funmoods browser problems

pebjgb · September 11, 2012

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:13:57 PM, on 9/11/2012

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DefaultTab\DefaultTabSearch.exe

C:\Documents and Settings\PEB\Application Data\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\DSpro\Programs\pr001Celery98.exe

C:\Documents and Settings\PEB\My Documents\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)

R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

R3 - URLSearchHook: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll

O1 - Hosts: 94.63.240.127 www.google.com

O1 - Hosts: 94.63.240.128 www.bing.com

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll

O2 - BHO: Qwiklinx - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Documents and Settings\PEB\Application Data\Qwiklinx\Qwiklinx.dll

O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\PEB\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll

O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll

O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_2.dll

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll

O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe

O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"

O4 - HKLM\..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin

O4 - HKUS\S-1-5-19\..\Run: [adaware] rundll32.exe "C:\Documents and Settings\PEB\Local Settings\Application Data\Apple\adaware\gfljfrf.dll",SonyUsbCheckMyDeviceW (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [AVG Secure Search] rundll32.exe "C:\Documents and Settings\PEB\Local Settings\Application Data\AVG Security Toolbar\AVG Secure Search\jolzfiupj.dll",SonyUsbCheckMyDeviceW (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [adaware] rundll32.exe "C:\Documents and Settings\PEB\Local Settings\Application Data\Apple\adaware\gfljfrf.dll",SonyUsbCheckMyDeviceW (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [volmgr] %APPDATA%\volmgr.exe (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [volmgr] %APPDATA%\volmgr.exe (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user')

O4 - Startup: EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263710456296

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263922285322

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = baker.local

O17 - HKLM\Software\..\Telephony: DomainName = baker.local

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = baker.local

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = baker.local

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll

O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe

O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: DefaultTabSearch - Unknown owner - C:\Program Files\DefaultTab\DefaultTabSearch.exe

O23 - Service: DefaultTabUpdate - Unknown owner - C:\Documents and Settings\PEB\Application Data\DefaultTab\DefaultTab\DTUpdate.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: vToolbarUpdater11.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--

End of file - 14271 bytes

Maniac · September 11, 2012

Hello pebjgb and :welcome: ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Please follow the instructions here and post the log files in your next reply:

http://forums.malwarebytes.org/index.php?showtopic=9573

pebjgb · September 12, 2012

Maniac,

Thank you SO much for this. Hoping I did this right. The attach and DDS logs are below.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/16/2010 10:07:15 AM

System Uptime: 9/10/2012 11:22:52 AM (46 hours ago)

.

Motherboard: Intel Corporation | | DB43LD

Processor: Intel Pentium III Xeon processor | CPU1 | 2666/333mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 233 GiB total, 208.95 GiB free.

E: is Removable

H: is NetworkDisk (NTFS) - 56 GiB total, 22.076 GiB free.

I: is NetworkDisk (NTFS) - 56 GiB total, 22.076 GiB free.

J: is NetworkDisk (NTFS) - 56 GiB total, 22.076 GiB free.

K: is NetworkDisk (NTFS) - 56 GiB total, 22.076 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E965-E325-11CE-BFC1-08002BE10318}

Description: CD-ROM Drive

Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GH22NS50________________TN01____\304B39304D393039303820362020202020202020

Manufacturer: (Standard CD-ROM drives)

Name: HL-DT-ST DVDRAM GH22NS50

PNP Device ID: IDE\CDROMHL-DT-ST_DVDRAM_GH22NS50________________TN01____\304B39304D393039303820362020202020202020

Service: cdrom

.

==== System Restore Points ===================

.

RP473: 6/14/2012 3:29:02 PM - System Checkpoint

RP474: 6/18/2012 4:45:09 PM - System Checkpoint

RP475: 6/19/2012 4:51:02 PM - System Checkpoint

RP476: 6/20/2012 4:53:12 PM - System Checkpoint

RP477: 6/25/2012 5:00:23 PM - System Checkpoint

RP478: 6/26/2012 5:20:40 PM - System Checkpoint

RP479: 6/27/2012 6:21:45 PM - System Checkpoint

RP480: 6/28/2012 7:20:40 PM - System Checkpoint

RP481: 6/28/2012 10:58:23 PM - Avg Update

RP482: 7/2/2012 5:52:51 PM - System Checkpoint

RP483: 7/5/2012 10:23:00 AM - System Checkpoint

RP484: 7/6/2012 1:46:26 PM - System Checkpoint

RP485: 7/9/2012 1:18:12 PM - System Checkpoint

RP486: 7/10/2012 1:52:35 PM - System Checkpoint

RP487: 7/11/2012 4:54:18 PM - System Checkpoint

RP488: 7/12/2012 5:35:57 PM - System Checkpoint

RP489: 7/16/2012 3:00:33 PM - System Checkpoint

RP490: 7/17/2012 5:05:38 PM - System Checkpoint

RP491: 7/18/2012 5:23:29 PM - System Checkpoint

RP492: 7/19/2012 6:23:30 PM - System Checkpoint

RP493: 7/20/2012 7:23:30 PM - System Checkpoint

RP494: 7/21/2012 8:23:30 PM - System Checkpoint

RP495: 7/22/2012 9:23:44 PM - System Checkpoint

RP496: 7/23/2012 10:23:33 PM - System Checkpoint

RP497: 7/24/2012 11:23:30 PM - System Checkpoint

RP498: 7/25/2012 11:23:34 PM - System Checkpoint

RP499: 7/27/2012 12:04:06 AM - System Checkpoint

RP500: 7/28/2012 12:49:33 AM - System Checkpoint

RP501: 7/29/2012 1:49:34 AM - System Checkpoint

RP502: 7/30/2012 1:55:39 AM - System Checkpoint

RP503: 7/30/2012 8:31:07 AM - Removed Ad-Aware Antivirus.

RP504: 7/31/2012 11:10:09 AM - System Checkpoint

RP505: 8/1/2012 4:08:23 PM - System Checkpoint

RP506: 8/2/2012 4:54:46 PM - System Checkpoint

RP507: 8/6/2012 1:45:16 PM - System Checkpoint

RP508: 8/7/2012 5:04:56 PM - System Checkpoint

RP509: 8/8/2012 5:22:20 PM - System Checkpoint

RP510: 8/9/2012 6:22:20 PM - System Checkpoint

RP511: 8/13/2012 1:57:23 PM - System Checkpoint

RP512: 8/14/2012 2:05:57 PM - System Checkpoint

RP513: 8/15/2012 2:12:24 PM - System Checkpoint

RP514: 8/16/2012 4:54:39 PM - System Checkpoint

RP515: 8/20/2012 5:40:36 PM - System Checkpoint

RP516: 8/21/2012 6:28:25 PM - System Checkpoint

RP517: 8/22/2012 7:28:25 PM - System Checkpoint

RP518: 8/23/2012 8:28:26 PM - System Checkpoint

RP519: 8/27/2012 6:14:37 PM - System Checkpoint

RP520: 8/28/2012 6:19:22 PM - System Checkpoint

RP521: 8/29/2012 6:21:49 PM - System Checkpoint

RP522: 8/30/2012 7:21:49 PM - System Checkpoint

RP523: 9/4/2012 4:51:08 PM - System Checkpoint

RP524: 9/5/2012 5:01:19 PM - System Checkpoint

RP525: 9/6/2012 5:39:23 PM - System Checkpoint

RP526: 9/10/2012 6:12:23 PM - System Checkpoint

RP527: 9/11/2012 6:27:05 PM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Acrobat.com

Ad-Aware Browsing Protection

Ad-Aware Security Toolbar

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Akamai NetSession Interface

Akamai NetSession Interface Service

Amazon Kindle

Amazon MP3 Downloader 1.0.10

Apple Application Support

Apple Mobile Device Support

Apple Software Update

AVG 9.0

Baseball Playbook 010

Bonjour

BS_Player Toolbar

CCleaner

CDDRV_Installer

Compatibility Pack for the 2007 Office system

DefaultTab

DefaultTab Chrome

DSpro Workstation

Encountering the Old Testament 2

Evernote v. 4.5

Google Earth

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Interface

Intel® Network Connections Drivers

iTunes

J2SE Runtime Environment 5.0 Update 17

Java Auto Updater

Java 6 Update 22

Java 6 Update 31

KhalInstallWrapper

Logitech SetPoint

Malwarebytes Anti-Malware version 1.62.0.1300

Media Player Codec Pack 4.2.2

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Default Manager

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Office Basic Edition 2003

Microsoft Office Live Meeting 2007

Microsoft Silverlight

Microsoft UI Engine

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Ministry Notebook 2.0

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

OGA Notifier 2.0.0048.0

OmniForm Filler 4.0

OmniForm Filler V4

OpenOffice.org 3.3

Picasa 3

QuickBooks Basic 2005

QuickTime

Qwiklinx

Realtek High Definition Audio Driver

Scrapbook Factory Deluxe

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)

Security Update for Windows Internet Explorer 8 (KB2183461)

Security Update for Windows Internet Explorer 8 (KB2360131)

Security Update for Windows Internet Explorer 8 (KB2416400)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165-v2)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

State and Company Forms - Windows Update

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows Internet Explorer 8 (KB982632)

Update for Windows Internet Explorer 8 (KB982664)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Live ID Sign-in Assistant

Windows Media Format 11 runtime

Windows Media Player 11

Yahoo! BrowserPlus 2.9.8

Yahoo! Software Update

Yahoo! Toolbar

Zinio Reader 4

.

==== Event Viewer Messages From Past Week ========

.

9/6/2012 3:27:00 PM, error: Schedule [7901] - The At32.job command failed to start due to the following error: %%2147942402

9/6/2012 3:27:00 PM, error: Schedule [7901] - The At31.job command failed to start due to the following error: %%2147942402

9/6/2012 2:27:00 PM, error: Schedule [7901] - The At30.job command failed to start due to the following error: %%2147942402

9/6/2012 2:27:00 PM, error: Schedule [7901] - The At29.job command failed to start due to the following error: %%2147942402

9/6/2012 12:27:00 PM, error: Schedule [7901] - The At26.job command failed to start due to the following error: %%2147942402

9/6/2012 12:27:00 PM, error: Schedule [7901] - The At25.job command failed to start due to the following error: %%2147942402

9/6/2012 10:08:44 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Cdrom Imapi Lbd redbook SBRE

9/6/2012 1:27:01 PM, error: Schedule [7901] - The At28.job command failed to start due to the following error: %%2147942402

9/6/2012 1:27:00 PM, error: Schedule [7901] - The At27.job command failed to start due to the following error: %%2147942402

9/5/2012 9:27:00 PM, error: Schedule [7901] - The At44.job command failed to start due to the following error: %%2147942402

9/5/2012 9:27:00 PM, error: Schedule [7901] - The At43.job command failed to start due to the following error: %%2147942402

9/5/2012 8:27:00 PM, error: Schedule [7901] - The At42.job command failed to start due to the following error: %%2147942402

9/5/2012 8:27:00 PM, error: Schedule [7901] - The At41.job command failed to start due to the following error: %%2147942402

9/5/2012 7:27:00 PM, error: Schedule [7901] - The At40.job command failed to start due to the following error: %%2147942402

9/5/2012 7:27:00 PM, error: Schedule [7901] - The At39.job command failed to start due to the following error: %%2147942402

9/5/2012 6:27:00 PM, error: Schedule [7901] - The At38.job command failed to start due to the following error: %%2147942402

9/5/2012 6:27:00 PM, error: Schedule [7901] - The At37.job command failed to start due to the following error: %%2147942402

9/5/2012 5:27:00 PM, error: Schedule [7901] - The At36.job command failed to start due to the following error: %%2147942402

9/5/2012 5:27:00 PM, error: Schedule [7901] - The At35.job command failed to start due to the following error: %%2147942402

9/5/2012 4:27:00 PM, error: Schedule [7901] - The At34.job command failed to start due to the following error: %%2147942402

9/5/2012 4:27:00 PM, error: Schedule [7901] - The At33.job command failed to start due to the following error: %%2147942402

9/5/2012 11:27:00 PM, error: Schedule [7901] - The At48.job command failed to start due to the following error: %%2147942402

9/5/2012 11:27:00 PM, error: Schedule [7901] - The At47.job command failed to start due to the following error: %%2147942402

9/5/2012 10:27:00 PM, error: Schedule [7901] - The At46.job command failed to start due to the following error: %%2147942402

9/5/2012 10:27:00 PM, error: Schedule [7901] - The At45.job command failed to start due to the following error: %%2147942402

9/10/2012 4:13:47 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Akamai service.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by PEB at 9:19:27 on 2012-09-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1975.956 [GMT -4:00]

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\DefaultTab\DefaultTabSearch.exe

C:\Documents and Settings\PEB\Application Data\DefaultTab\DefaultTab\DTUpdate.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\RTHDCPL.EXE

C:\PROGRA~1\AVG\AVG9\avgtray.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\DSpro\Programs\pr001Celery98.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309

uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch

uInternet Settings,ProxyOverride = <local>;127.0.0.1:9421;;*.local

uURLSearchHooks: H - No File

uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_2.dll

uURLSearchHooks: H - No File

uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

mURLSearchHooks: H - No File

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Qwiklinx: {3e7c8b5a-96ab-438f-bf9b-782400655440} - c:\documents and settings\peb\application data\qwiklinx\Qwiklinx.dll

BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7f6afbf1-e065-4627-a2fd-810366367d01} - c:\documents and settings\peb\application data\defaulttab\defaulttab\DefaultTabBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll

BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_2.dll

TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_2.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll

TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll

TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Apple] rundll32.exe "c:\documents and settings\peb\local settings\application data\avg security toolbar\apple\sjkepqdgq.dll",DllRegisterServerW

uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil11e_Plugin.exe -update plugin

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"

mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

dRun: [volmgr] %APPDATA%\volmgr.exe

dRun: [jusched] c:\windows\temp\kjghsad.exe

dRun: [Apple] rundll32.exe "c:\documents and settings\peb\local settings\application data\avg security toolbar\apple\sjkepqdgq.dll",DllRegisterServerW

dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f

dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f

StartupFolder: c:\docume~1\peb\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe

StartupFolder: c:\docume~1\peb\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

mPolicies-explorer: NoWelcomeScreen = 1 (0x1)

IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

LSP: mswsock.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263710456296

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263922285322

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.30.5

TCP: Interfaces\{FEEC09A4-9E9D-4757-A6EB-B2D55C93CB63} : DhcpNameServer = 192.168.30.5

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll

Notify: avgrsstarter - avgrsstx.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 94.63.240.127 www.google.com

Hosts: 94.63.240.128 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\peb\application data\mozilla\firefox\profiles\3p2i1hg8.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9d3ecd40-c51e-47ac-81f8-eb9c5bea470e%7D&mid=767bb8e1f31827ac66b0d403696cf4cb-c70eafc5113f5e2fc78f7e0d8a726b0d1afbdf85&ds=AVG&v=11.1.0.12〈=us&pr=pa&d=2011-11-30%2006%3A59%3A24&sap=ku&q=

FF - prefs.js: network.proxy.type - 0

FF - component: c:\documents and settings\peb\application data\mozilla\firefox\profiles\3p2i1hg8.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\components\dtTransparency.dll

FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\documents and settings\peb\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\documents and settings\peb\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309&q=

FF - user.js: extensions.funmoods.id - 001CC0F23D9E56ED

FF - user.js: extensions.funmoods.instlDay - 15588

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:49:4

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - adknlg

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - adknlg

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.autoDisableScopes - 14);//iBryteuser_pref(yahoo.ytff.general.dontshowhpoffer, true

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-1-19 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-19 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-19 29712]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-19 243152]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-7 308136]

R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-5-18 563200]

R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\peb\application data\defaulttab\defaulttab\DTUpdate.exe [2012-9-5 107520]

R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-9 135664]

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2010-1-19 10384]

R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-1-16 167080]

S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]

S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-9-10 257696]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-1-17 1684736]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 167264]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-3-9 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]

.

=============== Created Last 30 ================

.

2012-09-10 18:43:58 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-05 13:46:41 -------- d-----w- c:\documents and settings\peb\application data\Ad-Aware Antivirus

2012-09-05 13:17:44 -------- d-----w- c:\windows\system32\C2MP

2012-09-05 12:49:31 -------- d-----w- c:\documents and settings\peb\local settings\application data\Zoom_Downloader

2012-09-05 12:48:53 -------- d-----w- c:\program files\DefaultTab

2012-09-05 12:48:48 -------- d-----w- c:\documents and settings\peb\application data\DefaultTab

2012-09-05 12:48:38 -------- d-----w- c:\program files\Qwiklinx

2012-09-05 12:48:38 -------- d-----w- c:\documents and settings\peb\application data\Qwiklinx

2012-09-05 12:48:12 -------- d-----w- c:\program files\OApps

2012-08-21 03:15:22 3978240 ----a-w- c:\windows\system32\ffmpeg.dll

2012-08-21 03:14:04 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-08-21 03:13:52 3480064 ----a-w- c:\windows\system32\ffdshow.ax

2012-08-21 03:12:48 271360 ----a-w- c:\windows\system32\TomsMoComp_ff.dll

2012-08-21 03:12:34 99840 ----a-w- c:\windows\system32\ff_wmv9.dll

2012-08-21 03:12:32 157184 ----a-w- c:\windows\system32\ff_unrar.dll

2012-08-21 03:12:30 147456 ----a-w- c:\windows\system32\ff_libmad.dll

2012-08-21 03:12:28 211968 ----a-w- c:\windows\system32\ff_libdts.dll

2012-08-21 03:12:28 1525760 ----a-w- c:\windows\system32\ff_samplerate.dll

2012-08-21 03:12:28 114688 ----a-w- c:\windows\system32\ff_liba52.dll

2012-08-21 03:12:24 330240 ----a-w- c:\windows\system32\ff_libfaad2.dll

.

==================== Find3M ====================

.

2012-09-10 18:43:58 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-19 18:56:30 1114624 ----a-w- c:\windows\system32\LAVVideo.ax

2012-07-19 18:56:14 399360 ----a-w- c:\windows\system32\LAVSplitter.ax

2012-07-19 18:56:12 233472 ----a-w- c:\windows\system32\LAVAudio.ax

2012-07-19 18:56:08 274944 ----a-w- c:\windows\system32\IntelQuickSyncDecoder.dll

2012-07-19 18:56:08 172544 ----a-w- c:\windows\system32\libbluray.dll

2012-07-19 18:56:02 6894331 ----a-w- c:\windows\system32\avcodec-lav-54.dll

2012-07-19 18:56:02 401685 ----a-w- c:\windows\system32\swscale-lav-2.dll

2012-07-19 18:56:02 232895 ----a-w- c:\windows\system32\avutil-lav-51.dll

2012-07-19 18:56:02 162743 ----a-w- c:\windows\system32\avfilter-lav-3.dll

2012-07-19 18:56:02 1111581 ----a-w- c:\windows\system32\avformat-lav-54.dll

2012-07-19 18:56:02 101820 ----a-w- c:\windows\system32\avresample-lav-0.dll

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-17 21:15:04 198144 ----a-w- c:\windows\system32\spdif_test.exe

2012-06-17 21:14:58 97792 ----a-w- c:\windows\system32\ac3config.exe

2012-06-17 21:14:42 1021440 ----a-w- c:\windows\system32\ac3filter_intl.dll

2012-06-17 21:12:10 1406976 ----a-w- c:\windows\system32\ac3filter.ax

2012-06-17 21:10:36 276992 ----a-w- c:\windows\system32\BugTrap.dll

2012-06-17 21:10:08 965120 ----a-w- c:\windows\system32\ac3filter.acm

.

============= FINISH: 9:20:20.40 ===============

Maniac · September 12, 2012

You have more serious problem than funmoods, but I will take care for everything.

Step 1

Please uninstall the following applications:

Ad-Aware Security Toolbar

BS_Player Toolbar

Step 2

Launch Malwarebytes' Anti-Malware
Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
Go to Scanner tab and select Perform Quick Scan, then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Please download AdwCleaner from here and save it on your Desktop.

Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
Now click on the Search tab.
Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

Malwarebytes' Anti-Malware log
AdwCleaner log
aswMBR log
a new fresh DDS log

pebjgb · September 12, 2012

Thank you Maniac. Working on this but when I right click adwcleaner it give me two choices, neither of which are administrator. They are 'Current User (Baker/PEB)', or The following user with a couple of options but require passwords.

Maniac · September 12, 2012

Choose the current user.

pebjgb · September 12, 2012

Thanks again. Here are the results.

Malwarebytes log

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org

Database version: v2012.09.12.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

PEB :: PAUL-DESKTOP [administrator]

9/12/2012 10:32:52 AM

mbam-log-2012-09-12 (10-32-52).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 246782

Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Documents and Settings\PEB\Local Settings\Temp\0.09977973624063718 (Trojan.BHO) -> Quarantined and deleted successfully.

(end)

AdwCleaner log

# AdwCleaner v2.001 - Logfile created 09/12/2012 at 11:04:57

# Updated 09/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : PEB - PAUL-DESKTOP

# Boot Mode : Normal

# Running from : C:\Documents and Settings\PEB\My Documents\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

Found : DefaultTabSearch

Found : vToolbarUpdater11.2.0

***** [Files / Folders] *****

File Found : C:\Documents and Settings\PEB\Application Data\Mozilla\Firefox\Profiles\3p2i1hg8.default\extensions\addon@defaulttab.com.xpi

File Found : C:\Documents and Settings\PEB\Application Data\Mozilla\Firefox\Profiles\3p2i1hg8.default\searchplugins\search.xml

File Found : C:\Documents and Settings\PEB\Application Data\Mozilla\Firefox\Profiles\3p2i1hg8.default\searchplugins\search-here.xml

File Found : C:\Documents and Settings\PEB\Local Settings\Application Data\funmoods-speeddial.crx

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\WINDOWS\system32\conduitEngine.tmp

Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\PEB\Application Data\DefaultTab

Folder Found : C:\Documents and Settings\PEB\Application Data\Mozilla\Firefox\Profiles\3p2i1hg8.default\extensions\{6921B3CC-9935-4D28-9A83-B3D824210580}

Folder Found : C:\Documents and Settings\PEB\Application Data\Mozilla\Firefox\Profiles\3p2i1hg8.default\extensions\ffxtlbr@funmoods.com

Folder Found : C:\Documents and Settings\PEB\Application Data\Mozilla\Firefox\Profiles\3p2i1hg8.default\FCTB

Folder Found : C:\Documents and Settings\PEB\Application Data\Qwiklinx

Folder Found : C:\Documents and Settings\PEB\Local Settings\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\PEB\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\PEB\My Documents\ShopToWin

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\AVG Secure Search

Folder Found : C:\Program Files\DefaultTab

Folder Found : C:\Program Files\OApps

Folder Found : C:\Program Files\Qwiklinx

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab

Key Found : HKCU\Software\AppDataLow\Software\Freecause

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Default Tab

Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{26C9E18C-3717-4BE1-A225-04E4471F5B6E}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{625F420E-A4A9-4B40-BC23-716C1C43893A}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}

Key Found : HKCU\Software\PriceGong

Key Found : HKCU\Software\Qwiklinx

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj

Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO

Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1750559

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CD082CCA-086F-4FD8-8FD7-247A0DBBD1CC}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\Software\DefaultTab

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{625F420E-A4A9-4B40-BC23-716C1C43893A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5F05C28D-DEA9-4AD6-A73A-064175988EAB}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C878CD69-85DB-426B-81A3-E71175AAEB91}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab Chrome

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{625F420E-A4A9-4B40-BC23-716C1C43893A}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKU\S-1-5-21-4221485733-4083634067-531043510-1139\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKU\S-1-5-21-4221485733-4083634067-531043510-1139\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-4221485733-4083634067-531043510-1139\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\PEB\Application Data\Mozilla\Firefox\Profiles\3p2i1hg8.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]

Found : user_pref("backup.old.browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");

Found : user_pref("extensions.defaulttab.config", "{\"status\": \"ok\", \"config\": {\"dns_error_handling\":[...]

Found : user_pref("extensions.enabledAddons", "{4609E530-C489-4B7B-A115-4A093996ED2D}:1.9.1,avg@toolbar:11.1[...]

Found : user_pref("extensions.funmoods.aflt", "adknlg");

Found : user_pref("extensions.funmoods.autoRvrt", false);

Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");

Found : user_pref("extensions.funmoods.cntry", "US");

Found : user_pref("extensions.funmoods.cv", "cv5");

Found : user_pref("extensions.funmoods.dfltLng", "");

Found : user_pref("extensions.funmoods.dfltSrch", true);

Found : user_pref("extensions.funmoods.dfltlng", "en");

Found : user_pref("extensions.funmoods.dfltsrch", true);

Found : user_pref("extensions.funmoods.dnsErr", true);

Found : user_pref("extensions.funmoods.envrmnt", "production");

Found : user_pref("extensions.funmoods.excTlbr", false);

Found : user_pref("extensions.funmoods.hdrMd5", "6E67F8F36D44223716A8F40518F5C149");

Found : user_pref("extensions.funmoods.hmpg", true);

Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]

Found : user_pref("extensions.funmoods.hrdid", "001CC0F23D9E56ED");

Found : user_pref("extensions.funmoods.id", "001CC0F23D9E56ED");

Found : user_pref("extensions.funmoods.instlDay", "15588");

Found : user_pref("extensions.funmoods.instlRef", "adknlg");

Found : user_pref("extensions.funmoods.instlday", "15588");

Found : user_pref("extensions.funmoods.instlref", "adknlg");

Found : user_pref("extensions.funmoods.isdcmntcmplt", true);

Found : user_pref("extensions.funmoods.keywordurl", "");

Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:49:4");

Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Found : user_pref("extensions.funmoods.newTab", true);

Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]

Found : user_pref("extensions.funmoods.newtab", true);

Found : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]

Found : user_pref("extensions.funmoods.prdct", "funmoods");

Found : user_pref("extensions.funmoods.prtnrId", "funmoods");

Found : user_pref("extensions.funmoods.prtnrid", "funmoods");

Found : user_pref("extensions.funmoods.savedVrsnTs", "1");

Found : user_pref("extensions.funmoods.sg", "none");

Found : user_pref("extensions.funmoods.smplGrp", "none");

Found : user_pref("extensions.funmoods.smplgrp", "none");

Found : user_pref("extensions.funmoods.srch", "");

Found : user_pref("extensions.funmoods.srchPrvdr", "Search");

Found : user_pref("extensions.funmoods.srchprvdr", "Search");

Found : user_pref("extensions.funmoods.tlbrId", "base");

Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]

Found : user_pref("extensions.funmoods.tlbrid", "base");

Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]

Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:49:4");

Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Found : user_pref("extensions.funmoods.vrsnts", "1.5.23.228:49:4");

Found : user_pref("extensions.funmoods_i.newTab", true);

Found : user_pref("extensions.funmoods_i.smplGrp", "none");

Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:49:4");

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.DNSCatch", false);

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.FirstLaunchShown", true);

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.LastDate", 12);

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.customNewTab", false);

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.processAddrBar", false);

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.session", "87970EF4FCD9E8BBB7EE85A49B2BDC0F39F1[...]

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.tb_lang", "en");

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.user_id", "73006187");

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.vars.disablecuidinject", "1");

Found : user_pref("freecause70263cf9d46a4be4adc629500ba884e1.yahooSearch", false);

Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B9d3ecd40-c51e-47ac-81f8-eb9c5bea470e%[...]

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\PEB\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.37] : search_url = "hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309",

Found [l.192] : homepage = "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309",

Found [l.418] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtD0FtBtA0Dzy0EyDyC0E0DtN0D0Tzu0CtByEzztN1L2XzutBtFtCtFtCtFtAtCtB&cr=1582420309" ]

*************************

AdwCleaner[R1].txt - [15487 octets] - [12/09/2012 11:04:57]

########## EOF - C:\AdwCleaner[R1].txt - [15548 octets] ##########

aswMBR log

Run date: 2012-09-12 10:56:47

-----------------------------

10:56:47.653 OS Version: Windows 5.1.2600 Service Pack 3

10:56:47.653 Number of processors: 4 586 0x170A

10:56:47.653 ComputerName: PAUL-DESKTOP UserName: PEB

10:56:48.840 Initialize success

10:57:08.418 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

10:57:08.418 Disk 0 Vendor: ST3250318AS CC38 Size: 238475MB BusType: 3

10:57:08.434 Disk 0 MBR read successfully

10:57:08.434 Disk 0 MBR scan

10:57:08.434 Disk 0 Windows XP default MBR code

10:57:08.434 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 238464 MB offset 63

10:57:08.434 Disk 0 scanning sectors +488376000

10:57:08.512 Disk 0 scanning C:\WINDOWS\system32\drivers

10:57:12.731 Service scanning

10:57:21.450 Modules scanning

10:57:25.121 Disk 0 trace - called modules:

10:57:25.137 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

10:57:25.137 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89d36ab8]

10:57:25.137 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x89d7bd98]

10:57:25.153 Scan finished successfully

10:57:47.856 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\PEB\My Documents\MBR.dat"

10:57:47.856 The log file has been saved successfully to "C:\Documents and Settings\PEB\My Documents\aswMBR scan.txt"

new DDS log

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by PEB at 11:05:36 on 2012-09-12

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1975.901 [GMT -4:00]