Jump to content

Infected

dusktilldawnll
 Share

Recommended Posts

dusktilldawnll

dusktilldawnll

Posted
Posted

Hello. I routinely run Malwarebytes and I keep getting some kind of "PUP" virus... It removes the virus, but when I run malwarebytes again, it shows up again. Here is the log generated on my most recent scan:

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.14.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Heywang :: HAYWANG_LAPTOP [administrator]
 
8/14/2013 8:32:46 AM
mbam-log-2013-08-14 (08-32-46).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330334
Time elapsed: 1 hour(s), 15 minute(s), 45 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311321154} (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110311321154} (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440344324454} (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550355325554} (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0033254.BHO.1 (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
D:\My Documents\Downloads\Setup.exe (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Program Files\Safe Saver\Safe Saver-bho.dll (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
 
(end)
 
 
Suggestion on how to properly remove this virus?

Thanks in advance for your help.
 
Chris.
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites
dusktilldawnll

dusktilldawnll

Posted
  • Author
Posted

Good morning.  See attached:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6000.17055  BrowserJavaVersion: 10.25.2
Run by Heywang at 9:26:10 on 2013-08-15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.1891 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Fitbit Connect\FitbitConnectService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\DRIVERS\o2flash.exe
c:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Fitbit Connect\Fitbit Connect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Heywang\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Documents and Settings\Heywang\Application Data\Smilebox\SmileboxTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Documents and Settings\Heywang\Application Data\Dropbox\bin\Dropbox.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\iTunesToAndroid\iTunesToAndroid\iTunesToAndroid.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicatorCom.exe
C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uProxyServer = :0
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Octoshape Streaming Services] "c:\documents and settings\heywang\application data\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [Google Update] "c:\documents and settings\heywang\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Download] "c:\documents and settings\heywang\local settings\application data\supportsoft\ddoctorv2\heywang\ssGet.exe" 120 "http://pcmctbc.cmc.motive.com/motivedocs/EasySolveInstaller.exe" "EasySolveInstaller.exe"
uRun: [smileboxTray] "c:\documents and settings\heywang\application data\smilebox\SmileboxTray.exe"
uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [HP Officejet 6600 (NET)] "c:\program files\hp\hp officejet 6600\bin\ScanToPCActivationApp.exe" -deviceID "CN35E6RHRG05RN:NW" -scfn "HP Officejet 6600 (NET)" -AutoStart 1
uRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe  startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Fitbit Connect] "c:\program files\fitbit connect\Fitbit Connect.exe" /autorun
StartupFolder: c:\docume~1\heywang\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\heywang\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\heywang\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\heywang\startm~1\programs\startup\shortc~1.lnk - c:\documents and settings\heywang\application data\microsoft\installer\{0b375bbc-9519-4e39-af06-26f9b4bd1653}\_AF5A0734A3D9313FE34082.exe
StartupFolder: c:\docume~1\heywang\startm~1\programs\startup\sprint~1.lnk - c:\windows\RM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - c:\program files\hewlett-packard\smart print 2.0\smartprintsetup.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 208.67.222.222 208.67.220.220 75.75.75.75
TCP: Interfaces\{31ACF6F0-7766-489F-BB50-00A88C6FE895} : DHCPNameServer = 208.67.222.222 208.67.220.220 75.75.75.75
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - 
Notify: igfxcui - igfxdev.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\heywang\application data\mozilla\firefox\profiles\0hytz6j9.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - plugin: c:\documents and settings\heywang\application data\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\documents and settings\heywang\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\heywang\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll
FF - plugin: c:\program files\virtools\3d life player\npvirtools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - f42fdce3000000000000001fe1d0618f
FF - user.js: extensions.BabylonToolbar_i.hardId - f42fdce3000000000000001fe1d0618f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15463
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:38:47
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109935
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - f42fdce3000000000000001fe1d061ab
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15919
FF - user.js: extensions.delta.vrsn - 1.8.22.0
FF - user.js: extensions.delta.vrsni - 1.8.22.0
FF - user.js: extensions.delta.vrsnTs - 1.8.22.023:38:33
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119360&tsp=4962
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-6-29 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-6-29 5248]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 Fitbit Connect;Fitbit Connect Service;c:\program files\fitbit connect\FitbitConnectService.exe [2013-2-25 1239584]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-1-27 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-6-29 47640]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2010-6-29 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2010-6-29 43608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ltixo;Manager Monitor;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 DraftSight API Service;DraftSight API Service;c:\program files\dassault systemes\draftsight\bin\dsHttpApiService.exe [2012-1-24 78336]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [2010-12-30 24576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
=============== Created Last 30 ================
.
2013-08-06 21:56:19 -------- d-----w- c:\documents and settings\heywang\local settings\application data\Identities
2013-08-06 21:56:15 -------- d-----w- c:\documents and settings\heywang\application data\Windows Desktop Search
2013-08-02 03:38:33 -------- d-----w- c:\program files\common files\Symantec Shared
2013-08-02 03:38:28 -------- d-----w- c:\program files\Delta
2013-08-02 03:38:17 -------- d-----w- c:\windows\system32\drivers\nss\0400010.010
2013-08-02 03:38:17 -------- d-----w- c:\windows\system32\drivers\NSS
2013-08-02 03:38:17 -------- d-----w- c:\program files\Norton Security Scan
2013-08-02 03:38:16 -------- d-----w- c:\documents and settings\all users\application data\Norton
2013-08-02 03:38:05 -------- d-----w- c:\program files\NortonInstaller
2013-08-02 03:38:04 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2013-08-02 03:37:59 -------- d-----w- c:\program files\Safe Saver
2013-08-02 03:37:51 -------- d-----w- c:\documents and settings\all users\application data\FitbitConnect
2013-08-02 03:37:50 -------- d-----w- c:\program files\Fitbit Connect
2013-08-01 23:42:40 580712 ------w- c:\windows\system32\HPDiscoPM5D12.dll
2013-08-01 23:42:38 496016 ----a-w- c:\windows\system32\HPWia1_OJ6600.dll
2013-08-01 23:42:38 1979280 ----a-w- c:\windows\system32\HPScanTRDrv_OJ6600.dll
2013-08-01 23:42:34 529296 ----a-w- c:\windows\system32\hpinksts5D12.dll
2013-08-01 23:42:34 269200 ----a-w- c:\windows\system32\hpinksts5D12LM.dll
2013-08-01 23:42:34 2216848 ----a-w- c:\windows\system32\hpinkins5D12.exe
2013-08-01 23:42:34 221072 ----a-w- c:\windows\system32\hpinkcoi5D12.dll
.
==================== Find3M  ====================
.
2013-06-23 17:28:23 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-23 17:28:21 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-23 17:28:21 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 17:28:21 144896 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH:  9:26:43.46 ===============
 
 
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 11:24:05 AM
System Uptime: 8/14/2013 10:13:09 AM (23 hours ago)
.
Motherboard: Dell Inc. |  | 0M277C
Processor: Intel® Core2 Duo CPU     T5870  @ 2.00GHz | U2E1 | 1576/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 60 GiB total, 20.109 GiB free.
D: is FIXED (NTFS) - 89 GiB total, 40.545 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1013: 5/17/2013 8:43:41 PM - System Checkpoint
RP1014: 5/18/2013 9:35:29 PM - System Checkpoint
RP1015: 5/19/2013 10:54:59 PM - System Checkpoint
RP1016: 5/20/2013 11:34:23 PM - System Checkpoint
RP1017: 5/21/2013 11:34:35 PM - System Checkpoint
RP1018: 5/23/2013 12:00:04 AM - System Checkpoint
RP1019: 5/24/2013 12:16:28 AM - System Checkpoint
RP1020: 5/25/2013 1:00:04 AM - System Checkpoint
RP1021: 5/26/2013 2:00:04 AM - System Checkpoint
RP1022: 5/27/2013 3:00:04 AM - System Checkpoint
RP1023: 5/28/2013 4:00:04 AM - System Checkpoint
RP1024: 5/29/2013 5:00:04 AM - System Checkpoint
RP1025: 5/30/2013 5:57:17 AM - System Checkpoint
RP1026: 5/31/2013 6:57:17 AM - System Checkpoint
RP1027: 6/1/2013 7:57:17 AM - System Checkpoint
RP1028: 6/2/2013 8:57:17 AM - System Checkpoint
RP1029: 6/3/2013 9:08:18 AM - System Checkpoint
RP1030: 6/4/2013 9:57:17 AM - System Checkpoint
RP1031: 6/5/2013 9:57:32 AM - System Checkpoint
RP1032: 6/6/2013 10:40:08 AM - System Checkpoint
RP1033: 6/7/2013 12:29:22 PM - System Checkpoint
RP1034: 6/8/2013 12:41:12 PM - System Checkpoint
RP1035: 6/10/2013 12:14:51 AM - System Checkpoint
RP1036: 6/11/2013 12:48:53 AM - System Checkpoint
RP1037: 6/12/2013 1:21:29 AM - System Checkpoint
RP1038: 6/13/2013 1:21:40 AM - System Checkpoint
RP1039: 6/14/2013 2:21:40 AM - System Checkpoint
RP1040: 6/15/2013 3:59:23 PM - System Checkpoint
RP1041: 6/16/2013 4:59:09 PM - System Checkpoint
RP1042: 6/17/2013 7:37:12 PM - System Checkpoint
RP1043: 6/18/2013 7:59:09 PM - System Checkpoint
RP1044: 6/19/2013 8:59:09 PM - System Checkpoint
RP1045: 6/20/2013 9:59:09 PM - System Checkpoint
RP1046: 6/21/2013 10:57:36 PM - System Checkpoint
RP1047: 6/22/2013 11:10:21 PM - System Checkpoint
RP1048: 6/23/2013 1:03:21 PM - Installed Catalina Savings Printer.
RP1049: 6/23/2013 1:28:12 PM - Installed Java 7 Update 25
RP1050: 6/24/2013 1:57:35 PM - System Checkpoint
RP1051: 6/25/2013 2:57:35 PM - System Checkpoint
RP1052: 6/26/2013 5:20:32 PM - System Checkpoint
RP1053: 6/27/2013 5:57:34 PM - System Checkpoint
RP1054: 6/28/2013 8:09:24 PM - System Checkpoint
RP1055: 6/29/2013 9:06:53 PM - System Checkpoint
RP1056: 6/30/2013 9:47:23 PM - System Checkpoint
RP1057: 7/1/2013 10:47:22 PM - System Checkpoint
RP1058: 7/2/2013 11:47:22 PM - System Checkpoint
RP1059: 7/4/2013 12:47:23 AM - System Checkpoint
RP1060: 7/5/2013 1:47:22 AM - System Checkpoint
RP1061: 7/6/2013 9:54:55 AM - System Checkpoint
RP1062: 7/7/2013 10:09:26 AM - System Checkpoint
RP1063: 7/8/2013 11:17:39 AM - System Checkpoint
RP1064: 7/9/2013 12:03:10 PM - System Checkpoint
RP1065: 7/10/2013 12:50:18 PM - System Checkpoint
RP1066: 7/11/2013 2:00:00 PM - System Checkpoint
RP1067: 7/12/2013 2:03:27 PM - System Checkpoint
RP1068: 7/13/2013 2:03:37 PM - System Checkpoint
RP1069: 7/14/2013 2:20:29 PM - System Checkpoint
RP1070: 7/15/2013 2:26:41 PM - System Checkpoint
RP1071: 7/16/2013 3:32:11 PM - System Checkpoint
RP1072: 7/17/2013 3:35:02 PM - System Checkpoint
RP1073: 7/18/2013 4:05:06 PM - System Checkpoint
RP1074: 7/19/2013 5:06:10 PM - System Checkpoint
RP1075: 7/20/2013 6:05:05 PM - System Checkpoint
RP1076: 7/21/2013 6:46:06 PM - System Checkpoint
RP1077: 7/22/2013 7:39:38 PM - System Checkpoint
RP1078: 7/23/2013 7:56:31 PM - System Checkpoint
RP1079: 7/24/2013 8:18:07 PM - System Checkpoint
RP1080: 7/25/2013 8:38:33 PM - System Checkpoint
RP1081: 7/26/2013 8:39:38 PM - System Checkpoint
RP1082: 7/27/2013 9:58:06 PM - System Checkpoint
RP1083: 7/28/2013 10:38:48 PM - System Checkpoint
RP1084: 7/29/2013 11:38:48 PM - System Checkpoint
RP1085: 7/31/2013 12:38:49 AM - System Checkpoint
RP1086: 8/1/2013 1:36:18 AM - System Checkpoint
RP1087: 8/1/2013 6:57:38 PM - Removed HP Update.
RP1088: 8/2/2013 7:32:02 PM - System Checkpoint
RP1089: 8/2/2013 9:29:53 PM - Removed Desktop Doctor
RP1090: 8/2/2013 9:31:26 PM - Removed FlipShare
RP1091: 8/3/2013 9:39:56 PM - System Checkpoint
RP1092: 8/4/2013 10:08:33 PM - System Checkpoint
RP1093: 8/5/2013 11:08:34 PM - System Checkpoint
RP1094: 8/6/2013 11:48:15 PM - System Checkpoint
RP1095: 8/8/2013 12:44:16 AM - System Checkpoint
RP1096: 8/9/2013 12:58:30 AM - System Checkpoint
RP1097: 8/10/2013 1:35:12 AM - System Checkpoint
RP1098: 8/11/2013 2:35:11 AM - System Checkpoint
RP1099: 8/12/2013 3:35:10 AM - System Checkpoint
RP1100: 8/13/2013 4:13:04 AM - System Checkpoint
RP1101: 8/14/2013 5:13:03 AM - System Checkpoint
RP1102: 8/15/2013 5:17:14 AM - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office Suite Service Pack 2 (SP2)
32 Bit HP CIO Components Installer
3DVIA player 5.0
3ivx MPEG-4 5.0.3 (remove only)
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Autodesk Inventor Plug-In 8.0
Autodesk Volo View 3.0
AutoDWG DWG to PDF Converter
Bonjour
bpd_scan
Catalina Savings Printer
CCleaner
DAEMON Tools
Dell Wireless WLAN Card Utility
DeviceFunctionQFolder
DraftSight
Dropbox
Fitbit Connect
Google Chrome
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Officejet 6600 Basic Device Software
HP Officejet 6600 Help
HP Officejet 6600 Product Improvement Study
HP Update
HPProductAssistant
HTC Driver Installer
I.R.I.S. OCR
InstantShareAlert
Intel® Graphics Media Accelerator Driver
iTunesToAndroid
Java 7 Update 25
Java Auto Updater
Java 6 Update 20
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio 2005 Tools for Office Runtime
Mozilla Firefox (3.6.28)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
Nero 7 Demo
Norton Security Scan
O2Micro Flash Memory Card Reader Driver (x86)
Octoshape Streaming Services
Picaboo X
Picasa 3
QuickBooks
QuickBooks Premier: Accountant Edition 2010
QuickTime
Reading Readiness
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safe Saver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Smilebox
Sprint Desktop Sync
SUPERAntiSpyware
Synaptics Pointing Device Driver
Toolbox
Unity Web Player
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Outlook 2007 Junk Email Filter (kb983486)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Web Assistant version 2.0.0.612
WebEx
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Live ID Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 10
Windows Search 4.0
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
8/8/2013 8:27:51 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.108 for the Network Card with network address 001FE1D061AB has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
8/8/2013 4:54:57 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'.  It has stopped monitoring the volume.
8/8/2013 11:44:37 PM, error: WPDMTPDriver [15300]  - MTP WPD Driver has failed to start. Error 0x80070005.
8/8/2013 10:38:27 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
8/8/2013 10:38:27 AM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
8/8/2013 10:38:27 AM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/8/2013 10:38:27 AM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
8/8/2013 10:38:27 AM, error: Service Control Manager [7001]  - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/8/2013 10:38:27 AM, error: Service Control Manager [7001]  - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
8/8/2013 1:02:26 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/8/2013 1:02:15 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
.
==== End Of File ===========================
 
 
 
The report from Roguekiller, where would I find it on my desktop. I found a folder labeled RK_Quarintine. Opened the folder and found a .dat file, but could not open it. Is this the file you are needing?
 
Thanks a lot. 

Chris

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Please uninstall Web Assistant version 2.0.0.612 from your add/remove programs.

Then.....

Please download AdwCleaner from here and save it on your Desktop.

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :

· Adwares (software ads)

· PUP/LPI (Potentially Undesirable Program)

· Toolbars

· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.
Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:

Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.

If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.

Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.

MrC

Link to post
Share on other sites
dusktilldawnll

dusktilldawnll

Posted
  • Author
Posted
Roguekiller Report.....

 


 

RogueKiller V8.6.5 [Aug  5 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : Heywang [Admin rights]

Mode : Scan -- Date : 08/15/2013 09:51:03

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] SmileboxTray.exe -- C:\Documents and Settings\Heywang\Application Data\Smilebox\SmileboxTray.exe [7] -> KILLED [TermProc]

 

¤¤¤ Registry Entries : 11 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND


[RUN][sUSP PATH] HKCU\[...]\Run : SmileboxTray ("C:\Documents and Settings\Heywang\Application Data\Smilebox\SmileboxTray.exe" [7]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-1482476501-1284227242-839522115-1004\[...]\Run : Google Update ("C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND


[RUN][sUSP PATH] HKUS\S-1-5-21-1482476501-1284227242-839522115-1004\[...]\Run : SmileboxTray ("C:\Documents and Settings\Heywang\Application Data\Smilebox\SmileboxTray.exe" [7]) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (:0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 4 ¤¤¤

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1482476501-1284227242-839522115-1004UA.job : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

[V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-1482476501-1284227242-839522115-1004Core.job : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND



 

¤¤¤ Startup Entries : 2 ¤¤¤

[Heywang][sUSP PATH] Shortcut to iTunesToAndroid.exe.lnk : C:\Documents and Settings\Heywang\Start Menu\Programs\Startup\Shortcut to iTunesToAndroid.exe.lnk @C:\Documents and Settings\Heywang\Application Data\Microsoft\Installer\{0B375BBC-9519-4E39-AF06-26F9B4BD1653}\_AF5A0734A3D9313FE34082.exe [-][-] -> FOUND

[Heywang][sUSP PATH] Sprint media monitor.lnk : C:\Documents and Settings\Heywang\Start Menu\Programs\Startup\Sprint media monitor.lnk @C:\WINDOWS\RM.exe -m [-][7] -> FOUND

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [LOADED] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

127.0.0.1       localhost

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: FUJITSU MHZ2160BH G2 +++++

--- User ---

[MBR] f4fff58a289d8b3072ff95ce77e3e57d

[bSP] 2459850cadfc3fbc117a6ce3be8bcf75 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 61545 Mo

1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 126045990 | Size: 91079 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_08152013_095103.txt >>

 

 

 

 


 

adwcleaner report.......

 

 

 

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 10:42:35

# Updated 19/07/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Heywang - HAYWANG_LAPTOP

# Boot Mode : Normal

# Running from : D:\My Documents\Downloads\adwcleaner (1).exe

# Option [search]

 

 

***** [services] *****

 

 

***** [Files / Folders] *****

 

File Found : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\bProtector_extensions.rdf

File Found : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\searchplugins\Babylon.xml

File Found : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\searchplugins\BrowserDefender.xml

File Found : C:\Program Files\Mozilla Firefox\.autoreg

File Found : C:\user.js

Folder Found : C:\DOCUME~1\Heywang\LOCALS~1\Temp\CT3220468

Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon

Folder Found : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Found : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\extensions\ffxtlbr@babylon.com

Folder Found : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\extensions\ffxtlbr@delta.com

Folder Found : C:\Documents and Settings\Heywang\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Folder Found : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Found : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\delta

 

***** [Registry] *****

 

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\BabSolution

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\Crossrider

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\DataMngr_Toolbar

Key Found : HKCU\Software\Delta

Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Found : HKCU\Software\SmartBar

Key Found : HKCU\Software\Web Assistant

Key Found : HKCU\Software\YahooPartnerToolbar

Key Found : HKLM\Software\Babylon

Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Found : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}

Key Found : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Found : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Found : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Found : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Found : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Found : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Found : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Found : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Found : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Found : HKLM\SOFTWARE\Classes\Prod.cap

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\d2dc8fe06fb942

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Delta

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Found : HKLM\Software\Tarma Installer

Key Found : HKLM\Software\Web Assistant

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

 

***** [internet Browsers] *****

 

-\\ Internet Explorer v7.0.6000.17055

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v3.6.28 (en-US)

 

File : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\prefs.js

 

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");

Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Found : user_pref("browser.search.order.1", "Search the web (Babylon)");


Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.babExt", "");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=109935");

Found : user_pref("extensions.BabylonToolbar.bbDpng", 30);

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.dfltSrch", true);

Found : user_pref("extensions.BabylonToolbar.hmpg", true);

Found : user_pref("extensions.BabylonToolbar.id", "f42fdce3000000000000001fe1d0618f");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15463");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");


Found : user_pref("extensions.BabylonToolbar.lastDP", 30);

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:38:47");

Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");

Found : user_pref("extensions.BabylonToolbar.newTab", true);


Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.propectorlck", 85009168);

Found : user_pref("extensions.BabylonToolbar.prtkDS", 1);

Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);

Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:38:47");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");

Found : user_pref("extensions.BabylonToolbar_i.hardId", "f42fdce3000000000000001fe1d0618f");

Found : user_pref("extensions.BabylonToolbar_i.id", "f42fdce3000000000000001fe1d0618f");

Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15463");

Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar_i.newTab", false);

Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");

Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:38:47");

Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");


Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Found : user_pref("CT3220468.autoDisableScopes",  0);

Found : user_pref("CT3220468.InstallDate", "30/1/2013 13:48:13");

 

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zpzlwpd7.default\prefs.js

 

[OK] File is clean.

 

-\\ Google Chrome v28.0.1500.95

 

File : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

 

Found [l.46] : keyword = "babylon.com",




 

*************************

 

AdwCleaner[R1].txt - [11659 octets] - [15/08/2013 10:41:41]

AdwCleaner[R2].txt - [11589 octets] - [15/08/2013 10:42:35]

 

########## EOF - C:\AdwCleaner[R2].txt - [11650 octets] ##########
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

Then......

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Last.........

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites
dusktilldawnll

dusktilldawnll

Posted
  • Author
Posted

# AdwCleaner v2.306 - Logfile created 08/15/2013 at 10:57:49

# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Heywang - HAYWANG_LAPTOP
# Boot Mode : Normal
# Running from : D:\My Documents\Downloads\adwcleaner (1).exe
# Option [Delete]
 
 
***** [services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted on reboot : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Deleted on reboot : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\bProtector_extensions.rdf
File Deleted : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\searchplugins\Babylon.xml
File Deleted : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\searchplugins\BrowserDefender.xml
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\user.js
Folder Deleted : C:\DOCUME~1\Heywang\LOCALS~1\Temp\CT3220468
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\extensions\ffxtlbr@delta.com
Folder Deleted : C:\Documents and Settings\Heywang\Local Settings\Application Data\Conduit
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\delta
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Web Assistant
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0033254.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\d2dc8fe06fb942
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
 
***** [internet Browsers] *****
 
-\\ Internet Explorer v7.0.6000.17055
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v3.6.28 (en-US)
 
File : C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\prefs.js
 
C:\Documents and Settings\Heywang\Application Data\Mozilla\Firefox\Profiles\0hytz6j9.default\user.js ... Deleted !
 
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=109935");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 30);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Deleted : user_pref("extensions.BabylonToolbar.id", "f42fdce3000000000000001fe1d0618f");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15463");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 30);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:38:47");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 85009168);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:38:47");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "f42fdce3000000000000001fe1d0618f");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "f42fdce3000000000000001fe1d0618f");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15463");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:38:47");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("CT3220468.autoDisableScopes",  0);
Deleted : user_pref("CT3220468.InstallDate", "30/1/2013 13:48:13");
 
File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zpzlwpd7.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Documents and Settings\Heywang\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.46] : keyword = "babylon.com",
 
*************************
 
AdwCleaner[R1].txt - [11659 octets] - [15/08/2013 10:41:41]
AdwCleaner[R2].txt - [11720 octets] - [15/08/2013 10:42:35]
AdwCleaner[R3].txt - [11781 octets] - [15/08/2013 10:57:14]
AdwCleaner[s1].txt - [11898 octets] - [15/08/2013 10:57:49]
 
########## EOF - C:\AdwCleaner[s1].txt - [11959 octets] ##########
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Heywang on Thu 08/15/2013 at 11:03:24.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322322254}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366326654}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366326654}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\Heywang\Local Settings\Application Data\cre"
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/15/2013 at 11:06:14.75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.15.04
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Heywang :: HAYWANG_LAPTOP [administrator]
 
8/15/2013 11:12:04 AM
mbam-log-2013-08-15 (11-12-04).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244398
Time elapsed: 9 minute(s), 52 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
 
So far, computer runs great.... Thanks a lot for your help.
 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Good......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get "Unsupported operating system. Aborting now", just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites
dusktilldawnll

dusktilldawnll

Posted
  • Author
Posted

Unfortunately, I dont think I got rid of it. When I got home a short time ago, I was on the internet and a "setup.exe" popped up in my download folder....Knowing it was nothing I did, I ran malware and this showed up....  

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.15.04
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 7.0.5730.13
Heywang :: HAYWANG_LAPTOP [administrator]
 
8/15/2013 1:34:43 PM
MBAM-log-2013-08-15 (15-43-46).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 330096
Time elapsed: 1 hour(s), 6 minute(s), 30 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
D:\My Documents\Downloads\Setup.exe (PUP.Optional.Solimba) -> No action taken.
 
(end)
Link to post
Share on other sites
dusktilldawnll

dusktilldawnll

Posted
  • Author
Posted

no symptoms.. I just saw the setup.exe pop up on bottom of screen.... Computer is still running fine.

 

 

Here is security check info:

 

 

 

 Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 7 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 6 Update 20  
 Java 7 Update 25  
 Adobe Flash Player 11.6.602.171  
 Adobe Reader 9 Adobe Reader out of Date! 
 Mozilla Firefox (3.6.28) Firefox out of Date!  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java™ 6 Update 20 <---please uninstall from your add/remove programs
Java 7 Update 25 <---OK

--------------------------------------------------

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

-------------------------------------------------

Mozilla Firefox (3.6.28) Firefox out of Date! <---please check for an update if available

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (may be down right now)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.