Savings Sidekick on infected laptop

[madsunfire]

hello,

I discovered that my brother had savings sidekick on his laptop and used your antimalware program to get rid of the infections. I'm still worried there might be leftover infections on his laptop. Here are the logs requested. Please help me!

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by Darrell Daniels at 0:00:50 on 2012-09-19

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1401 [GMT -4:00]

.

AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Windows Defender\MsMpEng.exe

C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

svchost.exe

C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\Giraffic\Veoh_Giraffic.exe

C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\Tablet.exe

C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Trusteer\Rapport\bin\RapportService.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe

C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe

C:\Program Files\Dell\Dell Mobile Broadband\systray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\Apoint\HidFind.exe

C:\WINDOWS\system32\WDBtnMgr.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe

C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [installIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun

uRun: [Weather] c:\program files\aws\weatherbug\Weather.exe 1

uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /installquiet

mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [Apoint] c:\program files\apoint\Apoint.exe

mRun: [intelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"

mRun: [intelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless

mRun: [systray] c:\program files\dell\dell mobile broadband\systray.exe

mRun: [<NO NAME>]

mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide

mRun: [instaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [WD Button Manager] WDBtnMgr.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

TCP: Interfaces\{A6664924-149E-46D5-B5F8-BCA3090E979F} : DhcpNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{E88DF54E-116A-4C7B-BFF2-4E21505ED8F9} : DhcpNameServer = 192.168.2.1

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\darrell daniels\application data\mozilla\firefox\profiles\c6pybqzs.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll

FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

.

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2011-4-2 57112]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-2-9 36000]

R1 RapportCerberus_42020;RapportCerberus_42020;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_42020.sys [2012-8-8 228376]

R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-9-7 71480]

R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-9-7 166840]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-2-9 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-2-9 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-2-9 83392]

R2 Giraffic;Veoh Giraffic Video Accelerator;c:\program files\giraffic\veoh_girafficwatchdog.exe --service --> c:\program files\giraffic\Veoh_GirafficWatchdog.exe --service [?]

R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-9-7 976728]

R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

R3 NWDellModem;Dell Wireless Mobile Broadband Modem Driver;c:\windows\system32\drivers\nwdelmdm.sys [2007-3-22 92288]

R3 NWDellPort;Dell Wireless Mobile Broadband Status Port Driver;c:\windows\system32\drivers\nwdelser.sys [2007-3-22 92288]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-1 136176]

S2 IBUpdaterService;Updater Service;"c:\documents and settings\all users\application data\ibupdaterservice\ibsvc.exe" /service --> c:\documents and settings\all users\application data\ibupdaterservice\ibsvc.exe [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 250568]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-1 136176]

S3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2012-6-23 9216]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 114144]

S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-9-7 65848]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 606056]

S3 ZTEusbMB;ZTE NMEAExt2 Port;c:\windows\system32\drivers\ZTEusbnmeaext2.sys [2012-6-23 107776]

S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [2012-6-23 116736]

.

=============== Created Last 30 ================

.

2012-09-18 06:16:55 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{db73c3f7-3985-466d-81d0-9e1ef7809ed2}\mpengine.dll

2012-09-07 15:07:30 65848 ----a-w- c:\windows\system32\drivers\RapportKELL.sys

2012-08-30 16:13:57 -------- d-----w- c:\documents and settings\darrell daniels\local settings\application data\Savings Sidekick

2012-08-30 16:13:54 -------- d-----w- c:\program files\Savings Sidekick

.

==================== Find3M ====================

.

2012-09-07 21:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 22:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-22 02:01:24 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-22 02:01:24 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

.

============= FINISH: 0:01:37.12 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 3/24/2011 3:57:41 PM

System Uptime: 9/18/2012 11:18:11 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 0JK187

Processor: Genuine Intel® CPU T2500 @ 2.00GHz | Microprocessor | 1318/166mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 85 GiB total, 51.09 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Dell Wireless 1490 Dual Band WLAN Mini-Card

Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&360A6DE&0&00E1

Manufacturer: Broadcom

Name: Dell Wireless 1490 Dual Band WLAN Mini-Card

PNP Device ID: PCI\VEN_14E4&DEV_4312&SUBSYS_00071028&REV_01\4&360A6DE&0&00E1

Service: BCM43XX

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth Device (Personal Area Network)

Device ID: BTH\MS_BTHPAN\7&25CEFB0A&0&2

Manufacturer: Microsoft

Name: Bluetooth Device (Personal Area Network)

PNP Device ID: BTH\MS_BTHPAN\7&25CEFB0A&0&2

Service: BthPan

.

==== System Restore Points ===================

.

RP522: 6/21/2012 10:45:18 AM - System Checkpoint

RP523: 6/22/2012 6:23:21 AM - Software Distribution Service 3.0

RP524: 6/23/2012 12:15:30 AM - Installed Mobile Hotspot Admin

RP525: 6/24/2012 4:55:14 AM - System Checkpoint

RP526: 6/25/2012 5:24:25 AM - System Checkpoint

RP527: 6/26/2012 11:04:51 AM - Software Distribution Service 3.0

RP528: 6/28/2012 10:48:51 AM - System Checkpoint

RP529: 6/29/2012 10:43:48 AM - Software Distribution Service 3.0

RP530: 6/30/2012 12:45:42 PM - System Checkpoint

RP531: 6/30/2012 7:37:52 PM - Removed Java™ 6 Update 31

RP532: 6/30/2012 7:38:35 PM - Installed Java™ 6 Update 33

RP533: 7/1/2012 8:15:43 PM - System Checkpoint

RP534: 7/3/2012 11:24:55 AM - Software Distribution Service 3.0

RP535: 7/4/2012 6:07:53 PM - System Checkpoint

RP536: 7/5/2012 8:05:49 PM - System Checkpoint

RP537: 7/6/2012 11:20:20 AM - Software Distribution Service 3.0

RP538: 7/7/2012 1:25:33 PM - System Checkpoint

RP539: 7/8/2012 2:02:50 PM - System Checkpoint

RP540: 7/9/2012 3:35:22 PM - System Checkpoint

RP541: 7/10/2012 11:09:04 AM - Software Distribution Service 3.0

RP542: 7/11/2012 10:45:38 AM - Software Distribution Service 3.0

RP543: 7/12/2012 7:05:27 AM - Software Distribution Service 3.0

RP544: 7/13/2012 7:05:41 AM - Software Distribution Service 3.0

RP545: 7/14/2012 8:02:09 AM - System Checkpoint

RP546: 7/15/2012 8:23:20 AM - System Checkpoint

RP547: 7/16/2012 5:36:33 PM - System Checkpoint

RP548: 7/16/2012 8:22:16 PM - Installed Rapport

RP549: 7/17/2012 11:10:51 AM - Software Distribution Service 3.0

RP550: 7/18/2012 2:34:49 PM - System Checkpoint

RP551: 7/19/2012 3:56:39 PM - System Checkpoint

RP552: 7/20/2012 10:42:01 AM - Software Distribution Service 3.0

RP553: 7/21/2012 2:53:38 PM - System Checkpoint

RP554: 7/22/2012 2:57:15 PM - System Checkpoint

RP555: 7/23/2012 3:23:55 PM - System Checkpoint

RP556: 7/24/2012 11:24:17 AM - Software Distribution Service 3.0

RP557: 7/25/2012 11:57:27 AM - System Checkpoint

RP558: 7/26/2012 1:11:09 PM - System Checkpoint

RP559: 7/27/2012 7:03:29 AM - Software Distribution Service 3.0

RP560: 7/28/2012 7:09:23 AM - System Checkpoint

RP561: 7/29/2012 7:35:42 AM - System Checkpoint

RP562: 7/30/2012 7:52:35 AM - System Checkpoint

RP563: 7/31/2012 7:04:36 AM - Software Distribution Service 3.0

RP564: 8/1/2012 7:59:58 AM - System Checkpoint

RP565: 8/2/2012 8:43:28 AM - System Checkpoint

RP566: 8/3/2012 6:01:39 AM - Software Distribution Service 3.0

RP567: 8/4/2012 12:37:03 PM - System Checkpoint

RP568: 8/5/2012 6:49:30 PM - System Checkpoint

RP569: 8/7/2012 11:01:09 AM - Software Distribution Service 3.0

RP570: 8/8/2012 1:15:21 PM - System Checkpoint

RP571: 8/8/2012 7:04:26 PM - Installed Rapport

RP572: 8/9/2012 8:10:12 PM - System Checkpoint

RP573: 8/10/2012 1:55:07 AM - Software Distribution Service 3.0

RP574: 8/11/2012 9:51:19 AM - System Checkpoint

RP575: 8/12/2012 10:50:38 AM - System Checkpoint

RP576: 8/13/2012 11:02:06 AM - System Checkpoint

RP577: 8/14/2012 7:21:35 AM - Software Distribution Service 3.0

RP578: 8/15/2012 4:31:53 PM - System Checkpoint

RP579: 8/15/2012 8:51:08 PM - Software Distribution Service 3.0

RP580: 8/17/2012 6:58:58 AM - Software Distribution Service 3.0

RP581: 8/18/2012 7:48:29 AM - System Checkpoint

RP582: 8/19/2012 8:26:30 AM - System Checkpoint

RP583: 8/20/2012 10:57:15 AM - System Checkpoint

RP584: 8/20/2012 11:38:11 AM - Configured 2007 Microsoft Office system

RP585: 8/21/2012 2:01:10 AM - Software Distribution Service 3.0

RP586: 8/22/2012 2:59:15 AM - System Checkpoint

RP587: 8/23/2012 3:17:59 AM - System Checkpoint

RP588: 8/24/2012 1:49:48 PM - System Checkpoint

RP589: 8/25/2012 10:08:26 AM - Software Distribution Service 3.0

RP590: 8/26/2012 9:50:37 AM - Installed Rapport

RP591: 8/27/2012 10:13:48 AM - System Checkpoint

RP592: 8/28/2012 2:07:04 AM - Software Distribution Service 3.0

RP593: 8/28/2012 5:57:51 PM - Software Distribution Service 3.0

RP594: 8/29/2012 8:17:17 PM - System Checkpoint

RP595: 8/30/2012 8:54:12 PM - System Checkpoint

RP596: 8/31/2012 2:30:11 AM - Software Distribution Service 3.0

RP597: 9/1/2012 11:41:32 AM - System Checkpoint

RP598: 9/1/2012 2:14:53 PM - Installed Java™ 6 Update 35

RP599: 9/3/2012 2:06:08 PM - System Checkpoint

RP600: 9/4/2012 11:25:56 AM - Software Distribution Service 3.0

RP601: 9/5/2012 12:39:26 PM - System Checkpoint

RP602: 9/6/2012 7:04:38 AM - Software Distribution Service 3.0

RP603: 9/7/2012 11:13:28 AM - Software Distribution Service 3.0

RP604: 9/8/2012 12:10:01 PM - System Checkpoint

RP605: 9/9/2012 1:58:27 PM - System Checkpoint

RP606: 9/10/2012 12:11:47 PM - Configured 2007 Microsoft Office system

RP607: 9/11/2012 11:40:34 AM - Software Distribution Service 3.0

RP608: 9/12/2012 12:00:44 PM - Installed Rapport

RP609: 9/12/2012 12:13:01 PM - Software Distribution Service 3.0

RP610: 9/13/2012 12:41:25 PM - System Checkpoint

RP611: 9/14/2012 2:08:26 AM - Software Distribution Service 3.0

RP612: 9/15/2012 2:41:57 AM - System Checkpoint

RP613: 9/16/2012 11:05:55 AM - System Checkpoint

RP614: 9/17/2012 2:37:08 PM - System Checkpoint

RP615: 9/17/2012 11:37:21 PM - Avira Free Antivirus - 9/17/2012 23:37

RP616: 9/18/2012 2:16:49 AM - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

2007 Microsoft Office system

Acrobat.com

Adobe AIR

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.2

Adobe Shockwave Player 11.5

AIM 7

AiO_Scan_CDA

AiOSoftwareNPI

ALPS Touch Pad Driver

Apple Application Support

Apple Software Update

Avira Free Antivirus

Belkin F7D1101 Basic Wireless USB Adapter

Belkin Setup and Router Monitor

BufferChm

CCleaner

Conexant HDA D110 MDC V.92 Modem

CustomerResearchQFolder

DELETER CG illust 2E

Dell Driver Download Manager

Dell Mobile Broadband Card Utility

Demonbane USA 1.0

Destinations

DeviceManagementQFolder

Download Updater (AOL LLC)

DrawPlus 3.0

eSupportQFolder

F300

F300_Help

Fax_CDA

File Type Assistant

FinalTorrent 2011

Google Chrome

Google Update Helper

Gurren Lagann OP 3 Screensaver

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

HP Customer Participation Program 7.0

HP Imaging Device Functions 7.0

HP Photosmart Essential

HP Photosmart, Officejet and Deskjet 7.0.A

HP Software Update

HP Solution Center 7.0

HPPhotoSmartExpress

HPProductAssistant

InstallIQ Updater

InstantShareDevicesMFC

Intel® PROSet/Wireless Software

Java Auto Updater

Java™ 6 Update 3

Java™ 6 Update 35

Katawa Shoujo

Malwarebytes Anti-Malware version 1.65.0.1400

MarketResearch

mCore

mDriver

mDrWiFi

mHlpDell

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Hybrid 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Office XP Professional

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Web Publishing Wizard 1.52

mIWA

mLogView

mMHouse

Mobile Hotspot Admin

Mozilla Firefox 15.0.1 (x86 en-US)

Mozilla Maintenance Service

mPfMgr

mPfWiz

mProSafe

mSCfg

mSSO

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser

mWlsSafe

mWMI

mZConfig

NetAssistant

NetAssistant for Firefox

NewCopy_CDA

NVIDIA Drivers

Paragon Backup & Recovery™ 2011 (Advanced) Free

Photo Organizer

ProductContextNPI

QuickTime

Ragnarok Online

Rapport

Readme

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

RealUpgrade 1.1

Retrospect 6.5

Savings Sidekick

Scan

ScannerCopy

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2530548)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2559049)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2482017)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Shockwave

SigmaTel Audio

SolutionCenter

Sonic Foundry ACID 2.0d

SpywareBlaster 4.6

Status

SUPERAntiSpyware

The Print Shop

Toolbox

TouchChip USB Driver 2.6

TrayApp

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Windows Internet Explorer 8 (KB2447568)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update Service

Updater Service

Veoh Giraffic Video Accelerator

Veoh Web Player

Wacom Tablet Driver

WebFldrs XP

WebReg

Windows Defender

Windows Essentials Media Codec Pack 3.4 [32-Bit]

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

.

==== Event Viewer Messages From Past Week ========

.

9/17/2012 12:32:35 PM, error: Cdrom [11] - The driver detected a controller error on \Device\CdRom0.

9/13/2012 7:51:08 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

9/13/2012 7:51:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WMI Performance Adapter service to connect.

9/13/2012 7:51:08 PM, error: Service Control Manager [7000] - The WMI Performance Adapter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/13/2012 11:15:21 AM, error: Service Control Manager [7000] - The Updater Service service failed to start due to the following error: The system cannot find the file specified.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please delete these two folders:

c:\documents and settings\darrell daniels\local settings\application data\Savings Sidekick

c:\program files\Savings Sidekick

Then......

Please download AdwCleaner from here and save it on your Desktop.

1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
   
2. Now click on the Search tab.
   
3. Please post the contents of the log-file created in your next post.
   

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

[madsunfire]

Hi,

I deleted the files. However, I can't log in as an administrator for the cleaning program so I had to log in as a regular user to use it. Here's the log.

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 09:00:04

# Updated 16/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Darrell Daniels - SHENCHIII

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Darrell Daniels\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : IBUpdaterService

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt

Folder Found : C:\Documents and Settings\All Users\Application Data\IBUpdaterService

Folder Found : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdate

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Darrell Daniels\Application Data\Mozilla\Firefox\Profiles\c6pybqzs.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Darrell Daniels\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3555 octets] - [19/09/2012 09:00:04]

########## EOF - C:\AdwCleaner[R1].txt - [3615 octets] ##########

[MrCharlie]

1. Please re-run AdwCleaner
   
2. Click on Delete button.
   
3. Confirm each time with OK.
   
4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

[madsunfire]

Here's the log.

# AdwCleaner v2.002 - Logfile created 09/19/2012 at 09:26:17

# Updated 16/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Darrell Daniels - SHENCHIII

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Darrell Daniels\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : IBUpdaterService

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt

Folder Deleted : C:\Documents and Settings\All Users\Application Data\IBUpdaterService

Folder Deleted : C:\Program Files\Common Files\Software Update Utility

***** [Registry] *****

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.FBApi.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0005060.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController

Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Updater Service

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Darrell Daniels\Application Data\Mozilla\Firefox\Profiles\c6pybqzs.default\prefs.js

C:\Documents and Settings\Darrell Daniels\Application Data\Mozilla\Firefox\Profiles\c6pybqzs.default\user.js ... Deleted !

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Darrell Daniels\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3684 octets] - [19/09/2012 09:00:04]

AdwCleaner[s1].txt - [4074 octets] - [19/09/2012 09:26:17]

########## EOF - C:\AdwCleaner[s1].txt - [4134 octets] ##########

[MrCharlie]

That should do it.....how is it???

~~~~~~~~~~~~~~~~~~~

Before you go.......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

MrC

[madsunfire]

Laptop seems fine. No problems at the moment. Here's the log.

Results of screen317's Security Check version 0.99.51

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Avira Desktop

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

SpywareBlaster 4.6

SUPERAntiSpyware

Windows Defender

Malwarebytes Anti-Malware version 1.65.0.1400

CCleaner

Java 6 Update 35

Java 6 Update 3

Java version out of Date!

Adobe Flash Player 11.4.402.265

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (15.0.1)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

````````Process Check: objlist.exe by Laurent````````

Windows Defender MSMpEng.exe

Windows Defender MSASCui.exe

Avira Antivir avgnt.exe

Avira Antivir avguard.exe

Windows Defender MsMpEng.exe

Windows Defender MSASCui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)

````````````````````End of Log``````````````````````

[MrCharlie]

Java™ 6 Update 35 <---uninstall from add/remove programs

Java™ 6 Update 3 <---uninstall from add/remove programs

Java version out of Date! <----download and install the latest version "Version 7 Update 7"

Adobe Flash Player 11.4.402.265

Adobe Reader 9 Adobe Reader out of Date! <---please update

You have out dated programs on the system which are vulnerable to malware.

Please update or delete them

Info on doing that can be found in my Preventive Maintenance

~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[madsunfire]

thank you for all your help. I've updated his programs and removed old versions of Java. Laptop is fine and is having no problems.

You've been a great assistance.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!