Jump to content

PUP Bundleins


Recommended Posts

My computer(xp pro) had not been operating correctly for 5 days,I was getting notices advising that" mscms.dll is not a valid windows image",my printer is not working,and I cannot copy and save PDF 's.

I ran a full scan on Windows Essential,it found NO viruses,I then ran a scan with Malwarebytes Pro and it found PUP Bundleins,I removed the malware but on restarting I found my problems still existed,I ran another scan with Malwarebytes and it found no infections

but.....my protection options are disabled and when I try to contact Malwarebytes Support, the notices regarding "valid windows image "

appear and I have to contact Malwarebytes thru my web browser.

I have attached files

attach.txt

dds.txt

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.65.0.1400

www.malwarebytes.org

Database version: v2012.10.04.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Phil :: XXX-A04PFSJJUER [administrator]

Protection: Disabled

10/5/2012 12:08:27 PM

mbam-log-2012-10-05 (12-08-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 201679

Time elapsed: 6 minute(s), 57 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

==== Installed Programs ======================

.

@BIOS B07.0108.01

AC3Filter (remove only)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

All Free Video Joiner 4.1.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

ATI Display Driver

AviSynth 2.5

AVS Update Manager 1.0

AVS Video Converter 6

Canon iP1300

Canon ScanGear Toolbox CS 2.2

Canon Utilities Easy-PhotoPrint

Canon Utilities Easy-PrintToolBox

Cars

CCleaner

CDBurnerXP

Cool Edit Pro 2.0

Critical Update for Windows Media Player 11 (KB959772)

Data Lifeguard Tools

Digital Photo Navigator 1.5

DMIView B7.0108.01

Dropbox

DVD Solution

e-tax 2007

e-tax 2008

e-tax 2009

e-tax 2011

e-tax 2012

EaseUS Partition Master 9.1.1 Home Edition

Easy-WebPrint

EasyCleaner

EasyTune5

ERUNT 1.1j

ffdshow [rev 3154] [2009-12-09]

Free Registry Defrag

FreeCommander 2009.02

GIMP 2.4.7

Google Chrome

Google Desktop

Google Earth

Google Toolbar for Firefox

Google Update Helper

Haali Media Splitter

HD Tune 2.55

HDD Health v3.3 Beta

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

i-Cool

ImgBurn

InCD

ISO Recorder

iTunes

Java Auto Updater

Java 6 Update 20

Java 6 Update 35

Java 6 Update 6

Java 6 Update 7

Junk Mail filter update

KB USB Digital TV Tuner

LastPass (uninstall only)

Magical Jelly Bean KeyFinder

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliPoint 8.0

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Motocross Madness

Microsoft National Language Support Downlevel APIs

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual J# 2.0 Redistributable Package

MobileMe Control Panel

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVC80_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Launcher

MWSnap 3

Need for Speed™ Most Wanted

Nero OEM

Nikon View 6

NimoFilm

novaPDF Lite Desktop 6.3 printer

OpenOffice.org 3.2

OptusNet DSL

Outlook Express Backup 6.5

Outlook Express Quick Backup

Paint.NET v3.5.10

PC Connectivity Solution

PE Builder 3.1.10

Personal Ancestral File 5

Personal Ancestral File 5 Lessons

PowerCinema

PowerCinema NE for Everio

PowerDirector Express

PowerDVD

PowerProducer

QuickTime

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

Red Swoosh

Revo Uninstaller 1.88

Samsung PC Studio 7

SAMSUNG SYMBIAN USB Download Driver

SamsungConnectivityCableDriver

Secunia PSI (2.0.0.1003)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Siemens Subscriber Networks SpeedStream DSL

SimHID Setup

Smart Menus (Windows Live Toolbar)

SmartGlobe AU

SmartGlobe Deluxe V3.12

SolidWorks eDrawings 2009

Sothink Movie DVD Maker

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

swMSM

Twisted Pair Computer Based Training Learn Electronics Part 1 5.03

Twisted Pair Computer Based Training Learn Electronics Part 12 5.03

Twisted Pair Computer Based Training Learn Electronics Part 2 5.03

Unity Web Player

Unlocker 1.8.7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VirtualBreadboard

WebFldrs XP

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows Support Tools

Windows XP Service Pack 3

WinFuture xp-Iso-Builder 3.0.7

WinRAR archiver

XviD MPEG-4 Video Codec

Yontoo 1.10.02

YourFileDownloader

Zinio Alert Messenger

Zinio Reader 4

ZipGenius 6 (6.0.3.1140)

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by Phil at 12:30:54 on 2012-10-05

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Oregon Scientific\SmartGlobe AU\SmartGlobeAU.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Phil\Desktop\dds (1).com

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [PowerBar]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Desktop Service Centre] c:\program files\optusnet dsl internet\DSC.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212786752608

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3CEBA2BF-695E-4EB4-81CE-B9581B8EF025} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{CF00E137-C82F-4C18-A9CD-50DAF46A6B19} : DhcpNameServer = 192.168.0.1

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\phil\application data\mozilla\firefox\profiles\mn5vxfd2.default-1347195038640\

FF - plugin: c:\documents and settings\phil\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_278.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npptools.dll

.

============= SERVICES / DRIVERS ===============

.

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? Ambfilt;Ambfilt

R? AVFSFilter;AVFSFilter

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? epmntdrv;epmntdrv

R? EuGdiDrv;EuGdiDrv

R? fsssvc;Windows Live Family Safety Service

R? GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391

R? gupdate1ca3f66e8640104;Google Update Service (gupdate1ca3f66e8640104)

R? gupdatem;Google Update Service (gupdatem)

R? MozillaMaintenance;Mozilla Maintenance Service

R? PSI;PSI

R? rt2870;D-Link 802.11n USB Wireless LAN Card Driver

R? SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER

R? WinRM;Windows Remote Management (WS-Management)

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? dc3d;MS Hardware Device Detection Driver

S? fssfltr;fssfltr

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? MpFilter;Microsoft Malware Protection Driver

S? Secunia PSI Agent;Secunia PSI Agent

.

=============== Created Last 30 ================

.

2012-09-30 11:14:37 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e5a74e5f-e2d6-441a-9817-1f3be190bec7}\mpengine.dll

2012-09-30 10:06:30 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-09-25 01:16:26 -------- d-----w- c:\windows\$regcmp$

2012-09-21 06:27:15 9573296 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

.

==================== Find3M ====================

.

2012-09-30 10:14:44 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-30 10:14:43 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-07 07:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-28 10:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-28 10:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 08:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-17 06:31:57 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-08-17 06:31:56 499712 ----a-w- c:\windows\system32\msvcp71.dll

2004-03-11 03:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 12:32:21.51 ===============

Files as requested,

Link to post
Share on other sites

  • Staff

Hi,

Uninstall Yontoo from Add or Remove Programs.

Reboot.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

If after ComboFix reboots you get a message about an "Invalid Option Registry Key Marked for Deletion," please reboot again and the error will go away.

-screen317

Link to post
Share on other sites

ComboFix 12-10-04.02 - Phil 10/06/2012 16:17:44.2.2 - x86

Running from: c:\documents and settings\Phil\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Phil\LOCALS~1\Temp\{C2840B50-EF25-42B8-93EB-828CF7E4B7C0}\flash.ocx

c:\docume~1\Phil\LOCALS~1\Temp\{DC999749-A210-4DA2-875F-B74514621C34}\_extra\objects\cmdline.dll

c:\documents and settings\All Users\Application Data\9a0fc9ee.dat

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\Phil\g2mdlhlpx.exe

c:\documents and settings\Phil\Local Settings\temp\{C2840B50-EF25-42B8-93EB-828CF7E4B7C0}\flash.ocx

c:\documents and settings\Phil\Local Settings\temp\{DC999749-A210-4DA2-875F-B74514621C34}\_extra\objects\cmdline.dll

c:\documents and settings\Phil\WINDOWS

c:\windows\EventSystem.log

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\FlashPlayerInstaller.exe

c:\windows\system32\SET58.tmp

c:\windows\system32\SET5D.tmp

c:\windows\system32\SETA4.tmp

c:\windows\system32\SETA5.tmp

c:\windows\system32\SETA6.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

Infected copy of c:\windows\system32\termsrv.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\termsrv.dll

.

Infected copy of c:\windows\system32\srsvc.dll was found and disinfected

Restored copy from - c:\windows\ERDNT\cache\srsvc.dll

.

Infected copy of c:\windows\system32\wiaservc.dll was found and disinfected

Restored copy from - c:\windows\ServicePackFiles\i386\wiaservc.dll

.

.

((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 )))))))))))))))))))))))))))))))

.

.

2012-10-06 06:27 . 2012-10-06 06:27 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C224254-1ACC-4FAA-B23C-9891C0909776}\MpKsl47ddf917.sys

2012-10-06 05:28 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C224254-1ACC-4FAA-B23C-9891C0909776}\mpengine.dll

2012-09-30 11:14 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-25 01:16 . 2012-09-25 01:22 -------- d-----w- c:\windows\$regcmp$

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-30 10:14 . 2012-04-11 05:25 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-30 10:14 . 2011-05-27 09:22 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-07 07:04 . 2010-06-23 05:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2008-06-06 07:26 385024 ----a-w- c:\windows\system32\html.iec

2012-08-28 10:24 . 2012-06-20 09:29 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-28 10:24 . 2010-06-23 09:44 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 08:39 . 2008-06-12 10:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-17 06:31 . 2008-06-07 12:04 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-08-17 06:31 . 2008-06-07 12:04 499712 ----a-w- c:\windows\system32\msvcp71.dll

2004-03-11 03:27 . 2008-06-14 07:30 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2012-07-31 11:13 . 2011-05-21 06:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"="" [bU]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-08 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]

"RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]

.

c:\documents and settings\Phil\Start Menu\Programs\Startup\

Zinio Alert Messenger.lnk - c:\program files\Zinio Alert Messenger\Zinio Alert Messenger.exe [2012-5-17 126976]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SmartGlobeAU.lnk - c:\program files\Oregon Scientific\SmartGlobe AU\SmartGlobeAU.exe [2008-9-5 2555904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk

backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SimHID.lnk

backup=c:\windows\pss\SimHID.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Phil\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]

path=c:\documents and settings\Phil\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Phil\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^SimHID.exe.lnk]

path=c:\documents and settings\Phil\Start Menu\Programs\Startup\SimHID.exe.lnk

backup=c:\windows\pss\SimHID.exe.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 02:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]

2007-11-01 06:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2004-09-07 13:25 1400944 ------w- c:\program files\Ahead\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 15:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 01:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-07-30 08:35 159744 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 08:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60 PC Suite Tray]

2008-12-05 15:48 699392 ----a-w- c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-07-08 22:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Documents and Settings\\Phil\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\YourFileDownloader\\Downloader.exe"=

"c:\\Program Files\\YourFileDownloader\\YourFile.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 gupdate1ca3f66e8640104;Google Update Service (gupdate1ca3f66e8640104);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]

R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\DRIVERS\9kdUSBXP.sys [x]

S1 MpKsl47ddf917;MpKsl47ddf917;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C224254-1ACC-4FAA-B23C-9891C0909776}\MpKsl47ddf917.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL47DDF917

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 10:14]

.

2012-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]

.

2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 11:37]

.

2012-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 11:37]

.

2012-10-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=HP_ss&mntrId=4480342a000000000000001a4d751026

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=KW_ss&mntrId=4480342a000000000000001a4d751026&q=

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 4480342a000000000000001a4d751026

FF - user.js: extensions.BabylonToolbar_i.hardId - 4480342a000000000000001a4d751026

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15487

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:23

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

SafeBoot-Wdf01000.sys

MSConfigStartUp-MediaGet2 - c:\documents and settings\Phil\Local Settings\Application Data\MediaGet2\mediaget.exe

MSConfigStartUp-TkBellExe - c:\program files\real\realplayer\update\realsched.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-06 16:27

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ???????????????????????????????????????????????????????????? ??|`??|????]??|?dF~??????????????@?8?@??????????!?s?%?s??????@?????D&?s?U???s?s????????????^=?s?????????!?s?%?s??????@?8?@?D&?s?V???$@?8?@?8?@??????????V???A?????shA??xU??hA???A??0??s?????????V?????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-515967899-343818398-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(724)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(3708)

c:\windows\system32\WININET.dll

c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Samsung\Samsung PC Studio 7\phonebrowser.dll

c:\program files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Ahead\InCD\InCDsrv.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\RTHDCPL.EXE

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

.

**************************************************************************

.

Completion time: 2012-10-06 16:34:42 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-06 06:34

ComboFix2.txt 2010-07-03 10:54

.

Pre-Run: 110,165,331,968 bytes free

Post-Run: 111,215,648,768 bytes free

.

- - End Of File - - CBA13728E7CECFBD6A6568C11D5AD62A

.

==== Installed Programs ======================

.

@BIOS B07.0108.01

AC3Filter (remove only)

Acrobat.com

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

All Free Video Joiner 4.1.6

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ATI Catalyst Install Manager

ATI Display Driver

AviSynth 2.5

AVS Update Manager 1.0

AVS Video Converter 6

Canon iP1300

Canon ScanGear Toolbox CS 2.2

Canon Utilities Easy-PhotoPrint

Canon Utilities Easy-PrintToolBox

Cars

CCleaner

CDBurnerXP

Cool Edit Pro 2.0

Critical Update for Windows Media Player 11 (KB959772)

Data Lifeguard Tools

Digital Photo Navigator 1.5

DMIView B7.0108.01

Dropbox

DVD Solution

e-tax 2007

e-tax 2008

e-tax 2009

e-tax 2011

e-tax 2012

EaseUS Partition Master 9.1.1 Home Edition

Easy-WebPrint

EasyCleaner

EasyTune5

ERUNT 1.1j

ffdshow [rev 3154] [2009-12-09]

Free Registry Defrag

FreeCommander 2009.02

GIMP 2.4.7

Google Chrome

Google Desktop

Google Earth

Google Toolbar for Firefox

Google Update Helper

Haali Media Splitter

HD Tune 2.55

HDD Health v3.3 Beta

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

i-Cool

ImgBurn

InCD

ISO Recorder

iTunes

Java Auto Updater

Java 6 Update 20

Java 6 Update 35

Java 6 Update 6

Java 6 Update 7

Junk Mail filter update

KB USB Digital TV Tuner

LastPass (uninstall only)

Magical Jelly Bean KeyFinder

Malwarebytes Anti-Malware version 1.65.0.1400

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft IntelliPoint 8.0

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Motocross Madness

Microsoft National Language Support Downlevel APIs

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual J# 2.0 Redistributable Package

MobileMe Control Panel

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVC80_x86

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multimedia Launcher

MWSnap 3

Need for Speed™ Most Wanted

Nero OEM

Nikon View 6

NimoFilm

novaPDF Lite Desktop 6.3 printer

OpenOffice.org 3.2

OptusNet DSL

Outlook Express Backup 6.5

Outlook Express Quick Backup

Paint.NET v3.5.10

PC Connectivity Solution

PE Builder 3.1.10

Personal Ancestral File 5

Personal Ancestral File 5 Lessons

PowerCinema

PowerCinema NE for Everio

PowerDirector Express

PowerDVD

PowerProducer

QuickTime

REALTEK GbE & FE Ethernet PCI NIC Driver

Realtek High Definition Audio Driver

Red Swoosh

Revo Uninstaller 1.88

Samsung PC Studio 7

SAMSUNG SYMBIAN USB Download Driver

SamsungConnectivityCableDriver

Secunia PSI (2.0.0.1003)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Segoe UI

Siemens Subscriber Networks SpeedStream DSL

SimHID Setup

Smart Menus (Windows Live Toolbar)

SmartGlobe AU

SmartGlobe Deluxe V3.12

SolidWorks eDrawings 2009

Sothink Movie DVD Maker

Spelling Dictionaries Support For Adobe Reader 9

Spybot - Search & Destroy

swMSM

Twisted Pair Computer Based Training Learn Electronics Part 1 5.03

Twisted Pair Computer Based Training Learn Electronics Part 12 5.03

Twisted Pair Computer Based Training Learn Electronics Part 2 5.03

Unity Web Player

Unlocker 1.8.7

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Windows (KB971513)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VirtualBreadboard

WebFldrs XP

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Mail

Windows Live Messenger

Windows Live OneCare safety scanner

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

Windows Live Writer

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

Windows Search 4.0

Windows Support Tools

Windows XP Service Pack 3

WinFuture xp-Iso-Builder 3.0.7

WinRAR archiver

XviD MPEG-4 Video Codec

YourFileDownloader

Zinio Alert Messenger

Zinio Reader 4

ZipGenius 6 (6.0.3.1140)

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by Phil at 16:40:22 on 2012-10-06

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Oregon Scientific\SmartGlobe AU\SmartGlobeAU.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Phil\Desktop\dds (1).com

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [PowerBar]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Desktop Service Centre] c:\program files\optusnet dsl internet\DSC.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212786752608

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3CEBA2BF-695E-4EB4-81CE-B9581B8EF025} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{CF00E137-C82F-4C18-A9CD-50DAF46A6B19} : DhcpNameServer = 192.168.0.1

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\phil\application data\mozilla\firefox\profiles\fu1ff9ub.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=HP_ss&mntrId=4480342a000000000000001a4d751026

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=KW_ss&mntrId=4480342a000000000000001a4d751026&q=

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 4480342a000000000000001a4d751026

FF - user.js: extensions.BabylonToolbar_i.hardId - 4480342a000000000000001a4d751026

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15487

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:23:36

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

============= SERVICES / DRIVERS ===============

.

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? Ambfilt;Ambfilt

R? AVFSFilter;AVFSFilter

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? epmntdrv;epmntdrv

R? EuGdiDrv;EuGdiDrv

R? fsssvc;Windows Live Family Safety Service

R? GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391

R? gupdate1ca3f66e8640104;Google Update Service (gupdate1ca3f66e8640104)

R? gupdatem;Google Update Service (gupdatem)

R? MozillaMaintenance;Mozilla Maintenance Service

R? PSI;PSI

R? rt2870;D-Link 802.11n USB Wireless LAN Card Driver

R? SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER

R? WinRM;Windows Remote Management (WS-Management)

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? dc3d;MS Hardware Device Detection Driver

S? fssfltr;fssfltr

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? MpFilter;Microsoft Malware Protection Driver

S? MpKsl47ddf917;MpKsl47ddf917

S? Secunia PSI Agent;Secunia PSI Agent

.

=============== Created Last 30 ================

.

2012-10-06 06:27:46 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c224254-1acc-4faa-b23c-9891c0909776}\MpKsl47ddf917.sys

2012-10-06 05:28:26 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c224254-1acc-4faa-b23c-9891c0909776}\mpengine.dll

2012-09-30 11:14:37 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-09-25 01:16:26 -------- d-----w- c:\windows\$regcmp$

.

==================== Find3M ====================

.

2012-09-30 10:14:44 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-30 10:14:43 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-07 07:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-28 10:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-28 10:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 08:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-17 06:31:57 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-08-17 06:31:56 499712 ----a-w- c:\windows\system32\msvcp71.dll

2004-03-11 03:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 16:41:09.09 ===============

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_35

Run by Phil at 16:40:22 on 2012-10-06

.

============== Running Processes ===============

.

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\CDBurnerXP\NMSAccessU.exe

C:\Program Files\CyberLink\Shared Files\RichVideo.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\OptusNet DSL Internet\DSC.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Oregon Scientific\SmartGlobe AU\SmartGlobeAU.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Phil\Desktop\dds (1).com

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [PowerBar]

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [Desktop Service Centre] c:\program files\optusnet dsl internet\DSC.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRun: [samsung.PCSync] "c:\program files\samsung\samsung pc studio 7\PcSync2.exe" /NoDialog

IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212786752608

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab

DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{3CEBA2BF-695E-4EB4-81CE-B9581B8EF025} : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{CF00E137-C82F-4C18-A9CD-50DAF46A6B19} : DhcpNameServer = 192.168.0.1

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\phil\application data\mozilla\firefox\profiles\fu1ff9ub.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=HP_ss&mntrId=4480342a000000000000001a4d751026

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=KW_ss&mntrId=4480342a000000000000001a4d751026&q=

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 4480342a000000000000001a4d751026

FF - user.js: extensions.BabylonToolbar_i.hardId - 4480342a000000000000001a4d751026

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15487

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:23:36

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

============= SERVICES / DRIVERS ===============

.

R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service

R? Ambfilt;Ambfilt

R? AVFSFilter;AVFSFilter

R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86

R? epmntdrv;epmntdrv

R? EuGdiDrv;EuGdiDrv

R? fsssvc;Windows Live Family Safety Service

R? GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391

R? gupdate1ca3f66e8640104;Google Update Service (gupdate1ca3f66e8640104)

R? gupdatem;Google Update Service (gupdatem)

R? MozillaMaintenance;Mozilla Maintenance Service

R? PSI;PSI

R? rt2870;D-Link 802.11n USB Wireless LAN Card Driver

R? SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER

R? WinRM;Windows Remote Management (WS-Management)

R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0

S? dc3d;MS Hardware Device Detection Driver

S? fssfltr;fssfltr

S? MBAMProtector;MBAMProtector

S? MBAMScheduler;MBAMScheduler

S? MBAMService;MBAMService

S? MpFilter;Microsoft Malware Protection Driver

S? MpKsl47ddf917;MpKsl47ddf917

S? Secunia PSI Agent;Secunia PSI Agent

.

=============== Created Last 30 ================

.

2012-10-06 06:27:46 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c224254-1acc-4faa-b23c-9891c0909776}\MpKsl47ddf917.sys

2012-10-06 05:28:26 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9c224254-1acc-4faa-b23c-9891c0909776}\mpengine.dll

2012-09-30 11:14:37 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-09-25 01:16:26 -------- d-----w- c:\windows\$regcmp$

.

==================== Find3M ====================

.

2012-09-30 10:14:44 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-30 10:14:43 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-07 07:04:46 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec

2012-08-28 10:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-28 10:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 08:39:23 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-17 06:31:57 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-08-17 06:31:56 499712 ----a-w- c:\windows\system32\msvcp71.dll

2004-03-11 03:27:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe

.

============= FINISH: 16:41:09.09 ===============

Link to post
Share on other sites

I hope that I have supplied correct docs.

I am still getting "not valid windows images" messages,cannot print PDF's,cannot open jpeg images.

By the way,I have never been outside Australia but on October 16 I will be in New York and if you happen to look over to Long Island

and see some old Aussie Bastard waving a flag saying "Gidday Malees" it could well be me.

For your info Bilbys are a kind of rabbit and they live in the Mallee Country in Southen Australia

Link to post
Share on other sites

  • Staff

Hi,

I'll keep an eye out. :)

Looks like you have some nasty infections here.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

  • Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  • Execute the file TDSSKiller.exe by double-clicking on it.
  • Wait for the scan and disinfection process to be over.
  • When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).

The log is like UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Export the threats found (if any), and post them here.

Next, please download AdwCleaner by Xplode onto your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Next, download my Security Check from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

I have run TFC & TDSSKiller,(cannot find log(It found no infections)my windows Search is not working,I cannot download Eset, I have enabled my ActiveX controls but on reading Eset Help it says an active virus may stop the file from downloading,I have downloaded Regedit, but it is beyond my capabilities........so I have come to a stop

Link to post
Share on other sites

ComboFix 12-10-04.02 - Phil 10/10/2012 9:12.3.2 - x86

Running from: c:\documents and settings\Phil\Desktop\Malbytes\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\docume~1\Phil\LOCALS~1\Temp\{48D604D6-EA78-470F-BCAD-EC62363591F6}\_extra\objects\cmdline.dll

c:\docume~1\Phil\LOCALS~1\Temp\{4FC66F4B-2FF5-46B9-8D3F-AD492BA7A5EE}\flash.ocx

c:\documents and settings\Phil\Local Settings\temp\{48D604D6-EA78-470F-BCAD-EC62363591F6}\_extra\objects\cmdline.dll

c:\documents and settings\Phil\Local Settings\temp\{4FC66F4B-2FF5-46B9-8D3F-AD492BA7A5EE}\flash.ocx

.

.

((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 )))))))))))))))))))))))))))))))

.

.

2012-10-09 22:22 . 2012-10-09 22:22 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C224254-1ACC-4FAA-B23C-9891C0909776}\MpKsld4cfc0a9.sys

2012-10-09 07:04 . 2012-10-09 07:04 -------- d-----w- c:\program files\PSTRUH

2012-10-09 06:55 . 2005-01-27 23:45 40960 ----a-w- c:\windows\system32\Inpout32.dll

2012-10-09 06:55 . 2004-09-08 22:31 45056 ----a-w- c:\windows\system32\PadCom8810Serial.dll

2012-10-09 06:55 . 2005-09-08 02:16 1672704 ----a-w- c:\windows\system32\PINPadDevice.dll

2012-10-09 06:55 . 1997-07-10 13:00 82704 ----a-w- c:\windows\system32\GAPI32.dll

2012-10-09 06:55 . 2001-03-26 17:13 57616 ----a-w- c:\windows\system32\MSADOR15.DLL

2012-10-09 06:55 . 2001-03-26 03:13 81920 ----a-w- c:\windows\system32\MSADO25.TLB

2012-10-09 05:48 . 2012-10-09 05:48 -------- d-----w- C:\TDSSKiller_Quarantine

2012-10-06 05:28 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C224254-1ACC-4FAA-B23C-9891C0909776}\mpengine.dll

2012-09-30 11:14 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-25 01:16 . 2012-09-25 01:22 -------- d-----w- c:\windows\$regcmp$

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-30 10:14 . 2012-04-11 05:25 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-09-30 10:14 . 2011-05-27 09:22 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-09-07 07:04 . 2010-06-23 05:14 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-28 15:14 . 2001-08-23 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-28 15:14 . 2001-08-23 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-08-28 15:14 . 2001-08-23 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-28 12:07 . 2008-06-06 07:26 385024 ----a-w- c:\windows\system32\html.iec

2012-08-28 10:24 . 2012-06-20 09:29 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-08-28 10:24 . 2010-06-23 09:44 473072 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-28 08:39 . 2008-06-12 10:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-17 06:31 . 2008-06-07 12:04 348160 ----a-w- c:\windows\system32\msvcr71.dll

2012-08-17 06:31 . 2008-06-07 12:04 499712 ----a-w- c:\windows\system32\msvcp71.dll

2004-03-11 03:27 . 2008-06-14 07:30 40960 ----a-w- c:\program files\Uninstall_CDS.exe

2012-07-31 11:13 . 2011-05-21 06:15 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PowerBar"="" [bU]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-08 68856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Desktop Service Centre"="c:\program files\OptusNet DSL Internet\DSC.exe" [2005-11-30 2919831]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]

"RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-07-05 421888]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [2009-06-04 1294336]

.

c:\documents and settings\Phil\Start Menu\Programs\Startup\

Zinio Alert Messenger.lnk - c:\program files\Zinio Alert Messenger\Zinio Alert Messenger.exe [2012-5-17 126976]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

SmartGlobeAU.lnk - c:\program files\Oregon Scientific\SmartGlobe AU\SmartGlobeAU.exe [2008-9-5 2555904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkvMon.exe.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NkvMon.exe.lnk

backup=c:\windows\pss\NkvMon.exe.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SimHID.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SimHID.lnk

backup=c:\windows\pss\SimHID.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Phil\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]

path=c:\documents and settings\Phil\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]

path=c:\documents and settings\Phil\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk

backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Phil^Start Menu^Programs^Startup^SimHID.exe.lnk]

path=c:\documents and settings\Phil\Start Menu\Programs\Startup\SimHID.exe.lnk

backup=c:\windows\pss\SimHID.exe.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-04-20 02:48 58656 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]

2007-11-01 06:13 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

2004-09-07 13:25 1400944 ------w- c:\program files\Ahead\InCD\InCD.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-08-18 15:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 05:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 01:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-07-30 08:35 159744 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-07-05 08:36 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S60 PC Suite Tray]

2008-12-05 15:48 699392 ----a-w- c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-07-08 22:51 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Gigabyte\\@BIOS\\gwflash.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Gigabyte\\ET5\\update.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Documents and Settings\\Phil\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\YourFileDownloader\\Downloader.exe"=

"c:\\Program Files\\YourFileDownloader\\YourFile.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"9420:TCP"= 9420:TCP:Red Swoosh

"5000:UDP"= 5000:UDP:Red Swoosh

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 gupdate1ca3f66e8640104;Google Update Service (gupdate1ca3f66e8640104);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [x]

R3 AVFSFilter;AVFSFilter;c:\windows\system32\DRIVERS\avfsfilter.sys [x]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]

R3 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [x]

R3 SNL320XP;SONIX MULTIMEDIA USB DEVICE DRIVER;c:\windows\system32\DRIVERS\9kdUSBXP.sys [x]

S1 MpKsld4cfc0a9;MpKsld4cfc0a9;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9C224254-1ACC-4FAA-B23C-9891C0909776}\MpKsld4cfc0a9.sys [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [x]

S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLD4CFC0A9

.

Contents of the 'Scheduled Tasks' folder

.

2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 10:14]

.

2012-09-18 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 11:37]

.

2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 11:37]

.

2012-10-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com.au/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18826

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=HP_ss&mntrId=4480342a000000000000001a4d751026

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=KW_ss&mntrId=4480342a000000000000001a4d751026&q=

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=220512_53all

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 4480342a000000000000001a4d751026

FF - user.js: extensions.BabylonToolbar_i.hardId - 4480342a000000000000001a4d751026

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15487

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:23

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

.

- - - - ORPHANS REMOVED - - - -

.

SafeBoot-89363320.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-10-10 09:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

PowerBar = ???????????????????????????????????????????????????????????? ??|`??|????]??|?dF~??????????????@?8?@??????????!?s?%?s??????@?????D&?s?U???s?s????????????^=?s?????????!?s?%?s??????@?8?@?D&?s?V???$@?8?@?8?@??????????V???A?????shA??xU??hA???A??0??s?????????V?????

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-515967899-343818398-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(724)

c:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1856)

c:\windows\system32\WININET.dll

c:\documents and settings\Phil\Application Data\Dropbox\bin\DropboxExt.14.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Samsung\Samsung PC Studio 7\phonebrowser.dll

c:\program files\Samsung\Samsung PC Studio 7\PCSCM_Samsung.dll

c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll

c:\program files\Samsung\Samsung PC Studio 7\Lang\PhoneBrowser_eng.nlr

c:\program files\Samsung\Samsung PC Studio 7\Resource\PhoneBrowser_Samsung.ngr

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Ahead\InCD\InCDsrv.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Google\Update\1.3.21.123\GoogleCrashHandler.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

c:\windows\RTHDCPL.EXE

c:\program files\Microsoft IntelliPoint\dpupdchk.exe

.

**************************************************************************

.

Completion time: 2012-10-10 09:28:34 - machine was rebooted

ComboFix-quarantined-files.txt 2012-10-09 22:28

ComboFix2.txt 2012-10-06 06:34

ComboFix3.txt 2010-07-03 10:54

.

Pre-Run: 111,533,527,040 bytes free

Post-Run: 111,626,268,672 bytes free

.

- - End Of File - - 4613FD5E00D7C68474764FA68371AB72

Link to post
Share on other sites

ESET Online Scanner is unable to run even when using Administrator privileges.

It is possible that a third-party security software program is preventing ESET Online Scanner from running by setting up a so-called “killbit”. To avoid this problem advanced users may use regedit.exe to locate:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{7530BFB8-7293-4D34-9923-61A11451AFC5}

and delete the value "Compatibility Flags" REG_DWORD 0x00000400

This why I downloaded regedit.

Link to post
Share on other sites

I have found another download site for Eset,here are logs for ESET,adwcleaner and securitycheck

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=07a087e7a8e7f84b831615098c3b2de7

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-12 08:44:31

# local_time=2012-10-12 07:44:31 (+1000, AUS Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=crash

# scanned=237073

# found=14

# cleaned=14

# scan_time=8545

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\All Users\Application Data\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1004\A0349586.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1011\A0351946.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1011\A0351947.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1011\A0351948.dll a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1011\A0351949.dll Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1011\A0351951.exe probably a variant of Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1074\A0362569.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1074\A0362571.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{D8D7876F-196C-401C-88DB-695D3F9F8471}\RP1077\A0365975.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\My Docs Copy May2011xxxxxxxxx\Downloads\cnet2_OEBackup65_setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\My Docs Copy May2011xxxxxxxxx\Downloads\myron_barnstone_recommended_books_mediaget.exe a variant of Win32/MediaGet application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

F:\My Docs Copy May2011xxxxxxxxx\Exe. Programs\cnet2_OEBackup65_setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

# AdwCleaner v2.004 - Logfile created 10/12/2012 at 21:11:18

# Updated 06/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Phil - XXX-A04PFSJJUER

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Phil\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\searchplugins\Askcom.xml

File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Found : C:\user.js

Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Found : C:\Documents and Settings\Phil\Application Data\Babylon

Folder Found : C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\WinampToolbarData

Folder Found : C:\Program Files\Babylon

***** [Registry] *****

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

Key Found : HKCU\Software\Softonic

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar

Key Found : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1

Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink

Key Found : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1

Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem

Key Found : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1

Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler

Key Found : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1

Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher

Key Found : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1

Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager

Key Found : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1

Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback

Key Found : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1

Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler

Key Found : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1

Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback

Key Found : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1

Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband

Key Found : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1

Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions

Key Found : HKLM\SOFTWARE\Classes\toolband.useroptions.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

Key Found : HKU\S-1-5-21-515967899-343818398-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Found : HKU\S-1-5-21-515967899-343818398-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Found : HKU\S-1-5-21-515967899-343818398-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKU\S-1-5-21-515967899-343818398-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=NT_ss&mntrId=4480342a000000000000001a4d751026

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Found : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]

Found : user_pref("browser.search.order.1", "Search the web (Babylon)");

Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsr[...]

Found : user_pref("extensions.BabylonToolbar.bbDpng", 21);

Found : user_pref("extensions.BabylonToolbar.cntry", "AU");

Found : user_pref("extensions.BabylonToolbar.hdrMd5", "990983112D6D63995654F3B851D350AC");

Found : user_pref("extensions.BabylonToolbar.lastActv", "21");

Found : user_pref("extensions.BabylonToolbar.lastDP", 21);

Found : user_pref("extensions.BabylonToolbar.lastVrsn", "1.4.23.10");

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=220512_53all");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "4480342a000000000000001a4d751026");

Found : user_pref("extensions.BabylonToolbar_i.id", "4480342a000000000000001a4d751026");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15487");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.newTab", true);

Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=22051[...]

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:23:36");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=KW_ss&mntrI[...]

Profile name : default-1347195038640 [Profil par défaut]

File : C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\mn5vxfd2.default-1347195038640\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9012 octets] - [12/10/2012 21:11:18]

########## EOF - C:\AdwCleaner[R1].txt - [9072 octets] ##########

Results of screen317's Security Check version 0.99.51

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Spybot - Search & Destroy

Secunia PSI (2.0.0.1003)

Malwarebytes Anti-Malware version 1.65.0.1400

CCleaner

EasyCleaner

Java 6 Update 20

Java 6 Update 35

Java 6 Update 6

Java 6 Update 7

Java version out of Date!

Adobe Flash Player 11.4.402.278

Adobe Reader 9 Adobe Reader out of Date!

Adobe Reader X (10.1.4)

Mozilla Firefox (for.)

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C::

````````````````````End of Log``````````````````````

I still have all the pre existing problems

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Open TFC.exe if you already have it. If not, please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

Java™ 6 Update 20

Java™ 6 Update 35

Java™ 6 Update 6

Java™ 6 Update 7

Adobe Reader 9

Restart your computer.

Get the latest version of Java.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number

Let me know what issues remain.

Link to post
Share on other sites

# AdwCleaner v2.004 - Logfile created 10/13/2012 at 16:53:02

# Updated 06/10/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Phil - XXX-A04PFSJJUER

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Phil\Desktop\Malbytes\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\searchplugins\Askcom.xml

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Documents and Settings\Phil\Application Data\Babylon

Folder Deleted : C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\WinampToolbarData

Folder Deleted : C:\Program Files\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink

Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem

Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband

Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions

Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=NT_ss&mntrId=4480342a000000000000001a4d751026 --> hxxp://www.google.com

-\\ Mozilla Firefox v13.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\prefs.js

C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\fu1ff9ub.default\user.js ... Deleted !

Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsr[...]

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 21);

Deleted : user_pref("extensions.BabylonToolbar.cntry", "AU");

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "990983112D6D63995654F3B851D350AC");

Deleted : user_pref("extensions.BabylonToolbar.lastActv", "21");

Deleted : user_pref("extensions.BabylonToolbar.lastDP", 21);

Deleted : user_pref("extensions.BabylonToolbar.lastVrsn", "1.4.23.10");

Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=220512_53all");

Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "4480342a000000000000001a4d751026");

Deleted : user_pref("extensions.BabylonToolbar_i.id", "4480342a000000000000001a4d751026");

Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15487");

Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);

Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=22051[...]

Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1720:23:36");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112555&tt=220512_53all&babsrc=KW_ss&mntrI[...]

Profile name : default-1347195038640 [Profil par défaut]

File : C:\Documents and Settings\Phil\Application Data\Mozilla\Firefox\Profiles\mn5vxfd2.default-1347195038640\prefs.js

[OK] File is clean.

-\\ Google Chrome v [unable to get version]

File : C:\Documents and Settings\Phil\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9141 octets] - [12/10/2012 21:11:18]

AdwCleaner[s1].txt - [8815 octets] - [13/10/2012 16:53:02]

########## EOF - C:\AdwCleaner[s1].txt - [8875 octets] ##########

Link to post
Share on other sites

I still have same problems,image notices,can't access Windows Image Viewer,Windows Search.

I did not have Adobe Reader 9 installed ,so uninstalled AR10,I can download AR10 but cannot install.

I shall be away from this computer till November 1

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.