Jump to content

Mystery Trojan?


Recommended Posts

Hi there!

About two weeks ago, I noticed my computer was running sluggishly, and the default page for my new tabs in Chrome changed. I can't get that to change back, no matter what setting or default search I use. So I ran my anti-virus and it came up with "Trojan.agent.h." I selected and deleted the two infected files, then did some digging and discovered that apparently agent.h is particularly nasty, and the deletion probably didn't work.

That's probably true, as the computer is still sluggish and the tabs in Chrome still won't change. But now, when I scan the computer, it comes up as all clean. I tried to defrag figuring that maybe it was a memory issue, but Diskeeper first gave me the MMC error at snap-in, and when I chose to run it anyway, it stalled.

I turned to a process that had previously helped me eradicate the trojan Generic, and I ran Kaspersky, RogueKiller, Super Antispyware, MWB and Hitman, but each and every one of them turns up a clean scan. I found this forum, so ran the DDS tool. Here are my files. Is it true that there's no infection?

It's probably worth mentioning two things: my office gets a subscription to Norton AV every year, but I think it's pretty useless as we're getting infections fairly regularly. Also, this computer had a trojan earlier this year that was diagnosed by me and treated by volunteers from United Way (did I mention that I work in a children's museum, so we don't have money for professional services?). I'm pretty sure, though, that the United Way guys aren't the greatest, because they just found directions online for cleaning it up, which I could have done.

Thanks in advance!

Gabrielle

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 7.0.6000.17128 BrowserJavaVersion: 10.9.2

Run by Christina at 9:51:36 on 2013-05-06

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1918 [GMT -4:00]

.

AV: Norton AntiVirus *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Windows System Suite *Enabled/Updated* {0C443ECF-9EF7-4BFB-B9AD-EA7B5C95F229}

FW: Windows System Suite *Enabled*

.

============== Running Processes ================

.

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe

C:\WINDOWS\system32\ICO.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\FSRremoS.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\Pelmiced.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\SearchProtect\bin\CltMngSvc.exe

C:\Program Files\DefaultTab\DefaultTabSearch.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe

C:\Program Files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Program Files\Windows Media Player\WMPNetwk.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\COMODO\COMODO System Utilities\CSUService.exe

C:\Program Files\COMODO\COMODO System Utilities\CSU_CLI.exe

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\system32\svchost.exe -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\svchost.exe -k imgsvc

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN14311633761221531&UM=2&UP=SPF6A2ED28-1E47-4842-AAF8-272FDEA798C9

mStart Page = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AyC0ByE0EyEyE0E0CzztCyEyDtN0D0Tzu0CtBtByBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=260519082

uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>

uURLSearchHooks: MixiDJ V37 Toolbar: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - c:\program files\mixidj_v37\prxtbMixi.dll

BHO: GetSavin 5.0: {18A4A31C-05E0-481B-8614-841A39B567D0} - c:\documents and settings\christina\local settings\application data\getsavin\ie\getsavin_1366984201.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - LocalServer32 - <no file>

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton antivirus\engine\16.8.3.6\IPSBHO.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: MixiDJ V37 Toolbar: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - c:\program files\mixidj_v37\prxtbMixi.dll

BHO: CPwmIEBrowserHelper Object: {F040E541-A427-4CF7-85D8-75E3E0F476C5} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: MixiDJ V37 Toolbar: {eef3855c-fc2d-41e6-8d91-d368f51b3055} - c:\program files\mixidj_v37\prxtbMixi.dll

uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [GoogleChromeAutoLaunch_EA61856AF5E90857F7C31C0FF9C49B15] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window

mRun: [Mouse Suite 98 Daemon] ICO.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe

mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [searchProtectAll] c:\program files\searchprotect\bin\cltmng.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - LocalServer32 - <no file>

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357827441523

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>

Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\christina\application data\mozilla\firefox\profiles\c0kjlqoh.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI=UN49754697815019863&UM=2&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - MixiDJ V37 Customized Web Search

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN49754697815019863&UM=2&UP=SPF6A2ED28-1E47-4842-AAF8-272FDEA798C9

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CUI=UN49754697815019863&UM=2&q=

FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\christina\application data\mozilla\firefox\profiles\c0kjlqoh.default\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AyC0ByE0EyEyE0E0CzztCyEyDtN0D0Tzu0CtBtByBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=260519082

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AyC0ByE0EyEyE0E0CzztCyEyDtN0D0Tzu0CtBtByBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=260519082

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AyC0ByE0EyEyE0E0CzztCyEyDtN0D0Tzu0CtBtByBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=260519082&q=

FF - user.js: extensions.funmoods.id - 001A6B4E44EC8145

FF - user.js: extensions.funmoods.instlDay - 15566

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2212:27:36

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - adknlg

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - adknlg

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: network.protocol-handler.warn-external.dnupdate - false

.

============= SERVICES / DRIVERS ===============

.

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1008030.006\SymEFA.sys [2011-10-11 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nav\1008030.006\BHDrvx86.sys [2011-10-11 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1008030.006\cchpx86.sys [2011-10-11 467592]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20130505.002\IDSXpx86.sys [2013-5-6 373728]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2013-1-9 101112]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]

R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-4-11 93984]

R2 CSUService;COMODO System Utilities Service;c:\program files\comodo\comodo system utilities\CSUService.exe [2012-2-24 261952]

R2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2013-2-11 572928]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\norton antivirus\engine\16.8.3.6\ccSvcHst.exe [2011-10-11 117648]

R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]

R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-8-15 106656]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20130505.008\naveng.sys [2013-5-5 93296]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20130505.008\navex15.sys [2013-5-5 1603824]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\avg\avg2012\avgidsagent.exe" --> c:\program files\avg\avg2012\avgidsagent.exe [?]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=c:\windows\system32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 [default=Install - 'Open' doesn't exist]

.

=============== Created Last 30 ================

.

2013-05-01 14:05:17 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2013-04-30 13:42:13 -------- d-----w- c:\windows\system32\URTTemp

2013-04-26 14:00:53 -------- d-----w- c:\program files\Conduit

2013-04-26 14:00:46 -------- d-----w- c:\documents and settings\christina\local settings\application data\MixiDJ_V37

2013-04-26 14:00:19 -------- d-----w- c:\program files\MixiDJ_V37

2013-04-26 14:00:19 -------- d-----w- c:\documents and settings\christina\local settings\application data\Conduit

2013-04-26 14:00:13 -------- d-----w- c:\documents and settings\christina\local settings\application data\temp

2013-04-26 13:59:19 -------- d-----w- c:\documents and settings\christina\local settings\application data\CRE

2013-04-26 13:58:35 -------- d-----w- C:\swsetup

2013-04-26 13:58:34 -------- d-----w- c:\program files\SearchProtect

2013-04-26 13:58:21 -------- d-----w- c:\documents and settings\christina\application data\SearchProtect

2013-04-26 13:57:24 -------- d-----w- c:\documents and settings\christina\application data\DefaultTab

2013-04-26 13:57:18 -------- d-----w- c:\program files\DefaultTab

2013-04-26 13:57:08 -------- d-----w- c:\documents and settings\christina\local settings\application data\getsavin

2013-04-15 13:21:22 -------- d---a-w- c:\documents and settings\all users\application data\HitmanPro

2013-04-12 17:03:26 -------- d-s---r- C:\cmdcons

2013-04-12 17:00:55 98816 ----a-w- c:\windows\sed.exe

2013-04-12 17:00:55 256000 ----a-w- c:\windows\PEV.exe

2013-04-12 17:00:55 208896 ----a-w- c:\windows\MBR.exe

.

==================== Find3M ====================

.

2013-05-05 04:00:13 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2013-04-04 18:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-13 01:37:32 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-13 01:37:32 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32:25 2149888 ------w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50:30 2028544 ------w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 01:25:02 1867264 ------w- c:\windows\system32\win32k.sys

2013-02-27 07:56:51 2067456 ------w- c:\windows\system32\mstscax.dll

2013-02-24 19:03:34 832512 ----a-w- c:\windows\system32\wininet.dll

2013-02-24 19:03:34 1830912 ------w- c:\windows\system32\inetcpl.cpl

2013-02-24 19:03:33 78336 ------w- c:\windows\system32\ieencode.dll

2013-02-24 19:03:33 17408 ------w- c:\windows\system32\corpol.dll

2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32:23 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

============= FINISH: 9:52:03.92 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 1/15/2009 2:10:51 PM

System Uptime: 5/6/2013 8:28:38 AM (1 hours ago)

.

Motherboard: LENOVO | | LENOVO

Processor: Intel® Core2 CPU 6400 @ 2.13GHz | LGA775/PSC/TJS | 2126/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 71 GiB total, 21.367 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}

Description: SoundMAX Integrated Digital HD Audio

Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1986&SUBSYS_17AA1011&REV_1005\4&2A83A73C&1&0201

Manufacturer: Analog Devices

Name: SoundMAX Integrated Digital HD Audio

PNP Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1986&SUBSYS_17AA1011&REV_1005\4&2A83A73C&1&0201

Service: ADIHdAudAddService

.

==== System Restore Points ===================

.

RP879: 2/12/2013 4:22:51 PM - System Checkpoint

RP880: 2/13/2013 12:30:05 PM - Software Distribution Service 3.0

RP881: 2/13/2013 12:53:06 PM - Software Distribution Service 3.0

RP882: 2/14/2013 3:00:15 AM - Software Distribution Service 3.0

RP883: 2/15/2013 3:00:15 AM - Software Distribution Service 3.0

RP884: 2/16/2013 3:00:15 AM - Software Distribution Service 3.0

RP885: 2/17/2013 3:00:15 AM - Software Distribution Service 3.0

RP886: 2/18/2013 3:00:15 AM - Software Distribution Service 3.0

RP887: 2/19/2013 3:00:15 AM - Software Distribution Service 3.0

RP888: 2/20/2013 3:00:16 AM - Software Distribution Service 3.0

RP889: 2/21/2013 3:00:15 AM - Software Distribution Service 3.0

RP890: 2/22/2013 3:00:15 AM - Software Distribution Service 3.0

RP891: 2/22/2013 3:12:18 PM - Software Distribution Service 3.0

RP892: 2/23/2013 3:00:15 AM - Software Distribution Service 3.0

RP893: 2/24/2013 3:00:15 AM - Software Distribution Service 3.0

RP894: 2/25/2013 3:00:16 AM - Software Distribution Service 3.0

RP895: 2/26/2013 3:00:16 AM - Software Distribution Service 3.0

RP896: 2/26/2013 11:27:12 AM - Software Distribution Service 3.0

RP897: 2/27/2013 3:00:16 AM - Software Distribution Service 3.0

RP898: 2/28/2013 3:00:16 AM - Software Distribution Service 3.0

RP899: 3/1/2013 3:00:14 AM - Software Distribution Service 3.0

RP900: 3/2/2013 3:00:15 AM - Software Distribution Service 3.0

RP901: 3/3/2013 3:00:16 AM - Software Distribution Service 3.0

RP902: 3/4/2013 3:00:14 AM - Software Distribution Service 3.0

RP903: 3/5/2013 3:00:15 AM - Software Distribution Service 3.0

RP904: 3/6/2013 3:00:16 AM - Software Distribution Service 3.0

RP905: 3/7/2013 3:00:14 AM - Software Distribution Service 3.0

RP906: 3/8/2013 3:00:14 AM - Software Distribution Service 3.0

RP907: 3/9/2013 3:00:15 AM - Software Distribution Service 3.0

RP908: 3/10/2013 4:00:14 AM - Software Distribution Service 3.0

RP909: 3/11/2013 3:00:15 AM - Software Distribution Service 3.0

RP910: 3/12/2013 3:00:16 AM - Software Distribution Service 3.0

RP911: 3/13/2013 3:00:24 AM - Software Distribution Service 3.0

RP912: 3/14/2013 3:00:15 AM - Software Distribution Service 3.0

RP913: 3/15/2013 3:00:15 AM - Software Distribution Service 3.0

RP914: 3/16/2013 3:00:16 AM - Software Distribution Service 3.0

RP915: 3/17/2013 3:00:15 AM - Software Distribution Service 3.0

RP916: 3/18/2013 3:00:14 AM - Software Distribution Service 3.0

RP917: 3/19/2013 3:00:15 AM - Software Distribution Service 3.0

RP918: 3/20/2013 3:00:16 AM - Software Distribution Service 3.0

RP919: 3/21/2013 3:00:18 AM - Software Distribution Service 3.0

RP920: 3/22/2013 3:00:16 AM - Software Distribution Service 3.0

RP921: 3/23/2013 3:00:14 AM - Software Distribution Service 3.0

RP922: 3/24/2013 3:00:14 AM - Software Distribution Service 3.0

RP923: 3/25/2013 3:00:14 AM - Software Distribution Service 3.0

RP924: 3/26/2013 3:00:16 AM - Software Distribution Service 3.0

RP925: 3/27/2013 3:00:28 AM - Software Distribution Service 3.0

RP926: 3/28/2013 3:38:00 AM - System Checkpoint

RP927: 3/29/2013 4:38:00 AM - System Checkpoint

RP928: 3/30/2013 5:38:00 AM - System Checkpoint

RP929: 3/31/2013 6:38:01 AM - System Checkpoint

RP930: 4/1/2013 7:38:01 AM - System Checkpoint

RP931: 4/2/2013 8:37:00 AM - System Checkpoint

RP932: 4/3/2013 9:41:28 AM - System Checkpoint

RP933: 4/4/2013 10:27:51 AM - System Checkpoint

RP934: 4/5/2013 10:53:22 AM - System Checkpoint

RP935: 4/5/2013 1:53:16 PM - Configured SoundMAX

RP936: 4/5/2013 1:53:24 PM - Removed SoundMAX

RP937: 4/6/2013 2:45:30 PM - System Checkpoint

RP938: 4/7/2013 2:57:35 PM - System Checkpoint

RP939: 4/8/2013 9:51:36 AM - Removed RecordNow Audio

RP940: 4/8/2013 10:02:05 AM - Removed RecordNow Copy

RP941: 4/8/2013 10:04:57 AM - Removed RecordNow Data

RP942: 4/8/2013 10:05:16 AM - Removed Sonic Update Manager

RP943: 4/8/2013 10:05:28 AM - Removed Sonic Express Labeler

RP944: 4/8/2013 10:05:36 AM - Removed Sonic DLA

RP945: 4/8/2013 10:05:50 AM - Removed Sonic Icons for Lenovo

RP946: 4/9/2013 11:00:47 AM - System Checkpoint

RP947: 4/10/2013 4:36:17 AM - Software Distribution Service 3.0

RP948: 4/11/2013 5:01:51 AM - System Checkpoint

RP949: 4/12/2013 12:45:37 PM - System Checkpoint

RP950: 4/12/2013 1:37:03 PM - Software Distribution Service 3.0

RP951: 4/13/2013 2:35:54 PM - System Checkpoint

RP952: 4/14/2013 2:38:14 PM - System Checkpoint

RP953: 4/15/2013 3:26:36 PM - System Checkpoint

RP954: 4/16/2013 4:20:44 PM - System Checkpoint

RP955: 4/17/2013 4:22:35 PM - System Checkpoint

RP956: 4/18/2013 4:57:40 PM - System Checkpoint

RP957: 4/19/2013 5:33:19 PM - System Checkpoint

RP958: 4/20/2013 5:47:28 PM - System Checkpoint

RP959: 4/21/2013 6:11:20 PM - System Checkpoint

RP960: 4/22/2013 6:44:20 PM - System Checkpoint

RP961: 4/23/2013 8:12:49 PM - System Checkpoint

RP962: 4/24/2013 8:42:51 PM - System Checkpoint

RP963: 4/25/2013 9:30:46 PM - System Checkpoint

RP964: 4/26/2013 10:09:48 PM - System Checkpoint

RP965: 4/29/2013 11:26:12 AM - System Checkpoint

RP966: 4/30/2013 11:30:47 AM - System Checkpoint

RP967: 5/1/2013 9:33:03 AM - Configured Microsoft Office Professional Plus 2007

RP968: 5/2/2013 2:06:53 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Bridge 1.0

Adobe Common File Installer

Adobe Creative Suite 2

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Help Center 1.0

Adobe Photoshop CS2

Adobe Reader XI (11.0.02)

Adobe Stock Photos 1.0

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

Broadcom TPM Driver Installer

BrowseToSave 1.74

Client Security Solution

COMODO System Utilities

ConvertHelper 2.2

DefaultTab

Diskeeper Lite

Dropbox

File Type Assistant

GetSavin

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Help Center

High Definition Audio Driver Package - KB888111

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

Imagistics im2830 Series Client

Intel® Graphics Media Accelerator Driver

InterActual Player

InterVideo WinDVD

J2SE Runtime Environment 5.0 Update 6

Java 7 Update 9

Java Auto Updater

Java 6 Update 30

Leawo PowerPoint to Video Pro version 2.4.0.62

LiveReg (Symantec Corporation)

LiveUpdate 3.1 (Symantec Corporation)

LiveUpdate Notice (Symantec Corporation)

Malwarebytes Anti-Malware version 1.75.0.1300

Message Center

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft VC9 runtime libraries

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ Run Time Lib Setup

MixiDJ V37 Toolbar

Mouse Suite

Mozilla Firefox 17.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Norton AntiVirus

PDFBinder

PDFCreator

Picasa 2

Productivity Center Supplement for ThinkCentre

Rescue and Recovery

Search Protect by conduit

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 7 (KB2183461)

Security Update for Windows Internet Explorer 7 (KB2360131)

Security Update for Windows Internet Explorer 7 (KB2416400)

Security Update for Windows Internet Explorer 7 (KB2482017)

Security Update for Windows Internet Explorer 7 (KB2497640)

Security Update for Windows Internet Explorer 7 (KB2530548)

Security Update for Windows Internet Explorer 7 (KB2544521)

Security Update for Windows Internet Explorer 7 (KB2559049)

Security Update for Windows Internet Explorer 7 (KB2586448)

Security Update for Windows Internet Explorer 7 (KB2618444)

Security Update for Windows Internet Explorer 7 (KB2647516)

Security Update for Windows Internet Explorer 7 (KB2675157)

Security Update for Windows Internet Explorer 7 (KB2699988)

Security Update for Windows Internet Explorer 7 (KB2722913)

Security Update for Windows Internet Explorer 7 (KB2744842)

Security Update for Windows Internet Explorer 7 (KB2761465)

Security Update for Windows Internet Explorer 7 (KB2792100)

Security Update for Windows Internet Explorer 7 (KB2797052)

Security Update for Windows Internet Explorer 7 (KB2799329)

Security Update for Windows Internet Explorer 7 (KB2809289)

Security Update for Windows Internet Explorer 7 (KB2817183)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB938127-v2)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Internet Explorer 7 (KB972260)

Security Update for Windows Internet Explorer 7 (KB974455)

Security Update for Windows Internet Explorer 7 (KB976325)

Security Update for Windows Internet Explorer 7 (KB978207)

Security Update for Windows Internet Explorer 7 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Suite Specific

SUPERAntiSpyware

System Migration Assistant

System Update

ThinkVantage Away Manager

ThinkVantage Productivity Center

ThinkVantage System Update Toolbar Button for IE

ThinkVantage Technologies Welcome Message

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Windows Internet Explorer 7 (KB976749)

Update for Windows Internet Explorer 7 (KB980182)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VLC media player 1.0.1

Wallpapers

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Internet Explorer 7

Windows Media Connect

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

XP Themes

.

==== Event Viewer Messages From Past Week ========

.

5/3/2013 12:37:37 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC000009A' while processing the file 'Current Tabs' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.

5/2/2013 1:41:08 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Installer service to connect.

5/2/2013 1:41:08 PM, error: Service Control Manager [7000] - The Windows Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/2/2013 1:41:08 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

5/2/2013 1:40:44 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the System Update service to connect.

5/2/2013 1:40:44 PM, error: Service Control Manager [7003] - The AVGIDSAgent service depends on the following nonexistent service: AVGIDSDriver

5/2/2013 1:40:44 PM, error: Service Control Manager [7000] - The System Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/1/2013 9:34:13 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.

5/1/2013 9:34:13 AM, error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/1/2013 9:34:07 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

4/30/2013 9:40:39 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.

4/30/2013 9:40:39 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/29/2013 9:02:41 AM, error: Service Control Manager [7031] - The Google Software Updater service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 900000 milliseconds: Restart the service.

4/29/2013 8:51:58 AM, error: Srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear" and please Don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Christina [Admin rights]

Mode : Scan -- Date : 05/08/2013 08:44:39

| ARK || FAK || MBR |

¤¤¤ Bad processes : 3 ¤¤¤

[sUSP PATH] cltmng.exe -- C:\Documents and Settings\Christina\Application Data\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]

[sUSP PATH] NUA.exe -- C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe [7] -> ERROR [0x6]

[RESIDUE] NUA.exe -- C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe [7] -> KILLED [DrvNtTerm]

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Documents and Settings\Christina\Application Data\SearchProtect\bin\cltmng.exe) [7] -> FOUND

[RUN][sUSP PATH] HKCU\[...]\Run : NortonUpdateAgent (C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe) [7] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3208745618-2581826673-2983334429-1005[...]\Run : SearchProtect (C:\Documents and Settings\Christina\Application Data\SearchProtect\bin\cltmng.exe) [7] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-3208745618-2581826673-2983334429-1005[...]\Run : NortonUpdateAgent (C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe) [7] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A85BD48)

SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A9049E0)

SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x8A395B58)

SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x8A56B920)

SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A5F81E8)

SSDT[43] : NtCreateMutant @ 0x806177F2 -> HOOKED (Unknown @ 0x8A28ED00)

SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x8A940F08)

SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A420008)

SSDT[57] : NtDebugActiveProcess @ 0x80643C82 -> HOOKED (Unknown @ 0x8A67B560)

SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A84CEF8)

SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A8E3F40)

SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9332 -> HOOKED (Unknown @ 0x8A5D55E8)

SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A910AB8)

SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A2EF180)

SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A8E3DA0)

SSDT[114] : NtOpenEvent @ 0x8060F1B0 -> HOOKED (Unknown @ 0x8A3DC050)

SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A65DF40)

SSDT[123] : NtOpenProcessToken @ 0x805EE000 -> HOOKED (Unknown @ 0x8A3B2148)

SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x8A7BD2B8)

SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x8A65DD70)

SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x8A6172D0)

SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A39F2A0)

SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A2EC290)

SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A7C2840)

SSDT[240] : NtSetSystemInformation @ 0x8060FE68 -> HOOKED (Unknown @ 0x8A809568)

SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x8A81FA28)

SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A915820)

SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A3B1460)

SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A4580B8)

SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A3C60B8)

SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A65F698)

S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A4AA3B8)

S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A842CD0)

S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A67C920)

S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A7C5CD0)

S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x8A99CC80)

S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A99A8D8)

S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A922C48)

S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A3FD830)

S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8A5EE3C8)

S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8A242768)

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDS721680PLA380 +++++

--- User ---

[MBR] b7f5384f82ed42b06209df670ca13fe2

[bSP] 362b9a19afd078b14a1532a6c194eb70 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 72253 Mo

1 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 147974715 | Size: 4063 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[6]_S_05082013_02d0844.txt >>

RKreport[2]_D_04132013_02d1254.txt ; RKreport[3]_S_05062013_02d0932.txt ; RKreport[4]_D_05062013_02d0936.txt ; RKreport[5]_SC_05062013_02d0940.txt ; RKreport[6]_S_05082013_02d0844.txt

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  1. Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites

# AdwCleaner v2.300 - Logfile created 05/09/2013 at 07:41:47

# Updated 28/04/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Christina - LENOVO-EDDEE1E3

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Christina\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : CltMngSvc

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\searchplugins\Conduit.xml

File Found : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\searchplugins\web-search.xml

File Found : C:\Documents and Settings\Christina\Local Settings\Application Data\funmoods-speeddial.crx

File Found : C:\END

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Found : C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\CT3298573

Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate

Folder Found : C:\Documents and Settings\All Users\Application Data\SoftSafe

Folder Found : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}

Folder Found : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\extensions\staged

Folder Found : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\jetpack

Folder Found : C:\Documents and Settings\Christina\Application Data\SearchProtect

Folder Found : C:\Documents and Settings\Christina\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\Christina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Folder Found : C:\Documents and Settings\Christina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\SearchProtect

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\SProtector

Key Found : HKCU\Software\ConduitSearchScopes

Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Key Found : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\SearchProtect

Key Found : HKCU\Software\SmartBar

Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3298573

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Found : HKLM\Software\SearchProtect

Key Found : HKLM\Software\SP Global

Key Found : HKLM\Software\SProtector

Key Found : HKU\S-1-5-21-3208745618-2581826673-2983334429-1005\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Found : HKU\S-1-5-21-3208745618-2581826673-2983334429-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-3208745618-2581826673-2983334429-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

***** [internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17128

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN14311633761221531&UM=2&UP=SPF6A2ED28-1E47-4842-AAF8-272FDEA798C9

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AyC0ByE0EyEyE0E0CzztCyEyDtN0D0Tzu0CtBtByBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=260519082

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AyC0ByE0EyEyE0E0CzztCyEyDtN0D0Tzu0CtBtByBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=260519082

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\prefs.js

Found : user_pref("CT3298573.FF19Solved", "true");

Found : user_pref("CT3298573.UserID", "UN49754697815019863");

Found : user_pref("CT3298573.addressUrlXPETakeover", "true");

Found : user_pref("CT3298573.autoDisableScopes", 0);

Found : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");

Found : user_pref("CT3298573.defaultSearchXPETakeover", "true");

Found : user_pref("CT3298573.installDate", "26/4/2013 9:58:19");

Found : user_pref("CT3298573.installSessionId", "{465694FE-0212-46BE-91C7-9A974F49C967}");

Found : user_pref("CT3298573.installSp", "TRUE");

Found : user_pref("CT3298573.installerVersion", "1.4.1.3");

Found : user_pref("CT3298573.keyword", "true");

Found : user_pref("CT3298573.searchRevert", "false");

Found : user_pref("CT3298573.searchUserMode", "2");

Found : user_pref("CT3298573.smartbar.homepage", "true");

Found : user_pref("CT3298573.startPageXPETakeover", "true");

Found : user_pref("CT3298573.versionFromInstaller", "10.15.2.23");

Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.shopathome.com?user_id={15b48dc[...]

Found : user_pref("backup.old.browser.search.defaultenginename", "AVG Secure Search");

Found : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI[...]

Found : user_pref("browser.search.selectedEngine", "MixiDJ V37 Customized Web Search");

Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&Sea[...]

Found : user_pref("extensions.funmoods.aflt", "adknlg");

Found : user_pref("extensions.funmoods.autoRvrt", false);

Found : user_pref("extensions.funmoods.cntry", "");

Found : user_pref("extensions.funmoods.cv", "cv5");

Found : user_pref("extensions.funmoods.dfltLng", "");

Found : user_pref("extensions.funmoods.dfltSrch", true);

Found : user_pref("extensions.funmoods.dnsErr", true);

Found : user_pref("extensions.funmoods.envrmnt", "production");

Found : user_pref("extensions.funmoods.excTlbr", false);

Found : user_pref("extensions.funmoods.hdrMd5", "BDCBA9FAF7E4A0BB03AE289C6A14D67D");

Found : user_pref("extensions.funmoods.hmpg", true);

Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]

Found : user_pref("extensions.funmoods.id", "001A6B4E44EC8145");

Found : user_pref("extensions.funmoods.instlDay", "15566");

Found : user_pref("extensions.funmoods.instlRef", "adknlg");

Found : user_pref("extensions.funmoods.isdcmntcmplt", true);

Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2212:27:36");

Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Found : user_pref("extensions.funmoods.newTab", true);

Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]

Found : user_pref("extensions.funmoods.prdct", "funmoods");

Found : user_pref("extensions.funmoods.prtnrId", "funmoods");

Found : user_pref("extensions.funmoods.sg", "none");

Found : user_pref("extensions.funmoods.smplGrp", "none");

Found : user_pref("extensions.funmoods.srchPrvdr", "Search");

Found : user_pref("extensions.funmoods.tlbrId", "base");

Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]

Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2212:27:36");

Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Found : user_pref("extensions.funmoods_i.newTab", true);

Found : user_pref("extensions.funmoods_i.smplGrp", "none");

Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:27:36");

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CU[...]

Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN497546978[...]

Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Found : user_pref("smartbar.originalHomepage", "www.google.com");

Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://websearch.shopathome.com?user_id={15b48dc0-64[...]

Found : user_pref("smartbar.originalSearchEngine", "Google");

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Christina\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11029 octets] - [09/05/2013 07:41:47]

########## EOF - C:\AdwCleaner[R1].txt - [11090 octets] ##########

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK if asked.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here is the log. After restart, I got the following Google Chrome error message: Your preferences cannot be read. Some features may be unavailable and changes to preferences won't be saved.

# AdwCleaner v2.300 - Logfile created 05/09/2013 at 08:17:48

# Updated 28/04/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Christina - LENOVO-EDDEE1E3

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Christina\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Christina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Deleted on reboot : C:\Documents and Settings\Christina\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

File Deleted : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\searchplugins\Conduit.xml

File Deleted : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\searchplugins\web-search.xml

File Deleted : C:\Documents and Settings\Christina\Local Settings\Application Data\funmoods-speeddial.crx

File Deleted : C:\END

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

Folder Deleted : C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\CT3298573

Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate

Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftSafe

Folder Deleted : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\extensions\{eef3855c-fc2d-41e6-8d91-d368f51b3055}

Folder Deleted : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\extensions\staged

Folder Deleted : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\jetpack

Folder Deleted : C:\Documents and Settings\Christina\Application Data\SearchProtect

Folder Deleted : C:\Documents and Settings\Christina\Local Settings\Application Data\Conduit

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKCU\Software\SearchProtect

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3298573

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mfchmfgdaabgdjbcaophikcobddojjoe

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect

Key Deleted : HKLM\Software\SearchProtect

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]

***** [internet Browsers] *****

-\\ Internet Explorer v7.0.6000.17128

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&SearchSource=61&CUI=UN14311633761221531&UM=2&UP=SPF6A2ED28-1E47-4842-AAF8-272FDEA798C9 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AyC0ByE0EyEyE0E0CzztCyEyDtN0D0Tzu0CtBtByBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=260519082 --> hxxp://www.google.com

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0AyC0ByE0EyEyE0E0CzztCyEyDtN0D0Tzu0CtBtByBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=260519082 --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\prefs.js

C:\Documents and Settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\user.js ... Deleted !

Deleted : user_pref("CT3298573.FF19Solved", "true");

Deleted : user_pref("CT3298573.UserID", "UN49754697815019863");

Deleted : user_pref("CT3298573.addressUrlXPETakeover", "true");

Deleted : user_pref("CT3298573.autoDisableScopes", 0);

Deleted : user_pref("CT3298573.browser.search.defaultthis.engineName", "true");

Deleted : user_pref("CT3298573.defaultSearchXPETakeover", "true");

Deleted : user_pref("CT3298573.installDate", "26/4/2013 9:58:19");

Deleted : user_pref("CT3298573.installSessionId", "{465694FE-0212-46BE-91C7-9A974F49C967}");

Deleted : user_pref("CT3298573.installSp", "TRUE");

Deleted : user_pref("CT3298573.installerVersion", "1.4.1.3");

Deleted : user_pref("CT3298573.keyword", "true");

Deleted : user_pref("CT3298573.searchRevert", "false");

Deleted : user_pref("CT3298573.searchUserMode", "2");

Deleted : user_pref("CT3298573.smartbar.homepage", "true");

Deleted : user_pref("CT3298573.startPageXPETakeover", "true");

Deleted : user_pref("CT3298573.versionFromInstaller", "10.15.2.23");

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.shopathome.com?user_id={15b48dc[...]

Deleted : user_pref("backup.old.browser.search.defaultenginename", "AVG Secure Search");

Deleted : user_pref("browser.search.defaultthis.engineName", "MixiDJ V37 Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&CUI[...]

Deleted : user_pref("browser.search.selectedEngine", "MixiDJ V37 Customized Web Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3298573&octid=CT3298573&Sea[...]

Deleted : user_pref("extensions.funmoods.aflt", "adknlg");

Deleted : user_pref("extensions.funmoods.autoRvrt", false);

Deleted : user_pref("extensions.funmoods.cntry", "");

Deleted : user_pref("extensions.funmoods.cv", "cv5");

Deleted : user_pref("extensions.funmoods.dfltLng", "");

Deleted : user_pref("extensions.funmoods.dfltSrch", true);

Deleted : user_pref("extensions.funmoods.dnsErr", true);

Deleted : user_pref("extensions.funmoods.envrmnt", "production");

Deleted : user_pref("extensions.funmoods.excTlbr", false);

Deleted : user_pref("extensions.funmoods.hdrMd5", "BDCBA9FAF7E4A0BB03AE289C6A14D67D");

Deleted : user_pref("extensions.funmoods.hmpg", true);

Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=adknlg&chnl=adknlg&cd=2Xz[...]

Deleted : user_pref("extensions.funmoods.id", "001A6B4E44EC8145");

Deleted : user_pref("extensions.funmoods.instlDay", "15566");

Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");

Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);

Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2212:27:36");

Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Deleted : user_pref("extensions.funmoods.newTab", true);

Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=adknlg&chnl=adknlg&cd=2[...]

Deleted : user_pref("extensions.funmoods.prdct", "funmoods");

Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");

Deleted : user_pref("extensions.funmoods.sg", "none");

Deleted : user_pref("extensions.funmoods.smplGrp", "none");

Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");

Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=adknlg&chnl=adknlg&cd[...]

Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");

Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2212:27:36");

Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");

Deleted : user_pref("extensions.funmoods_i.newTab", true);

Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");

Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:27:36");

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3298573&SearchSource=2&CU[...]

Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298573&CUI=UN497546978[...]

Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]

Deleted : user_pref("smartbar.originalHomepage", "www.google.com");

Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://websearch.shopathome.com?user_id={15b48dc0-64[...]

Deleted : user_pref("smartbar.originalSearchEngine", "Google");

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\Christina\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [11160 octets] - [09/05/2013 07:41:47]

AdwCleaner[R2].txt - [11221 octets] - [09/05/2013 08:17:39]

AdwCleaner[s1].txt - [10993 octets] - [09/05/2013 08:17:48]

########## EOF - C:\AdwCleaner[s1].txt - [11054 octets] ##########

Link to post
Share on other sites

For the Chrome issue:

This problem automatically goes away if you have been using the "Sync" feature under 'Personal Stuff" in Chrome Options. If you've got Chrome running on another computer (like, your work computer, for example) and something happens to your other copy elsewhere, you will notice that if the Preferences file becomes corrupted, Chrome will say you're not using Sync. Simply enable Sync again and all your preferences (Theme, Extensions, Bookmark Bar, Bookmarks, etc.) will be re-enabled on the Chrome instance you were having problems with.

For best results, log in to the computer where your Google Chrome instance is running fine first, and then go back to the instance where it is not and enable Sync.

MrC

Link to post
Share on other sites

When I tried to boot in safe mode, it made that awful, continuous beeping noise, which I'm pretty sure is a bad sign. Unfortunately, because of the noise, I won't be able to boot in safe mode and run ComboFix until tomorrow morning, when no one else is in the office--our office is VERY small, and the noise is too bothersome to others.

The computer still seems to be running sluggishly, and I forgot to mention earlier that the speaker driver is uninstalled and I can't seem to reinstall it, so there's that. Is there a chance that my jump drive could be carrying something? I'm working on a different machine, and would appreciate any information you could provide as to how to diagnose the USB drive, while I'm waiting for tomorrow morning to come....

Thanks for everything you do!

Link to post
Share on other sites

ComboFix 13-05-09.01 - Christina 05/09/2013 9:57.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.1954 [GMT -4:00]

Running from: c:\documents and settings\Christina\Desktop\ComboFix.exe

AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

AV: Windows System Suite *Enabled/Updated* {0C443ECF-9EF7-4BFB-B9AD-EA7B5C95F229}

FW: Windows System Suite *Enabled* {B305074A-8503-4CF4-9110-E5A68A5858D1}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 )))))))))))))))))))))))))))))))

.

.

2013-05-09 12:35 . 2013-05-09 12:35 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe

2013-05-08 12:22 . 2013-05-08 12:22 -------- d-----w- c:\windows\CRX_75DAF8CB7768

2013-05-01 14:05 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2013-04-27 13:41 . 2013-04-27 13:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\MixiDJ_V37

2013-04-26 14:00 . 2013-04-26 14:00 -------- d-----w- c:\documents and settings\Christina\Local Settings\Application Data\temp

2013-04-26 13:59 . 2013-04-26 13:59 -------- d-----w- c:\documents and settings\Christina\Local Settings\Application Data\CRE

2013-04-26 13:58 . 2013-04-26 13:58 -------- d-----w- C:\swsetup

2013-04-15 13:21 . 2013-04-15 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-09 12:35 . 2006-11-16 23:14 17536 ----a-w- c:\windows\system32\drivers\psadd.sys

2013-05-05 04:00 . 2007-10-24 21:59 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2013-04-04 18:50 . 2012-12-21 19:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-13 01:37 . 2012-06-22 12:59 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 01:37 . 2011-10-21 13:25 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-08 08:36 . 2006-04-30 06:55 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32 . 2006-04-30 06:55 2149888 ------w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-03 22:59 2028544 ------w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 01:25 . 2006-04-30 06:55 1867264 ------w- c:\windows\system32\win32k.sys

2013-02-27 07:56 . 2006-04-30 07:09 2067456 ------w- c:\windows\system32\mstscax.dll

2013-02-24 19:03 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll

2013-02-24 19:03 . 2006-04-30 06:55 1830912 ------w- c:\windows\system32\inetcpl.cpl

2013-02-24 19:03 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll

2013-02-24 19:03 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll

2013-02-12 00:32 . 2013-01-07 16:29 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2012-12-06 16:43 . 2012-12-06 16:43 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

.

[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll

[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll

[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe

[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

.

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

.

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

.

[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll

[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

.

[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll

[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll

[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll

[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll

[-] 2009-02-09 . 2F868BFFBF50524653D7FE0D99AFB064 . 715264 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntdll.dll

[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"GoogleChromeAutoLaunch_EA61856AF5E90857F7C31C0FF9C49B15"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]

"NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2013-03-29 2620752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-06-18 69632]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-06-18 17:06 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Christina^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Christina\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2013-04-10 19:22 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Christina\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\File Type Assistant\\tsassist.exe"=

.

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008030.006\SymEFA.sys [10/11/2011 9:38 AM 310320]

R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008030.006\BHDrvx86.sys [10/11/2011 9:38 AM 259632]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008030.006\cchpx86.sys [10/11/2011 9:38 AM 467592]

R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130508.001\IDSXpx86.sys [5/8/2013 7:21 PM 373728]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/9/2013 12:33 PM 101112]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]

R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe [10/11/2011 9:38 AM 117648]

R2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 7:05 PM 58368]

R2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/15/2012 1:34 PM 106656]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2012\avgidsagent.exe" --> c:\program files\AVG\AVG2012\avgidsagent.exe [?]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 14:06 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 01:37]

.

2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdf31e730d60fc.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-20 13:56]

.

2013-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-20 13:56]

.

2013-05-09 c:\windows\Tasks\ProgramUpdateCheck.job

- c:\program files\File Type Assistant\tsassist.exe [2012-11-26 20:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\

FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

.

- - - - ORPHANS REMOVED - - - -

.

MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe

AddRemove-{74C9548A-6AB9-9CAA-E665-11B9A6FC1AFF} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~2\{B4D38~1\Setup.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-09 10:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3208745618-2581826673-2983334429-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1268)

c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

Completion time: 2013-05-09 10:06:39

ComboFix-quarantined-files.txt 2013-05-09 14:06

ComboFix2.txt 2013-04-12 17:14

.

Pre-Run: 23,846,748,160 bytes free

Post-Run: 23,972,556,800 bytes free

.

- - End Of File - - 622A769F9DDB152A3F22004B42047ECA

Link to post
Share on other sites

We'll get rid of Windows System Suite:

Using ComboFix......

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

4. If ComboFix wants to update.....please allow it to.

SecCenter::

AV: Windows System Suite *Enabled/Updated* {0C443ECF-9EF7-4BFB-B9AD-EA7B5C95F229}

FW: Windows System Suite *Enabled* {B305074A-8503-4CF4-9110-E5A68A5858D1}

ClearJavaCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScript.gif

Refering to the picture above, drag CFScript into ComboFix.exe

CAUTION: Do not mouse-click ComboFix while it is running. It may cause it to stall.

After reboot, (in case it asks to reboot)......

Please provide the contents of the ComboFix log (C:\ComboFix.txt) in your next reply.

MrC

Link to post
Share on other sites

Alrighty, good morning, MrC!

I booted in Safe Mode this morning, and of course, it didn't give me any sort of loud annoying beep or anything, because, you know, computers like to be contradictory.

An alert window popped up at the log-in screen saying "One of the files containing the systems registry data had to be recovered by use of a log or alternate copy. The recovery was successful." I hit ok.

I started ComboFix by dragging the CFScript (which, just as an aside, was way harder than it should have been because just finding Notepad on the machine was nuts) onto the CF icon. It started up, then gave me the two error messages stating Windows System Suite was an active real time scanner and that I proceed at my own risk. Clicked ok, yes, I get it, if the computer blows up, it's all my fault, and CF is now running, completed through Stage 2 as of this post.

No box popped up asking to update CF.

Will post log after reboot.

Link to post
Share on other sites

Figured I'd just do it to speed things up, but nice to see I didn't mess anything up! =)

The computer is still running very slowly, especially right after log-in. The programs load slowly, and sometimes the window skins seem to stall or flicker--the top bar changes to classic XP and says the program is Not Responding for about a second, then it goes back to normal. Chrome has my history and bookmarks, but not my home page--on the plus side, it doesn't have the weird other page anymore! Here's the CF log:

ComboFix 13-05-09.01 - Christina 05/10/2013 8:08.3.2 - x86 MINIMAL

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2550.2080 [GMT -4:00]

Running from: c:\documents and settings\Christina\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Christina\Desktop\CFScript.txt

AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

.

.

((((((((((((((((((((((((( Files Created from 2013-04-10 to 2013-05-10 )))))))))))))))))))))))))))))))

.

.

2013-05-09 12:35 . 2013-05-09 12:35 23552 ----a-w- c:\windows\system32\drivers\psasrv.exe

2013-05-08 12:22 . 2013-05-08 12:22 -------- d-----w- c:\windows\CRX_75DAF8CB7768

2013-05-01 14:05 . 2012-07-27 02:02 257928 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2013-04-27 13:41 . 2013-04-27 13:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\MixiDJ_V37

2013-04-26 14:00 . 2013-04-26 14:00 -------- d-----w- c:\documents and settings\Christina\Local Settings\Application Data\temp

2013-04-26 13:59 . 2013-04-26 13:59 -------- d-----w- c:\documents and settings\Christina\Local Settings\Application Data\CRE

2013-04-26 13:58 . 2013-04-26 13:58 -------- d-----w- C:\swsetup

2013-04-15 13:21 . 2013-04-15 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-09 12:35 . 2006-11-16 23:14 17536 ----a-w- c:\windows\system32\drivers\psadd.sys

2013-05-05 04:00 . 2007-10-24 21:59 5427 ----a-w- c:\windows\system32\EGATHDRV.SYS

2013-04-04 18:50 . 2012-12-21 19:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-13 01:37 . 2012-06-22 12:59 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-03-13 01:37 . 2011-10-21 13:25 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-03-08 08:36 . 2006-04-30 06:55 293376 ----a-w- c:\windows\system32\winsrv.dll

2013-03-07 01:32 . 2006-04-30 06:55 2149888 ------w- c:\windows\system32\ntoskrnl.exe

2013-03-07 00:50 . 2004-08-03 22:59 2028544 ------w- c:\windows\system32\ntkrnlpa.exe

2013-03-02 01:25 . 2006-04-30 06:55 1867264 ------w- c:\windows\system32\win32k.sys

2013-02-27 07:56 . 2006-04-30 07:09 2067456 ------w- c:\windows\system32\mstscax.dll

2013-02-24 19:03 . 2006-04-30 06:56 832512 ----a-w- c:\windows\system32\wininet.dll

2013-02-24 19:03 . 2006-04-30 06:55 1830912 ------w- c:\windows\system32\inetcpl.cpl

2013-02-24 19:03 . 2006-04-30 06:55 78336 ------w- c:\windows\system32\ieencode.dll

2013-02-24 19:03 . 2006-04-30 06:55 17408 ------w- c:\windows\system32\corpol.dll

2013-02-12 00:32 . 2013-01-07 16:29 12928 ----a-w- c:\windows\system32\drivers\usb8023x.sys

2013-02-12 00:32 . 2008-04-13 18:56 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys

2012-12-06 16:43 . 2012-12-06 16:43 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys

.

[-] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll

[-] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219\SP3QFE\browser.dll

[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219$\browser.dll

[7] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll

[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe

[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe

[7] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB956572_0$\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

.

[-] 2008-07-07 20:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-07-07 20:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll

[7] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll

[-] 2005-07-26 04:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

.

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll

[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll

[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll

[-] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll

[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll

[7] 2004-08-04 . 4E74AF063C3271FBEA20DD940CFD1184 . 245248 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB951748_0$\mswsock.dll

.

[-] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll

[-] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll

[-] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll

[-] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll

[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll

[-] 2005-07-26 . A2F755E237FA2CDD748A80BFBE6657F3 . 1285632 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\ole32.dll

.

[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll

[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll

[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll

[7] 2004-08-04 . 2EB58F9DCD6AB320B46744A4EA48B2D2 . 406528 . . [1.0420.2600.2180] . . c:\windows\$NtServicePackUninstall$\usp10.dll

.

[-] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll

[-] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll

[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll

[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll

.

[-] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll

[-] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll

[-] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll

[-] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll

[-] 2009-02-09 . 2F868BFFBF50524653D7FE0D99AFB064 . 715264 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntdll.dll

[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll

.

[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll

[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll

[7] 2008-04-14 00:11 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll

[-] 2004-08-04 12:00 . DDF8D47ACF8FC3FE5F7F2B95C4D4D136 . 924432 . . [4.1.6140] . . c:\windows\$NtServicePackUninstall$\mfc40u.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

"GoogleChromeAutoLaunch_EA61856AF5E90857F7C31C0FF9C49B15"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-04-09 1312720]

"NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2013-03-29 2620752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Mouse Suite 98 Daemon"="ICO.EXE" [2005-04-13 49152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"AMSG"="c:\program files\ThinkVantage\AMSG\Amsg.exe" [2005-11-14 487424]

"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2006-07-04 110592]

"AwaySch"="c:\program files\Lenovo\AwayTask\AwaySch.EXE" [2006-06-18 69632]

"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-07-15 503808]

"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-05-18 196696]

"PDService.exe"="c:\program files\Lenovo\SafeGuard PrivateDisk\pdservice.exe" [2006-03-13 41472]

"cssauth"="c:\program files\Lenovo\Client Security Solution\cssauth.exe" [2006-07-15 2341632]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AwayNotify]

2006-06-18 17:06 49152 ------w- c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Christina^Start Menu^Programs^Startup^Dropbox.lnk]

path=c:\documents and settings\Christina\Start Menu\Programs\Startup\Dropbox.lnk

backup=c:\windows\pss\Dropbox.lnkStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 13:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]

2013-04-10 19:22 4763008 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Documents and Settings\\Christina\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

"c:\\Program Files\\File Type Assistant\\tsassist.exe"=

.

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1008030.006\SymEFA.sys [10/11/2011 9:38 AM 310320]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [1/9/2013 12:33 PM 101112]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [7/11/2012 2:54 PM 116608]

S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1008030.006\BHDrvx86.sys [10/11/2011 9:38 AM 259632]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1008030.006\cchpx86.sys [10/11/2011 9:38 AM 467592]

S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20130509.001\IDSXpx86.sys [5/9/2013 5:47 PM 373728]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]

S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG2012\avgidsagent.exe" --> c:\program files\AVG\AVG2012\avgidsagent.exe [?]

S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe [10/11/2011 9:38 AM 117648]

S2 PrivateDisk;PrivateDisk;c:\program files\Lenovo\SafeGuard PrivateDisk\privatediskm.sys [3/13/2006 7:05 PM 58368]

S2 smi2;smi2;c:\program files\SMI2\smi2.sys [7/14/2006 6:55 PM 3968]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/15/2012 1:34 PM 106656]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-04-10 14:06 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-22 01:37]

.

2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cdf31e730d60fc.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-20 13:56]

.

2013-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-20 13:56]

.

2013-05-10 c:\windows\Tasks\ProgramUpdateCheck.job

- c:\program files\File Type Assistant\tsassist.exe [2012-11-26 20:33]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\documents and settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\

FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\Christina\Application Data\Mozilla\Firefox\Profiles\c0kjlqoh.default\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-05-10 08:13

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]

"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3208745618-2581826673-2983334429-1005\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(244)

c:\program files\Lenovo\AwayTask\AwayNotify.dll

.

- - - - - - - > 'explorer.exe'(1992)

c:\windows\system32\WININET.dll

c:\documents and settings\Christina\Application Data\Dropbox\bin\DropboxExt.17.dll

.

Completion time: 2013-05-10 08:15:20

ComboFix-quarantined-files.txt 2013-05-10 12:15

ComboFix2.txt 2013-05-09 14:06

ComboFix3.txt 2013-04-12 17:14

.

Pre-Run: 23,934,214,144 bytes free

Post-Run: 23,936,163,840 bytes free

.

- - End Of File - - 0DC165AEB0E988B24452A3ADA50D1B52

Link to post
Share on other sites

The computer is still running very slowly, especially right after log-in. The programs load slowly, and sometimes the window skins seem to stall or flicker--the top bar changes to classic XP and says the program is Not Responding for about a second, then it goes back to normal. Chrome has my history and bookmarks, but not my home page--on the plus side, it doesn't have the weird other page anymore!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.