-16 23:43 . 2012-12-06 04:29 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-08-16 23:42 . 2012-12-06 04:29 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-08-16 23:42 . 2012-12-06 04:29 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-03-16 22:27 . 2012-12-06 04:29 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2007-03-16 22:27 . 2012-12-06 04:29 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2007-03-16 22:27 . 2012-12-06 04:29 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2008-06-05 19:58 . 2012-12-06 04:29 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-08-16 23:42 . 2012-12-06 04:29 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-12-06 04:29 . 2012-12-06 04:29 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Ad-Aware Browsing Protection"="c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe" [2012-12-11 542104]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]

@="Ad-Aware Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^PKZIP Attachments Status.lnk]

backup=c:\windows\pss\PKZIP Attachments Status.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^WalkingSpree Data Uploader.lnk]

backup=c:\windows\pss\WalkingSpree Data Uploader.lnkStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 5

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-11 19:00 919008 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-07-31 11:20 38872 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]

2005-05-03 10:43 69632 ----a-r- c:\windows\ALCMTR.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-11-28 20:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-12-12 19:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2008-05-16 19:01 13529088 ----a-w- c:\windows\system32\nvcpl.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2008-05-16 19:01 86016 ----a-w- c:\windows\system32\nvmctray.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]

2008-05-16 19:01 1630208 ----a-w- c:\windows\system32\nwiz.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2008-02-13 06:31 16857600 ----a-r- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

2011-12-26 21:52 1242448 ----a-w- c:\program files\Steam\steam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 15:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ToolBoxFX]

2008-08-01 14:47 53248 ----a-w- c:\program files\HP\ToolboxFX\bin\HPTLBXFX.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\HP\\HP Color LaserJet CM1312 MFP Series\\hppfaxnc2.exe"=

"c:\\Program Files\\Steam\\Steam.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp_server.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5sp.exe"=

"c:\\Program Files\\Steam\\SteamApps\\common\\call of duty modern warfare 3\\iw5mp.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 2:48 AM 31952]

R0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [12/21/2012 1:44 PM 13560]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 2:48 AM 237408]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 2:49 AM 301920]

R2 Ad-Aware Service;Ad-Aware Service;c:\program files\Ad-Aware Antivirus\AdAwareService.exe [12/14/2012 8:38 PM 1236968]

R2 AfaService;Afa Card Reader Service;c:\windows\system32\afasrv32.exe [7/19/2011 7:43 PM 65536]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 2:24 AM 5167736]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 3:53 AM 193288]

R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 5:53 PM 13672]

R2 SBAMSvc;Ad-Aware;c:\program files\Ad-Aware Antivirus\SBAMSvc.exe [9/20/2012 5:39 AM 3677000]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [1/1/2013 10:02 AM 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1/1/2013 10:02 AM 1369624]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [10/8/2012 7:21 PM 766400]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [1/22/2012 10:43 PM 92592]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 12:32 PM 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 17232]

R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [9/8/2010 5:24 PM 20504]

R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [11/21/2009 5:56 PM 27632]

S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [1/1/2013 10:02 AM 168384]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 12:28 PM 160944]

S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service; [x]

S3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [5/6/2011 4:57 PM 13904]

S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [6/22/2012 12:01 PM 19984]

S3 getPlus® Installer;getPlus® Installer; [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [1/3/2013 8:56 AM 40776]

S3 se3ebus;Sony Ericsson Device 062 (WDM);c:\windows\system32\drivers\se3ebus.sys [4/10/2007 1:14 PM 83080]

S3 se3emdfl;Sony Ericsson Device 062 USB WMC Modem Filter;c:\windows\system32\drivers\se3emdfl.sys [11/21/2009 5:56 PM 15112]

S3 se3emdm;Sony Ericsson Device 062 USB WMC Modem Driver;c:\windows\system32\drivers\se3emdm.sys [11/21/2009 5:56 PM 108552]

S3 se3emgmt;Sony Ericsson Device 062 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\se3emgmt.sys [11/21/2009 5:56 PM 100360]

S3 se3eobex;Sony Ericsson Device 062 USB WMC OBEX Interface;c:\windows\system32\drivers\se3eobex.sys [11/21/2009 5:56 PM 98568]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 3:06 PM 11520]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-29 c:\windows\Tasks\1-Click Maintenance.job

- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-03 01:35]

.

2012-12-30 c:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job

- c:\progra~1\AD-AWA~1\AdAwareLauncher.exe [2012-12-15 02:38]

.

2013-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:34]

.

2012-12-27 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]

.

2013-01-03 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2013-01-01 20:08]

.

2013-01-02 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-06 02:49]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:27]

.

2013-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 17:27]

.

2013-01-03 c:\windows\Tasks\rbmonitor.job

- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-04-11 14:32]

.

2013-01-02 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2013-01-01 20:07]

.

2013-01-01 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job

- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2013-01-01 20:07]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.cnn.com/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyOverride = 127.0.0.1;*.local

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 68.94.156.1 68.94.157.1

DPF: Microsoft XML Parser for Java

DPF: {F6A553B1-4B5F-4974-866F-98C1D1EBD3DE} - hxxps://usportal.amdocs.com/prx/000/http/wwwstl2/tc/CPubAppsTCS.cab

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CM1312 MFP Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CM1312_MFP_Series -f PQOptimizerVideo.xml

Notify-SDWinLogon - SDWinLogon.dll

AddRemove-BasicSeek - c:\program files\BasicSeek\uninstall.exe

AddRemove-YourFileDownloader - c:\program files\YourFileDownloader\uninstall.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-01-03 13:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3540)

c:\windows\system32\WININET.dll

c:\documents and settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.dll

c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf

c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2013-01-03 13:14:04 - machine was rebooted

ComboFix-quarantined-files.txt 2013-01-03 19:13

.

Pre-Run: 316,489,334,784 bytes free

Post-Run: 316,943,351,808 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

[spybotsd]

timeout.old=30

.

- - End Of File - - 9E4234813DA6086B25FB3B4215E42C31

When I double click on item in quick launch bar nothing happens, I have to right click and then open; also quick launch has to be opened every time I reboot. I didn't try to install Mawarebyte yet

January 3, 2013

Thanks for your help Gringo

Security Check - no output

AdwCleaner -

# AdwCleaner v2.104 - Logfile created 01/03/2013 at 12:08:09

# Updated 29/12/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Owner - GRACIE

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkq0ae5t.default\adawaretb

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\AVG Security Toolbar

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Documents and Settings\Owner\Application Data\adawaretb

Folder Deleted : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3nkidg1k.default\adawaretb

Folder Deleted : C:\Documents and Settings\Owner\Application Data\yourfiledownloader

Folder Deleted : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Security Toolbar

Folder Deleted : C:\Program Files\adawaretb

Folder Deleted : C:\Program Files\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AVG Security Toolbar

Key Deleted : HKCU\Software\Compete

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Crossrider

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\Software\AVG Security Toolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKLM\Software\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3nkidg1k.default\prefs.js

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\3nkidg1k.default\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp19866.19866.InstallationTime", 1357233308);

Deleted : user_pref("extensions.crossriderapp19866.19866.active", true);

Deleted : user_pref("extensions.crossriderapp19866.19866.addressbar", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.addressbarenhanced", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.backgroundver", 3);

Deleted : user_pref("extensions.crossriderapp19866.19866.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp19866.19866.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie.InstallationTime.value", "1357233308");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_aoi.value", "1357233308");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_blocklist.expiration", "Thu Jan 03 2013 1[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_blocklist.value", "%22nonexistantdomain.c[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_country_code.expiration", "Thu Jan 10 201[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_country_code.value", "%22US%22");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_crr.value", "1357233315");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_currenttime.value", "%221356061408%22");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_hotfix20111102645.value", "%221%22");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installer_params.value", "%7B%22source_id[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_installtime.value", "%221356061408%22");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_parent_zoneid.value", "%22106779%22");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_pc_20120828.value", "1357233318659");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_product_id.value", "%221341%22");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie._GPL_zoneid.value", "%22127114%22");

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp19866.19866.cookie.dbtest.value", "1357233314369");

Deleted : user_pref("extensions.crossriderapp19866.19866.description", "Deal Vault");

Deleted : user_pref("extensions.crossriderapp19866.19866.domain", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp19866.19866.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.group", 0);

Deleted : user_pref("extensions.crossriderapp19866.19866.homepage", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.iframe", false);

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_appVer.value", "11");

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_lastVersion.value", "2");

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_meta.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_nextCheck.expiration", "Thu Jan [...]

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_nextCheck.value", "true");

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.internaldb.Resources_queue.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp19866.19866.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.name", "Deal Vault");

Deleted : user_pref("extensions.crossriderapp19866.19866.newtab", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.opensearch", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.name", "base");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1.ver", 3);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.code", "Array.prototype.indexO[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000014.ver", 10);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},r[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.name", "GPL Background (BG)");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_1000015.ver", 4);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.code", "(function(a){a.selectedText[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_13.ver", 2);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_14.ver", 2);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.code", "(function(f){var u={};var e[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.name", "FacebookFFIE");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_15.ver", 1);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.code", "if((typeof isBackground===\[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_16.ver", 4);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_17.ver", 3);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.code", "var CrossriderDebugManager=[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.name", "debug");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_21.ver", 3);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.name", "resources");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_22.ver", 2);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.code", "var CrossriderInitializerPl[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.name", "initializer");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_28.ver", 2);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.name", "jquery_1_7_1");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_4.ver", 3);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.name", "resources_background");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_47.ver", 1);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_64.name", "appApiMessage");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_64.ver", 1);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_72.code", "if(appAPI.__should_activate[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_72.name", "appApiValidation");

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins.plugin_72.ver", 1);

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins_lists.plugins_0", "17,14,16,64,72,47,1000015"[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.plugins_lists.plugins_1", "17,14,13,16,15,64,72,4,1,2[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]

Deleted : user_pref("extensions.crossriderapp19866.19866.pluginsversion", 8);

Deleted : user_pref("extensions.crossriderapp19866.19866.publisher", "215 Apps");

Deleted : user_pref("extensions.crossriderapp19866.19866.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp19866.19866.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp19866.19866.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.thankyou", "");

Deleted : user_pref("extensions.crossriderapp19866.19866.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp19866.19866.ver", 11);

Deleted : user_pref("extensions.crossriderapp19866.adsOldValue", -1);

Deleted : user_pref("extensions.crossriderapp19866.apps", "19866");

Deleted : user_pref("extensions.crossriderapp19866.bic", "13c0168c0e9455cebb5e294ea5b26ff3");

Deleted : user_pref("extensions.crossriderapp19866.cid", 19866);

Deleted : user_pref("extensions.crossriderapp19866.firstrun", false);

Deleted : user_pref("extensions.crossriderapp19866.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp19866.installationdate", 1357233308);

Deleted : user_pref("extensions.crossriderapp19866.lastcheck", 22620555);

Deleted : user_pref("extensions.crossriderapp19866.lastcheckitem", 22620555);

Deleted : user_pref("extensions.crossriderapp19866.modetype", "production");

Deleted : user_pref("extensions.crossriderapp19866.reportInstall", true);

Deleted : user_pref("extensions.enabledAddons", "crossriderapp19866%40crossrider.com:0.86.6,%7B40D65E82-75AC-4[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkq0ae5t.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hkq0ae5t.default\user.js ... Deleted !

Deleted : user_pref("extensions.crossriderapp19866.adsOldValue", -1);

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17924 octets] - [03/01/2013 12:07:50]

AdwCleaner[s2].txt - [18476 octets] - [03/01/2013 12:08:09]

########## EOF - C:\AdwCleaner[s2].txt - [18537 octets] ##########

Rogue Killer -

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Owner [Admin rights]

Mode : Remove -- Date : 01/03/2013 12:18:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 +++++

--- User ---

[MBR] d391c0715b9607c37bc8bfe68b54cb65

[bSP] d798585473137686660b7b42e1787804 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476929 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AACS-00ZUB0 +++++

--- User ---

[MBR] 06695c9241862a494ab3274d6c7feb54

[bSP] 4b4a864160c8efbcbb768e59a99079f2 : MBR Code unknown

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[3]_D_01032013_02d1218.txt >>

RKreport[1]_S_01032013_02d1217.txt ; RKreport[2]_D_01032013_02d1217.txt ; RKreport[3]_D_01032013_02d1218.txt

January 3, 2013

I can't get Malware to load -

Get the following error:

CoCreate Instanse failed; code 0x80040154

Class not registered.

Help

Thanks.

January 3, 2013

Please check attachments for infections. Thanks.

dds.txt

attach.txt

Sign In

StLouisJim

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by StLouisJim

Help with Infected Computer?

Help with Infected Computer?

Help with Infected Computer?

Help with Infected Computer?

Malwarebytes won't load

Help with Infected Computer?

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information