Jump to content

Issue began with start menu but grew


Recommended Posts

Hello,

I'm new to this site and normally am able to fix my own problems but this one has me a little stumped. It began with the start menu / All Programs / and any program in there that I would click on would not run. Almost like it lost the target files location just all the sudden. So in order to load any program I wanted from the start menu route, I would instead have to go all the way through the My Computer icon / c: drive / program files / etc. Very annoying to say the least. The next day (today) I tried opening Microsoft Word 2007 and it would not come up. No matter how I tired it would not. So I figured well maybe I go ahead and go threw the motion of fixing. I did disk clean up / Malwarebytes / and then went to re-install AVG but got an error I've never had before. Windows Installer not working properly or installed correctly. So I took the following steps to replace and repair. I finally got it working. AVG detected nothing/ Malwarebytes found 2 pup.MyWebSearch one in Registry key and one in Registry Value but removed them. Other then that nothing else. Well now I can resume installing programs but I still have the issue with the start menu. Its like the CPU doesn't recognized the programs from the start menu but only threw my computer etc etc. Any Ideas on what I can do/options?

Thanks, Bryan

ps I apologize if this is the wrong forum to post.

My OS is XP PRO

Running off an Asus motherboard (in case any needs to know)

dds.txt

Link to post
Share on other sites

Hello bbenson831 and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Please post the content of Attach.txt

Link to post
Share on other sites

Thank you. Here is the Attach.txt you asked for. Aside from what I said I did above, I have done nothing else to fix the problem. I also forgot to mention that I was hacked into in Sept. this year, but I caught it quickly and dealt with that situation promptly. However, I'm not sure just HOW much damage was done (that I didn't see or find out) since I thought I repaired it.

Thanks, Bryan

attach.zip

Link to post
Share on other sites

Step 1

Please uninstall the following applications:

µTorrent

Babylon

myBabylon_English Toolbar

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Junkware Removal Tool log
  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 3.7.5 (12.02.2012:2)

OS: Microsoft Windows XP x86

Ran by Bryan on Sun 12/02/2012 at 19:06:15.18

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Search Page

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-1547161642-813497703-682003330-1003\software\microsoft\internet explorer\main\\Search Page

~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_classes_root\appid\babyloniepi.dll"

Successfully deleted: [Registry Key] "hkey_classes_root\babyloniepi.babyloniebho"

Successfully deleted: [Registry Key] "hkey_classes_root\babyloniepi.babyloniebho.1"

Successfully deleted: [Registry Key] "hkey_classes_root\babylonofficeaddin.officeaddin"

Successfully deleted: [Registry Key] "hkey_classes_root\babylonofficeaddin.officeaddin.1"

Successfully deleted: [Registry Key] "hkey_current_user\software\conduit"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\menuext\translate this web page with babylon"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\menuext\translate with babylon"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin"

Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\office\word\addins\babylonofficeaddin.officeaddin"

Successfully deleted: [Registry Key] "hkey_current_user\software\zugo"

Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\prod.cap"

Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"

Successfully deleted: [Registry Key] "hkey_local_machine\software\freeze.com"

Successfully deleted: [Registry Key] "hkey_local_machine\software\metastream"

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{6ac0bb10-c922-45e2-857d-2a368fe749e5}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9afb8248-617f-460d-9366-d71cdeda3179}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9cfaccb6-2f3f-4177-94ea-0d2b72d384c1}

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{9d425283-d487-4337-bab6-ab8354a81457}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\premium"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\speedypc software"

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"

Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Application Data\babylon"

Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Application Data\speedypc software"

Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Local Settings\Application Data\babylon"

Successfully deleted: [Folder] "C:\Documents and Settings\Bryan\Local Settings\Application Data\conduit"

Successfully deleted: [Folder] "C:\Program Files\babylon"

Successfully deleted: [Folder] "C:\Program Files\conduit"

Successfully deleted: [Folder] "C:\Program Files\search toolbar"

~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Bryan\Application Data\mozilla\firefox\profiles\qvub40zq.default\user.js

Successfully deleted the following from C:\Documents and Settings\Bryan\Application Data\mozilla\firefox\profiles\qvub40zq.default\prefs.js

user_pref("CT1460988.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");

user_pref("CT1460988.CT1667811.CommunityChanged", true);

user_pref("CT1460988.CT1668860.CommunityChanged", true);

user_pref("CT1460988.CT1668889.CommunityChanged", true);

user_pref("CT1460988.CT1669100.CommunityChanged", true);

user_pref("CT1460988.CT1669115.CommunityChanged", true);

user_pref("CT1460988.CT1670222.CommunityChanged", true);

user_pref("CT1460988.CT1670245.CommunityChanged", true);

user_pref("CT1460988.CT1729581.CommunityChanged", true);

user_pref("CT1460988.CT1729585.CommunityChanged", true);

user_pref("CT1460988.CT1729587.CommunityChanged", true);

user_pref("CT1460988.CT1729593.CommunityChanged", true);

user_pref("CT1460988.CT2164362.CommunityChanged", true);

user_pref("CT1460988.CTID", "CT1460988");

user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.CommunityChanged", true);

user_pref("CT1460988.CurrentServerDate", "24-5-2010");

user_pref("CT1460988.DialogsAlignMode", "LTR");

user_pref("CT1460988.DownloadReferralCookieData", "");

user_pref("CT1460988.EMailNotifierPollDate", "Mon May 24 2010 07:28:37 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.FeedPollDate128460898315556274", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.FeedPollDate128460899415556929", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.FeedPollDate128460899564463182", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.FeedPollDate128460899661963361", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.FeedPollDate128460899768994715", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.FeedPollDate128479826070094154", "Mon May 24 2010 07:28:36 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.FeedTTL128460898315556274", 5);

user_pref("CT1460988.FeedTTL128460899415556929", 20);

user_pref("CT1460988.FeedTTL128460899564463182", 30);

user_pref("CT1460988.FeedTTL128460899661963361", 15);

user_pref("CT1460988.FirstServerDate", "24-5-2010");

user_pref("CT1460988.FirstTime", true);

user_pref("CT1460988.FirstTimeFF3", true);

user_pref("CT1460988.FirstTimeSettingsDone", true);

user_pref("CT1460988.FixPageNotFoundErrors", true);

user_pref("CT1460988.GroupingLastCheckTime", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.GroupingLastErrorCode", "");

user_pref("CT1460988.GroupingLastResponse", true);

user_pref("CT1460988.GroupingLastServerUpdateTime", "129191100235900000");

user_pref("CT1460988.GroupingServerCheckInterval", 1440);

user_pref("CT1460988.GroupingServiceUrl", "http://grouping.services.conduit.com/");

user_pref("CT1460988.Initialize", true);

user_pref("CT1460988.InitializeCommonPrefs", true);

user_pref("CT1460988.InstallationAndCookieDataSentCount", 3);

user_pref("CT1460988.InstallationType", "UnknownIntegration");

user_pref("CT1460988.InstalledDate", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.IsGrouping", true);

user_pref("CT1460988.IsMulticommunity", false);

user_pref("CT1460988.IsOpenThankYouPage", false);

user_pref("CT1460988.IsOpenUninstallPage", true);

user_pref("CT1460988.LanguagePackLastCheckTime", "Sun May 23 2010 18:29:14 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440);

user_pref("CT1460988.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");

user_pref("CT1460988.LastLogin_2.6.0.15", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.LatestVersion", "2.1.0.18");

user_pref("CT1460988.Locale", "en-us");

user_pref("CT1460988.LoginCache", 4);

user_pref("CT1460988.MCDetectTooltipHeight", "83");

user_pref("CT1460988.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

user_pref("CT1460988.MCDetectTooltipWidth", "295");

user_pref("CT1460988.RadioIsPodcast", false);

user_pref("CT1460988.RadioMediaID", "6820481");

user_pref("CT1460988.RadioMediaType", "Media Player");

user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609886820481");

user_pref("CT1460988.RadioStationName", "100.7%20FM%20ICRT");

user_pref("CT1460988.RadioStationURL", "http://live.giga.net.tw/icrt16.asx");

user_pref("CT1460988.SHRINK_TOOLBAR", 1);

user_pref("CT1460988.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1460988&octid=EB_ORIGINAL_CTID&SearchSource=1");

user_pref("CT1460988.SearchFromAddressBarIsInit", true);

user_pref("CT1460988.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&q=");

user_pref("CT1460988.SearchInNewTabEnabled", true);

user_pref("CT1460988.SearchInNewTabIntervalMM", 1440);

user_pref("CT1460988.SearchInNewTabLastCheckTime", "Sun May 23 2010 18:29:13 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.SearchInNewTabServiceUrl", "http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");

user_pref("CT1460988.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");

user_pref("CT1460988.SettingsCheckIntervalMin", 120);

user_pref("CT1460988.SettingsLastCheckTime", "Sun May 23 2010 18:29:10 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.SettingsLastUpdate", "1274629223");

user_pref("CT1460988.ThirdPartyComponentsInterval", 504);

user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Sun May 23 2010 18:29:09 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1274629223");

user_pref("CT1460988.ToggleComponentState129160818675915142", true);

user_pref("CT1460988.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");

user_pref("CT1460988.UserID", "UN04442162848652453");

user_pref("CT1460988.ValidationData_Toolbar", 0);

user_pref("CT1460988.WeatherNetwork", "");

user_pref("CT1460988.WeatherPollDate", "Mon May 24 2010 07:28:36 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.WeatherUnit", "F");

user_pref("CT1460988.clientLogIsEnabled", false);

user_pref("CT1460988.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");

user_pref("CT1460988.ct1460988.DialogsAlignMode", "LTR");

user_pref("CT1460988.ct1460988.FeedLastCount128460900971181341", 214);

user_pref("CT1460988.ct1460988.FirstTimeSettingsDone", true);

user_pref("CT1460988.ct1460988.GroupingInvalidateCache", false);

user_pref("CT1460988.ct1460988.GroupingLastCheckTime", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.ct1460988.GroupingLastErrorCode", "");

user_pref("CT1460988.ct1460988.GroupingLastResponse", true);

user_pref("CT1460988.ct1460988.GroupingLastServerUpdateTime", "129191100235900000");

user_pref("CT1460988.ct1460988.InvalidateCache", false);

user_pref("CT1460988.ct1460988.LanguagePackLastCheckTime", "Sun May 23 2010 18:29:14 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.ct1460988.Locale", "en-us");

user_pref("CT1460988.ct1460988.RadioLastCheckTime", "Sun May 23 2010 18:29:13 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.ct1460988.RadioLastUpdateIPServer", "3");

user_pref("CT1460988.ct1460988.RadioLastUpdateServer", "128929877726170000");

user_pref("CT1460988.ct1460988.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=ct1460988&octid=EB_ORIGINAL_CTID&SearchSource=1");

user_pref("CT1460988.ct1460988.SearchInNewTabLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.ct1460988.SettingsCheckIntervalMin", 120);

user_pref("CT1460988.ct1460988.SettingsLastCheckTime", "Mon May 24 2010 07:28:35 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.ct1460988.SettingsLastUpdate", "1274629223");

user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastCheck", "Sun May 23 2010 18:29:12 GMT-0700 (Pacific Daylight Time)");

user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastUpdate", "1274629223");

user_pref("CT1460988.myStuffEnabled", true);

user_pref("CT1460988.myStuffPublihserMinWidth", 400);

user_pref("CT1460988.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");

user_pref("CT1460988.myStuffServiceIntervalMM", 1440);

user_pref("CT1460988.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");

user_pref("CT1460988.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");

user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");

user_pref("CommunityToolbar.ToolbarsList", "CT1460988");

user_pref("CommunityToolbar.ToolbarsList2", "CT1460988");

user_pref("browser.search.defaulturl", "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch");

user_pref("keyword.URL", "http://isearch.avg.com/search?cid={80C691CF-FBB2-4D39-B12C-128407AE7F2F}&mid=158b713191cc3387a186f260f0326c2d-f3d18060dcc114e43e472e645babadf050d7206d〈=en&ds=AVG&pr=fr&d=

user_pref("xpinstall.whitelist.add.36", "");user_pref("browser.startup.homepage", "http://apype.com");

user_pref("keyword.URL", "http://apype.com/results.php?q=");

user_pref("extensions.installCache", "[{\"addons\":{\"3z1Fb2o@skywebsearch.com\":{\"descriptor\":\"C:\\\\Program Files\\\\YuoTubeDownloader\\\\YuoTubeDownloader.xpi\",\"mtime\":1346643907}},\"name\":\

user_pref("extensions.enabledAddons", "3z1Fb2o@skywebsearch.com:3.0.0.0");

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 12/02/2012 at 19:10:08.93

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2

Run by Bryan at 19:21:59 on 2012-12-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3007.1740 [GMT -8:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ================

.

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Creative\Shared Files\CTAudSvc.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\CTHELPER.EXE

C:\WINDOWS\system32\CTsvcCDA.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Paradox Interactive\Europa Universalis III\eu3game.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

mSearchAssistant = hxxp://search.live.com/sphome.aspx

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [soundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [CTHelper] CTHELPER.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [Nikon Message Center 2] c:\program files\nikon\nikon message center 2\NkMC2.exe -s

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{3F6AF637-CE28-402F-999A-BD8CADB18CC6} : DHCPNameServer = 192.168.0.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll

Notify: AtiExtEvent - Ati2evxx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 mpa.one.microsoft.com

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-7-26 237408]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-8-24 301920]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-11-30 26984]

R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-2-24 24652]

R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-11-30 711112]

R2 WDDMService;WD SmartWare Drive Manager;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2009-10-14 98304]

R2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\western digital\wd smartware\front parlor\WDSmartWareBackgroundService.exe [2009-6-16 20480]

R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2010-1-20 37376]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]

R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2006-9-26 21920]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-8-13 5167736]

S3 cpuz132;cpuz132;\??\c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\bryan\locals~1\temp\cpuz132\cpuz132_x32.sys [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-27 79360]

S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]

S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]

S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

.

=============== File Associations ===============

.

FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-12-03 03:06:12 -------- d-----w- c:\windows\ERUNT

2012-12-03 03:06:07 -------- d-----w- C:\JRT

2012-12-01 02:10:09 -------- d-----w- c:\documents and settings\bryan\application data\AVG2012

2012-12-01 02:08:50 -------- d-----w- c:\documents and settings\bryan\local settings\application data\AVG Secure Search

2012-12-01 02:08:39 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search

2012-12-01 02:08:33 -------- d-----w- c:\documents and settings\bryan\application data\AVG Secure Search

2012-12-01 02:08:29 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-12-01 02:08:27 -------- d-----w- c:\program files\common files\AVG Secure Search

2012-12-01 02:08:23 -------- d-----w- c:\program files\AVG Secure Search

2012-12-01 01:47:44 -------- d-----w- c:\documents and settings\bryan\application data\DriverCure

2012-12-01 01:45:34 -------- d-----w- c:\documents and settings\bryan\application data\ElevatedDiagnostics

2012-12-01 01:45:17 -------- d-----w- c:\program files\Microsoft ATS

2012-12-01 01:37:47 -------- d-----w- c:\program files\My Drivers

2012-11-11 20:58:24 -------- d-----w- c:\documents and settings\bryan\local settings\application data\Sun

2012-11-11 20:57:49 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-11-11 20:57:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2012-11-11 20:57:25 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-11-11 20:57:25 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-09-30 03:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-22 15:54:09 106496 ----a-w- c:\windows\system32\ATL71.DLL

2012-09-04 10:28:52 65128 ----a-w- c:\windows\apppatch\MATSShim.DLL

.

============= FINISH: 19:22:25.67 ===============

Malwarebytes Anti-Malware 1.65.1.1000

www.malwarebytes.org

Database version: v2012.12.03.01

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 6.0.2900.5512

Bryan :: JIGGA [administrator]

12/2/2012 7:14:46 PM

mbam-log-2012-12-02 (19-14-46).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 219015

Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

  • 4 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.