Jump to content

I think I still need help with removal


Debili

Recommended Posts

Hello,

I had been running the free version. after each scan in last few days I kept getta trojan agent ED so came here looking for help followed instructions in

infected what do i do now...bought the pro version ran it...did the dds and the attach now I am here

I have several questions I do not want to bog down forums...so I am still following instructions to copy and past the two logs here...

I hope this is right... :blink:

 

no it says not to post unless specifically instructed....

am I to run the MBPro on all users how do I know if I have fixed the problem?

what is a fake positive?

if I bought the pro version should I be going through email support.

last but not lease the last two days before all this I made sure I was offline when I left the house when I came back it was online again

WTheck????

please help :blink:

thanks Deb

 

 

 

 

 

Link to post
Share on other sites

Hello Debili

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I need to get some reports to get a base to start from so I need you to run these programs first.

-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif

    Download DDS and save it to your desktop

    Link1

    Link2

    Link3

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
Link to post
Share on other sites

To Gringo...

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512
Run by deb at 19:09:33 on 2013-09-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1013.466 [GMT -5:00]
.
AV: Live PC Care *Enabled/Updated* {2A271E11-26C8-4668-A68F-BFF8DA382ABE}
FW: Live PC Care *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\program files\real\realplayer\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
C:\Documents and Settings\deb\Application Data\DirectLife\ALconnect\ALconnect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.


uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624




uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
uURLSearchHooks: {EEE6C35D-6118-11DC-9C72-001320C79847} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
uRun: [ComcastAntispyClient] "c:\program files\comcasttb\comcastspywarescan\ComcastAntispy.exe" /hide
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [NTServiceManager] c:\program files\youtubedownloader.org\youtubedownloader\YoutubeDownloader Updater.exe
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
uRun: [ALconnect] c:\documents and settings\deb\application data\directlife\alconnect\ALconnect.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\deb\startm~1\programs\startup\zooskm~1.lnk - c:\program files\zooskmessenger\ZooskMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - <no file>
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - <orphaned>
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\joslyn\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe



TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{EB697A2C-6298-4912-B730-BAFC1F1FCB4F} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\deb\application data\mozilla\firefox\profiles\u8w2ujv7.default-1377172185593\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net


FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\deb\application data\move networks\plugins\npqmp071706000001.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [2008-10-6 6144]
R2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\comcastspywarescan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-10 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-11-22 701512]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-11-22 22856]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;\??\c:\docume~1\deb\locals~1\temp\_d5dc.tmp\foxawdwinflash.sys --> c:\docume~1\deb\locals~1\temp\_d5dc.tmp\FoxAwdWINFLASH.sys [?]
.
=============== Created Last 30 ================
.
2013-09-19 23:46:34    --------    d--h--w-    c:\windows\PIF
2013-09-16 22:29:40    --------    d-----w-    c:\windows\pss
2013-09-05 14:04:02    209272    ----a-w-    c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-09-05 14:04:02    209272    ----a-w-    c:\program files\internet explorer\plugins\nppdf32.dll
2013-08-22 08:20:33    5632    ----a-w-    c:\windows\system32\ptpusb.dll
2013-08-22 08:20:32    159232    ----a-w-    c:\windows\system32\ptpusd.dll
.
==================== Find3M  ====================
.
2013-09-11 12:41:07    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-11 12:41:07    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-09 01:56:45    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 01:27:48    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-05 13:30:32    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 19:18:38    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-08-01 04:17:51    668672    ----a-w-    c:\windows\system32\wininet.dll
2013-08-01 04:17:51    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-08-01 04:17:50    81920    ----a-w-    c:\windows\system32\ieencode.dll
2013-08-01 01:01:18    369664    ----a-w-    c:\windows\system32\html.iec
2013-07-10 10:37:53    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 03:03:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 19:09:42.32 ===============
 

Link to post
Share on other sites

to Gringo:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/30/2008 3:29:10 PM
System Uptime: 9/19/2013 6:24:02 PM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0RY007
Processor: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz | Socket 775 | 1995/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 229 GiB total, 187.872 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SASKUTIL\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SASKUTIL\0000
Service:
.
==== System Restore Points ===================
.
RP1451: 6/23/2013 1:58:34 PM - System Checkpoint
RP1452: 6/25/2013 8:39:35 PM - System Checkpoint
RP1453: 6/27/2013 7:01:13 AM - System Checkpoint
RP1454: 6/29/2013 7:20:40 AM - System Checkpoint
RP1455: 6/30/2013 9:29:30 AM - System Checkpoint
RP1456: 7/2/2013 9:21:56 AM - System Checkpoint
RP1457: 7/3/2013 9:25:19 AM - System Checkpoint
RP1458: 7/4/2013 9:46:37 AM - System Checkpoint
RP1459: 7/5/2013 10:11:11 AM - System Checkpoint
RP1460: 7/7/2013 8:39:10 AM - System Checkpoint
RP1461: 7/8/2013 3:02:35 PM - System Checkpoint
RP1462: 7/10/2013 6:28:54 AM - System Checkpoint
RP1463: 7/11/2013 3:00:23 AM - Software Distribution Service 3.0
RP1464: 7/12/2013 7:35:01 AM - System Checkpoint
RP1465: 7/13/2013 8:18:48 AM - System Checkpoint
RP1466: 7/14/2013 9:15:53 AM - System Checkpoint
RP1467: 7/15/2013 8:15:30 PM - System Checkpoint
RP1468: 7/16/2013 10:03:04 PM - System Checkpoint
RP1469: 7/18/2013 1:50:14 AM - System Checkpoint
RP1470: 7/19/2013 7:32:40 AM - System Checkpoint
RP1471: 7/21/2013 7:11:27 PM - System Checkpoint
RP1472: 7/22/2013 8:24:29 PM - System Checkpoint
RP1473: 7/23/2013 8:46:00 PM - System Checkpoint
RP1474: 7/25/2013 9:03:12 AM - System Checkpoint
RP1475: 7/26/2013 8:15:40 PM - System Checkpoint
RP1476: 7/27/2013 9:39:31 PM - System Checkpoint
RP1477: 7/29/2013 10:53:01 PM - System Checkpoint
RP1478: 7/31/2013 8:54:00 AM - System Checkpoint
RP1479: 8/1/2013 10:16:41 AM - System Checkpoint
RP1480: 8/2/2013 1:33:44 PM - System Checkpoint
RP1481: 8/3/2013 3:13:58 PM - System Checkpoint
RP1482: 8/4/2013 7:23:11 PM - System Checkpoint
RP1483: 8/6/2013 8:14:29 AM - System Checkpoint
RP1484: 8/8/2013 7:37:39 AM - System Checkpoint
RP1485: 8/10/2013 6:33:43 AM - System Checkpoint
RP1486: 8/11/2013 5:01:18 PM - System Checkpoint
RP1487: 8/14/2013 8:52:24 AM - System Checkpoint
RP1488: 8/15/2013 3:00:23 AM - Software Distribution Service 3.0
RP1489: 8/16/2013 7:55:47 AM - System Checkpoint
RP1490: 8/17/2013 8:43:47 AM - System Checkpoint
RP1491: 8/18/2013 10:13:37 AM - System Checkpoint
RP1492: 8/19/2013 2:32:10 PM - System Checkpoint
RP1493: 8/20/2013 7:15:44 PM - System Checkpoint
RP1494: 8/22/2013 7:54:51 AM - System Checkpoint
RP1495: 8/23/2013 9:58:34 AM - System Checkpoint
RP1496: 8/24/2013 12:03:57 PM - System Checkpoint
RP1497: 8/25/2013 5:28:41 PM - System Checkpoint
RP1498: 8/26/2013 6:51:16 PM - System Checkpoint
RP1499: 8/28/2013 3:00:17 AM - Software Distribution Service 3.0
RP1500: 8/29/2013 5:29:05 AM - System Checkpoint
RP1501: 8/30/2013 7:03:19 AM - System Checkpoint
RP1502: 8/31/2013 8:17:32 AM - System Checkpoint
RP1503: 9/1/2013 9:16:20 AM - System Checkpoint
RP1504: 9/2/2013 11:49:37 AM - System Checkpoint
RP1505: 9/4/2013 7:05:48 AM - System Checkpoint
RP1506: 9/5/2013 8:33:18 AM - System Checkpoint
RP1507: 9/6/2013 9:21:03 AM - System Checkpoint
RP1508: 9/8/2013 8:49:49 AM - System Checkpoint
RP1509: 9/9/2013 10:51:53 AM - System Checkpoint
RP1510: 9/10/2013 11:41:17 AM - System Checkpoint
RP1511: 9/11/2013 12:07:57 PM - System Checkpoint
RP1512: 9/12/2013 12:30:14 PM - System Checkpoint
RP1513: 9/13/2013 3:00:22 AM - Software Distribution Service 3.0
RP1514: 9/14/2013 7:10:24 AM - System Checkpoint
RP1515: 9/15/2013 7:57:45 AM - System Checkpoint
RP1516: 9/16/2013 11:59:45 AM - System Checkpoint
RP1517: 9/17/2013 1:43:31 PM - System Checkpoint
RP1518: 9/17/2013 5:07:49 PM - Removed Babylon Chrome Toolbar
RP1519: 9/17/2013 5:21:06 PM - Removed Google Earth.
RP1520: 9/17/2013 5:21:54 PM - Removed Java 6 Update 5
RP1521: 9/17/2013 5:22:24 PM - Removed Java 7 Update 9
RP1522: 9/18/2013 6:20:23 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
5700_Help
ActiveLink Connect
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.04)
Adobe Shockwave Player 11.5
BPD_Scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Comcast Access
Comcast Toolbar 3.0
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Corel Applications
CorelDRAW Graphics Suite X4
CorelDRAW Graphics Suite X4 - Capture
CorelDRAW Graphics Suite X4 - Content
CorelDRAW Graphics Suite X4 - Draw
CorelDRAW Graphics Suite X4 - Filters
CorelDRAW Graphics Suite X4 - FontNav
CorelDRAW Graphics SUite X4 - ICA
CorelDRAW Graphics Suite X4 - IPM
CorelDRAW Graphics Suite X4 - Lang BR
CorelDRAW Graphics Suite X4 - Lang EN
CorelDRAW Graphics Suite X4 - Lang ES
CorelDRAW Graphics Suite X4 - Lang FR
CorelDRAW Graphics Suite X4 - PP
CorelDRAW Graphics Suite X4 - VBA
CorelDRAW® Graphics Suite X4
CorelDRAW® Graphics Suite X4 - Windows Shell Extension
Critical Update for Windows Media Player 11 (KB959772)
CustomerResearchQFolder
DB CIF Cam
Dell Driver Reset Tool
Dell Support Center
Dell System Restore
Destinations
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
Download Updater (AOL LLC)
eSupportQFolder
Fax
Games, Music, & Photos Launcher
Google Chrome
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Officejet All-In-One Series
HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
HP Photosmart Essential
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections Drivers
J5700
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Modem Diagnostic Tool
Move Media Player
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Network
OGA Notifier 2.0.0048.0
ProductContext
PS_AIO_04_C4580_Software_Min
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Scan
SearchAssist
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618444)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647516)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2675157)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2699988)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2722913)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2761465)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2792100)
Security Update for Windows XP (KB2797052)
Security Update for Windows XP (KB2799329)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2809289)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2817183)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2829530)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2838727)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2846071)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862772)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2870699)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Skype Toolbars
Skype™ 6.6
SolutionCenter
Status
Toolbox
TrayApp
Update for Video Player
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Video Player Packages
Video Player Packages 36
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Messenger
Yahoo! Search Protection
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
9/19/2013 5:41:15 PM, error: Service Control Manager [7000]  - The HTTP SSL service failed to start due to the following error:  The executable program that this service is configured to run in does not implement the service.
9/17/2013 8:55:55 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
9/14/2013 6:55:29 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  iaStor
9/14/2013 6:25:56 AM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).
9/14/2013 6:23:02 AM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/14/2013 6:07:11 AM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
 

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 9/30/2008 3:29:10 PM

System Uptime: 9/19/2013 6:24:02 PM (1 hours ago)

.

Motherboard: Dell Inc. |  | 0RY007

Processor: Intel® Pentium® Dual  CPU  E2180  @ 2.00GHz | Socket 775 | 1995/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 229 GiB total, 187.872 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ROOT\LEGACY_SASKUTIL\0000

Manufacturer:

Name:

PNP Device ID: ROOT\LEGACY_SASKUTIL\0000

Service:

.

==== System Restore Points ===================

.

RP1451: 6/23/2013 1:58:34 PM - System Checkpoint

RP1452: 6/25/2013 8:39:35 PM - System Checkpoint

RP1453: 6/27/2013 7:01:13 AM - System Checkpoint

RP1454: 6/29/2013 7:20:40 AM - System Checkpoint

RP1455: 6/30/2013 9:29:30 AM - System Checkpoint

RP1456: 7/2/2013 9:21:56 AM - System Checkpoint

RP1457: 7/3/2013 9:25:19 AM - System Checkpoint

RP1458: 7/4/2013 9:46:37 AM - System Checkpoint

RP1459: 7/5/2013 10:11:11 AM - System Checkpoint

RP1460: 7/7/2013 8:39:10 AM - System Checkpoint

RP1461: 7/8/2013 3:02:35 PM - System Checkpoint

RP1462: 7/10/2013 6:28:54 AM - System Checkpoint

RP1463: 7/11/2013 3:00:23 AM - Software Distribution Service 3.0

RP1464: 7/12/2013 7:35:01 AM - System Checkpoint

RP1465: 7/13/2013 8:18:48 AM - System Checkpoint

RP1466: 7/14/2013 9:15:53 AM - System Checkpoint

RP1467: 7/15/2013 8:15:30 PM - System Checkpoint

RP1468: 7/16/2013 10:03:04 PM - System Checkpoint

RP1469: 7/18/2013 1:50:14 AM - System Checkpoint

RP1470: 7/19/2013 7:32:40 AM - System Checkpoint

RP1471: 7/21/2013 7:11:27 PM - System Checkpoint

RP1472: 7/22/2013 8:24:29 PM - System Checkpoint

RP1473: 7/23/2013 8:46:00 PM - System Checkpoint

RP1474: 7/25/2013 9:03:12 AM - System Checkpoint

RP1475: 7/26/2013 8:15:40 PM - System Checkpoint

RP1476: 7/27/2013 9:39:31 PM - System Checkpoint

RP1477: 7/29/2013 10:53:01 PM - System Checkpoint

RP1478: 7/31/2013 8:54:00 AM - System Checkpoint

RP1479: 8/1/2013 10:16:41 AM - System Checkpoint

RP1480: 8/2/2013 1:33:44 PM - System Checkpoint

RP1481: 8/3/2013 3:13:58 PM - System Checkpoint

RP1482: 8/4/2013 7:23:11 PM - System Checkpoint

RP1483: 8/6/2013 8:14:29 AM - System Checkpoint

RP1484: 8/8/2013 7:37:39 AM - System Checkpoint

RP1485: 8/10/2013 6:33:43 AM - System Checkpoint

RP1486: 8/11/2013 5:01:18 PM - System Checkpoint

RP1487: 8/14/2013 8:52:24 AM - System Checkpoint

RP1488: 8/15/2013 3:00:23 AM - Software Distribution Service 3.0

RP1489: 8/16/2013 7:55:47 AM - System Checkpoint

RP1490: 8/17/2013 8:43:47 AM - System Checkpoint

RP1491: 8/18/2013 10:13:37 AM - System Checkpoint

RP1492: 8/19/2013 2:32:10 PM - System Checkpoint

RP1493: 8/20/2013 7:15:44 PM - System Checkpoint

RP1494: 8/22/2013 7:54:51 AM - System Checkpoint

RP1495: 8/23/2013 9:58:34 AM - System Checkpoint

RP1496: 8/24/2013 12:03:57 PM - System Checkpoint

RP1497: 8/25/2013 5:28:41 PM - System Checkpoint

RP1498: 8/26/2013 6:51:16 PM - System Checkpoint

RP1499: 8/28/2013 3:00:17 AM - Software Distribution Service 3.0

RP1500: 8/29/2013 5:29:05 AM - System Checkpoint

RP1501: 8/30/2013 7:03:19 AM - System Checkpoint

RP1502: 8/31/2013 8:17:32 AM - System Checkpoint

RP1503: 9/1/2013 9:16:20 AM - System Checkpoint

RP1504: 9/2/2013 11:49:37 AM - System Checkpoint

RP1505: 9/4/2013 7:05:48 AM - System Checkpoint

RP1506: 9/5/2013 8:33:18 AM - System Checkpoint

RP1507: 9/6/2013 9:21:03 AM - System Checkpoint

RP1508: 9/8/2013 8:49:49 AM - System Checkpoint

RP1509: 9/9/2013 10:51:53 AM - System Checkpoint

RP1510: 9/10/2013 11:41:17 AM - System Checkpoint

RP1511: 9/11/2013 12:07:57 PM - System Checkpoint

RP1512: 9/12/2013 12:30:14 PM - System Checkpoint

RP1513: 9/13/2013 3:00:22 AM - Software Distribution Service 3.0

RP1514: 9/14/2013 7:10:24 AM - System Checkpoint

RP1515: 9/15/2013 7:57:45 AM - System Checkpoint

RP1516: 9/16/2013 11:59:45 AM - System Checkpoint

RP1517: 9/17/2013 1:43:31 PM - System Checkpoint

RP1518: 9/17/2013 5:07:49 PM - Removed Babylon Chrome Toolbar

RP1519: 9/17/2013 5:21:06 PM - Removed Google Earth.

RP1520: 9/17/2013 5:21:54 PM - Removed Java 6 Update 5

RP1521: 9/17/2013 5:22:24 PM - Removed Java 7 Update 9

RP1522: 9/18/2013 6:20:23 PM - System Checkpoint

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

5700_Help

ActiveLink Connect

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.04)

Adobe Shockwave Player 11.5

BPD_Scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Comcast Access

Comcast Toolbar 3.0

Compatibility Pack for the 2007 Office system

Conexant D850 56K V.9x DFVc Modem

Corel Applications

CorelDRAW Graphics Suite X4

CorelDRAW Graphics Suite X4 - Capture

CorelDRAW Graphics Suite X4 - Content

CorelDRAW Graphics Suite X4 - Draw

CorelDRAW Graphics Suite X4 - Filters

CorelDRAW Graphics Suite X4 - FontNav

CorelDRAW Graphics SUite X4 - ICA

CorelDRAW Graphics Suite X4 - IPM

CorelDRAW Graphics Suite X4 - Lang BR

CorelDRAW Graphics Suite X4 - Lang EN

CorelDRAW Graphics Suite X4 - Lang ES

CorelDRAW Graphics Suite X4 - Lang FR

CorelDRAW Graphics Suite X4 - PP

CorelDRAW Graphics Suite X4 - VBA

CorelDRAW® Graphics Suite X4

CorelDRAW® Graphics Suite X4 - Windows Shell Extension

Critical Update for Windows Media Player 11 (KB959772)

CustomerResearchQFolder

DB CIF Cam

Dell Driver Reset Tool

Dell Support Center

Dell System Restore

Destinations

DeviceManagementQFolder

Digital Line Detect

DocProc

DocProcQFolder

Download Updater (AOL LLC)

eSupportQFolder

Fax

Games, Music, & Photos Launcher

Google Chrome

Google Update Helper

High Definition Audio Driver Package - KB835221

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB945060-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HP Customer Participation Program 8.0

HP Imaging Device Functions 8.0

HP OCR Software 8.0

HP Officejet All-In-One Series

HP Photosmart C4500 All-In-One Driver 12.0 Rel .4

HP Photosmart Essential

HP Solution Center 8.0

HP Update

HPProductAssistant

HPSSupply

Intel® Graphics Media Accelerator Driver

Intel® PRO Network Connections Drivers

J5700

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2833941)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

Modem Diagnostic Tool

Move Media Player

Mozilla Firefox 23.0.1 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

Network

OGA Notifier 2.0.0048.0

ProductContext

PS_AIO_04_C4580_Software_Min

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Creator Audio

Roxio Creator Copy

Roxio Creator Data

Roxio Creator DE

Roxio Creator Tools

Roxio Express Labeler 3

Roxio Update Manager

Scan

SearchAssist

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB2834904-v2)

Security Update for Windows Media Player (KB2834904)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2296199)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2436673)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2510581)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544521)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618444)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647516)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2675157)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2699988)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2722913)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2744842)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2753842)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2761465)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2792100)

Security Update for Windows XP (KB2797052)

Security Update for Windows XP (KB2799329)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB2807986)

Security Update for Windows XP (KB2808735)

Security Update for Windows XP (KB2809289)

Security Update for Windows XP (KB2813170)

Security Update for Windows XP (KB2813345)

Security Update for Windows XP (KB2817183)

Security Update for Windows XP (KB2820197)

Security Update for Windows XP (KB2820917)

Security Update for Windows XP (KB2829361)

Security Update for Windows XP (KB2829530)

Security Update for Windows XP (KB2834886)

Security Update for Windows XP (KB2838727)

Security Update for Windows XP (KB2839229)

Security Update for Windows XP (KB2845187)

Security Update for Windows XP (KB2846071)

Security Update for Windows XP (KB2849470)

Security Update for Windows XP (KB2850851)

Security Update for Windows XP (KB2850869)

Security Update for Windows XP (KB2859537)

Security Update for Windows XP (KB2862772)

Security Update for Windows XP (KB2864063)

Security Update for Windows XP (KB2870699)

Security Update for Windows XP (KB2876217)

Security Update for Windows XP (KB2876315)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Security Update for Windows XP (KB982802)

Skype Toolbars

Skype™ 6.6

SolutionCenter

Status

Toolbox

TrayApp

Update for Video Player

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB2863058)

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB976749)

Update for Windows XP (KB978207)

Video Player Packages

Video Player Packages 36

Visual Basic for Applications ® Core

Visual Basic for Applications ® Core - English

WebFldrs XP

WebReg

Windows Genuine Advantage Notifications (KB905474)

Windows Installer 3.1 (KB893803)

Windows Media Format 11 runtime

Windows Media Player 10

Windows Media Player 11

Windows XP Service Pack 3

Yahoo! Messenger

Yahoo! Search Protection

Yahoo! Software Update

.

==== Event Viewer Messages From Past Week ========

.

9/19/2013 5:41:15 PM, error: Service Control Manager [7000]  - The HTTP SSL service failed to start due to the following error:  The executable program that this service is configured to run in does not implement the service.

9/17/2013 8:55:55 PM, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.

9/14/2013 6:55:29 AM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  iaStor

9/14/2013 6:25:56 AM, error: Service Control Manager [7034]  - The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).

9/14/2013 6:23:02 AM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

9/14/2013 6:07:11 AM, error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

.

==== End Of File ===========================

 

Link to post
Share on other sites

Hello Debili

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[s1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo

Link to post
Share on other sites

Gringo,

Ok after leaving the adware running idle for HOURS thinking it was still scanning on my desktop I finally just said clean and have a text log of that for you

however the second link just wants me to spend more money and I cannot locate any JRT.TXT file for that one so here is the one I have

and I have two from Adware

during this time my MWB was disabled.

 

# AdwCleaner v3.004 - Report created 20/09/2013 at 08:50:15
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : deb - DEBSPUTER
# Running from : C:\Documents and Settings\deb\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\DOCUME~1\deb\LOCALS~1\Temp\Searchqu.ini
File Found : C:\DOCUME~1\deb\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Folder Found : C:\Documents and Settings\joslyn\Application Data\Mozilla\Firefox\Profiles\gg2xuwba.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Folder Found C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Documents and Settings\deb\Application Data\comcasttb
Folder Found C:\Documents and Settings\deb\Application Data\DSite
Folder Found C:\Documents and Settings\deb\Application Data\searchquband
Folder Found C:\Documents and Settings\deb\Local Settings\Application Data\Ilivid Player
Folder Found C:\Documents and Settings\deb\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\joslyn\Application Data\comcasttb
Folder Found C:\Documents and Settings\joslyn\Application Data\Mozilla\Firefox\Profiles\gg2xuwba.default\Searchqutoolbar
Folder Found C:\Documents and Settings\joslyn\Application Data\Searchqutoolbar
Folder Found C:\Documents and Settings\shara\Application Data\comcasttb
Folder Found C:\Documents and Settings\shara\Application Data\Searchqutoolbar
Folder Found C:\Documents and Settings\shara\Local Settings\Application Data\PackageAware
Folder Found C:\Program Files\Ask.com
Folder Found C:\Program Files\comcasttb
Folder Found C:\Program Files\Common Files\Software Update Utility

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\5e6d9d0b668ba41
Key Found : HKCU\Software\AppDataLow\Software\Freecause
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\searchqutoolbar
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\5e6d9d0b668ba41
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Found : HKLM\Software\SearchquMediabarTb
Key Found : HKLM\Software\Tarma Installer
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512






-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\4jp04wef.default\prefs.js ]


[ File : C:\Documents and Settings\deb\Application Data\Mozilla\Firefox\Profiles\u8w2ujv7.default-1377172185593\prefs.js ]

Line Found : user_pref("browser.search.defaultenginename", "google-feed.net");
Line Found : user_pref("browser.search.selectedEngine", "GoogleFeed.net");



[ File : C:\Documents and Settings\shara\Application Data\Mozilla\Firefox\Profiles\rc13uhdx.default\prefs.js ]


[ File : C:\Documents and Settings\joslyn\Application Data\Mozilla\Firefox\Profiles\gg2xuwba.default\prefs.js ]



-\\ Google Chrome v29.0.1547.76

[ File : C:\Documents and Settings\deb\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword
Found : icon_url
Found : search_url
Found : keyword
Found : icon_url
Found : search_url
Found : suggest_url
Found : keyword

[ File : C:\Documents and Settings\shara\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12538 octets] - [20/09/2013 08:50:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12599 octets] ##########
 

 

 

 

 

 

 

 

and the second one after clean

 

# AdwCleaner v3.004 - Report created 20/09/2013 at 12:49:13
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : deb - DEBSPUTER
# Running from : C:\Documents and Settings\deb\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\comcasttb
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Documents and Settings\deb\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\deb\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\deb\Application Data\comcasttb
Folder Deleted : C:\Documents and Settings\deb\Application Data\DSite
Folder Deleted : C:\Documents and Settings\deb\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\shara\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\shara\Application Data\comcasttb
Folder Deleted : C:\Documents and Settings\shara\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\joslyn\Application Data\comcasttb
Folder Deleted : C:\Documents and Settings\joslyn\Application Data\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\joslyn\Application Data\Mozilla\Firefox\Profiles\gg2xuwba.default\Searchqutoolbar
Folder Deleted : C:\Documents and Settings\joslyn\Application Data\Mozilla\Firefox\Profiles\gg2xuwba.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File Deleted : C:\DOCUME~1\deb\LOCALS~1\Temp\Searchqu.ini
File Deleted : C:\DOCUME~1\deb\LOCALS~1\Temp\Uninstall.exe
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\5e6d9d0b668ba41
Key Deleted : HKLM\SOFTWARE\5e6d9d0b668ba41
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\searchqutoolbar
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\SearchquMediabarTb
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Viewpoint Manager
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A957F04C-49F4-4375-8C8A-D04B769EFE47}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [searchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\NetworkService\Application Data\Mozilla\Firefox\Profiles\4jp04wef.default\prefs.js ]


[ File : C:\Documents and Settings\deb\Application Data\Mozilla\Firefox\Profiles\u8w2ujv7.default-1377172185593\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "google-feed.net");
Line Deleted : user_pref("browser.search.selectedEngine", "GoogleFeed.net");



[ File : C:\Documents and Settings\shara\Application Data\Mozilla\Firefox\Profiles\rc13uhdx.default\prefs.js ]


[ File : C:\Documents and Settings\joslyn\Application Data\Mozilla\Firefox\Profiles\gg2xuwba.default\prefs.js ]



-\\ Google Chrome v29.0.1547.76

[ File : C:\Documents and Settings\deb\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

[ File : C:\Documents and Settings\shara\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [12680 octets] - [20/09/2013 08:50:15]
AdwCleaner[s0].txt - [12321 octets] - [20/09/2013 12:49:13]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [12382 octets] ##########
 

 

I am more frustrated now than when I began

Link to post
Share on other sites

Gringo,

Ok you said let you how it is running it is running VERY SLOW since the last two cleans the ADware cleaner and the JUNKWare clean instructions I did from you

Since I was doing all the clean up have not been on much at all it took all day!

and I did not want to download the AVG toolbar

but it would not do the clean unless I did, I would like to uninstall it may I????

I have MWB pro running I bought that yesterday

It is running worse than when I fist contacted help yesterday. locking up  slow to load etc.

thanks Deb

Link to post
Share on other sites

Hello Debili

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
Link to post
Share on other sites

Hi Gringo...

this is scary stuff running all these programs...

my MWB before the comfix is still finding a trojan

my computer seems to be running normal compared to me saying it was running slow last post

I did not check MWB after the combo fix here is the report:

regards Deb

 

 

 

 

ComboFix 13-09-22.01 - deb 09/22/2013   8:19.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1013.385 [GMT -5:00]
Running from: c:\documents and settings\deb\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\hr
c:\documents and settings\All Users\Application Data\AMMYY\hr3
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
c:\documents and settings\deb\Local Settings\Application Data.LOG
c:\documents and settings\deb\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences
c:\documents and settings\deb\Recent\ANTIGEN.sys
c:\documents and settings\deb\Recent\ANTIGEN.tmp
c:\documents and settings\deb\Recent\cid.dll
c:\documents and settings\deb\Recent\cid.sys
c:\documents and settings\deb\Recent\CLSV.exe
c:\documents and settings\deb\Recent\CLSV.tmp
c:\documents and settings\deb\Recent\DBOLE.drv
c:\documents and settings\deb\Recent\DBOLE.tmp
c:\documents and settings\deb\Recent\ddv.exe
c:\documents and settings\deb\Recent\ddv.tmp
c:\documents and settings\deb\Recent\delfile.exe
c:\documents and settings\deb\Recent\delfile.sys
c:\documents and settings\deb\Recent\dudl.sys
c:\documents and settings\deb\Recent\eb.sys
c:\documents and settings\deb\Recent\energy.dll
c:\documents and settings\deb\Recent\FS.drv
c:\documents and settings\deb\Recent\FS.tmp
c:\documents and settings\deb\Recent\grid.dll
c:\documents and settings\deb\Recent\hymt.drv
c:\documents and settings\deb\Recent\kernel32.exe
c:\documents and settings\deb\Recent\pal.dll
c:\documents and settings\deb\Recent\pal.sys
c:\documents and settings\deb\Recent\pal.tmp
c:\documents and settings\deb\Recent\PE.dll
c:\documents and settings\deb\Recent\PE.drv
c:\documents and settings\deb\Recent\PE.exe
c:\documents and settings\deb\Recent\PE.tmp
c:\documents and settings\deb\Recent\ppal.dll
c:\documents and settings\deb\Recent\runddl.tmp
c:\documents and settings\deb\Recent\runddlkey.dll
c:\documents and settings\deb\Recent\SICKBOY.sys
c:\documents and settings\deb\Recent\sld.drv
c:\documents and settings\deb\Recent\SM.exe
c:\documents and settings\deb\Recent\SM.tmp
c:\documents and settings\deb\Recent\snl2w.tmp
c:\documents and settings\deb\Recent\tempdoc.drv
c:\documents and settings\deb\Recent\tempdoc.exe
c:\documents and settings\deb\Recent\Thumbs.db
c:\documents and settings\deb\Recent\tjd.drv
c:\documents and settings\deb\Recent\tjd.sys
c:\documents and settings\deb\Recent\tjd.tmp
c:\documents and settings\deb\WINDOWS
c:\documents and settings\joslyn\Local Settings\Application Data.LOG
c:\documents and settings\LocalService\Local Settings\Application Data.LOG
c:\documents and settings\NetworkService\Local Settings\Application Data.LOG
c:\documents and settings\shara\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences
C:\reg.reg
c:\windows\~GLC0000.TMP
c:\windows\~GLH0000.TMP
c:\windows\~GLH0001.TMP
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\13a5d7c0e0a02dd2.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\22dbdeea9696a76e.fb
c:\windows\system32\Cache\2963c744966329d9.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\c4e10d1be905349b.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\efa05cfa26aff80f.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\Cache\f8e7ae33123e79f4.fb
c:\windows\system32\SET429.tmp
c:\windows\system32\SET431.tmp
c:\windows\system32\ST~253.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-22 to 2013-09-22  )))))))))))))))))))))))))))))))
.
.
2013-09-20 18:03 . 2013-09-20 18:03    --------    d-----w-    c:\documents and settings\deb\Application Data\AVG2013
2013-09-20 18:01 . 2013-09-20 18:01    --------    d-----w-    c:\documents and settings\deb\Application Data\TuneUp Software
2013-09-20 18:00 . 2013-09-20 18:00    --------    d-----w-    C:\$AVG
2013-09-20 18:00 . 2013-09-20 18:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG2013
2013-09-20 17:59 . 2013-09-20 17:59    --------    d-----w-    c:\program files\AVG
2013-09-20 17:58 . 2013-09-20 17:58    --------    d-----w-    c:\documents and settings\All Users\Application Data\CDB
2013-09-20 17:57 . 2013-09-20 17:57    --------    d-----w-    c:\program files\Reimage
2013-09-20 17:57 . 2013-09-20 17:59    --------    d-----w-    C:\rei
2013-09-20 17:57 . 2013-09-22 10:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\MFAData
2013-09-20 17:57 . 2013-09-20 19:09    --------    d-----w-    c:\documents and settings\deb\Local Settings\Application Data\Avg2013
2013-09-20 17:57 . 2013-09-20 17:57    --------    d-----w-    c:\documents and settings\deb\Local Settings\Application Data\MFAData
2013-09-20 17:56 . 2013-09-20 17:56    --------    d-----w-    c:\documents and settings\deb\Local Settings\Application Data\AVG SafeGuard toolbar
2013-09-20 17:54 . 2013-09-20 17:54    --------    d-----w-    c:\documents and settings\deb\Application Data\AVG SafeGuard toolbar
2013-09-20 17:54 . 2013-09-22 09:23    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-09-20 17:54 . 2013-09-20 17:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-09-20 17:54 . 2013-09-20 17:54    --------    d-----w-    c:\program files\Common Files\AVG Secure Search
2013-09-20 17:54 . 2013-09-22 09:23    --------    d-----w-    c:\program files\AVG SafeGuard toolbar
2013-09-20 13:50 . 2013-09-20 17:49    --------    d-----w-    C:\AdwCleaner
2013-09-19 23:46 . 2013-09-19 23:46    --------    d--h--w-    c:\windows\PIF
2013-09-18 02:50 . 2013-09-18 02:50    --------    d-----w-    c:\documents and settings\joslyn\Local Settings\Application Data\Axialis
2013-09-18 02:12 . 2013-09-18 02:12    --------    d-----w-    c:\documents and settings\mine
2013-09-10 06:34 . 2013-09-10 06:34    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 14:04 . 2013-09-05 14:04    209272    ----a-w-    c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04    209272    ----a-w-    c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-05 06:43 . 2013-09-05 06:43    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-08-30 23:17 . 2013-08-30 23:17    --------    d-----w-    c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 12:41 . 2012-12-22 13:17    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-11 12:41 . 2011-12-07 01:24    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2004-08-11 22:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 01:27 . 2004-08-11 22:00    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-05 13:30 . 2004-08-11 22:00    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 02:47    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-08-01 04:17 . 2004-08-11 22:00    668672    ----a-w-    c:\windows\system32\wininet.dll
2013-08-01 04:17 . 2004-08-11 22:00    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-08-01 04:17 . 2012-10-18 15:04    81920    ----a-w-    c:\windows\system32\ieencode.dll
2013-08-01 01:01 . 2004-08-11 22:00    369664    ----a-w-    c:\windows\system32\html.iec
2013-07-20 06:51 . 2013-07-20 06:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50 . 2013-07-20 06:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50 . 2013-07-20 06:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50 . 2013-07-20 06:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2004-08-11 22:00    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2004-08-11 22:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-04 03:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-07-01 06:45 . 2013-07-01 06:45    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-11-08 18:24 . 2013-08-22 13:27    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-09-22 09:23    3122864    ----a-w-    c:\program files\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll" [2013-09-22 3122864]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"NTServiceManager"="c:\program files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe" [2011-07-01 436224]
"ALconnect"="c:\documents and settings\deb\Application Data\DirectLife\ALconnect\ALconnect.exe" [2013-08-29 715880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-10-31 296096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-09-22 2314416]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-24 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [7/20/2013 1:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [7/20/2013 1:51 AM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/5/2013 1:43 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [7/20/2013 1:50 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 1:34 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/20/2013 1:50 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 3:08 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/20/2013 12:54 PM 37664]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [10/6/2008 6:13 PM 6144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/10/2012 8:17 AM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/22/2010 9:40 PM 701512]
R2 ReimageRealTimeProtection;Reimage Real Time Protection;c:\program files\Reimage\Reimage Repair\ReiGuard.exe [9/15/2013 5:19 AM 3495784]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [9/22/2013 4:23 AM 1643184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/22/2010 9:40 PM 22856]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe --> c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 9:53 AM 162408]
S3 cpuz134;cpuz134;\??\c:\docume~1\deb\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\deb\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;\??\c:\docume~1\deb\LOCALS~1\Temp\_D5DC.tmp\FoxAwdWINFLASH.sys --> c:\docume~1\deb\LOCALS~1\Temp\_D5DC.tmp\FoxAwdWINFLASH.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - VTOOLBARUPDATER15.5.0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
HPService    REG_MULTI_SZ       HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-18 22:18    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-22 12:41]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-31 01:43]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-31 01:43]
.
2013-09-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2478960191-3616728088-2335036081-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-09-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2478960191-3616728088-2335036081-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2478960191-3616728088-2335036081-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2478960191-3616728088-2335036081-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-09-19 c:\windows\Tasks\ReclaimerUpdateFiles_deb.job
- c:\documents and settings\deb\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 13:02]
.
2013-09-20 c:\windows\Tasks\ReclaimerUpdateXML_deb.job
- c:\documents and settings\deb\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 13:02]
.
2013-09-20 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2013-09-15 10:16]
.
2013-09-22 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_deb.job
- c:\documents and settings\deb\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 13:02]
.
.
------- Supplementary Scan -------
.



IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\joslyn\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\deb\Application Data\Mozilla\Firefox\Profiles\u8w2ujv7.default-1377172185593\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net


FF - ExtSQL: 2013-09-20 12:54; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
HKCU-Run-ComcastAntispyClient - c:\program files\comcasttb\ComcastSpywareScan\ComcastAntispy.exe
HKCU-Run-KGShareApp - c:\program files\Kodak\KODAK Share Button App\KGShare_App.exe
c:\documents and settings\joslyn\Start Menu\Programs\Startup\IMVU.lnk - c:\documents and settings\deb\Application Data\IMVUClient\IMVUQualityAgent.exe "--startup"
c:\documents and settings\shara\Start Menu\Programs\Startup\LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe -startup
c:\documents and settings\deb\Start Menu\Programs\Startup\ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe
AddRemove-comcasttb - c:\program files\comcasttb\uninstall.exe
AddRemove-RealPlayer 15.0 - c:\program files\real\realplayer\Update\r1puninst.exe
AddRemove-DSite - c:\docume~1\deb\APPLIC~1\DSite\UpdateProc\UpdateTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-22 08:30
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Messenger (Yahoo!) = "c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet?r
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-09-22  08:32:21
ComboFix-quarantined-files.txt  2013-09-22 13:32
.
Pre-Run: 200,516,620,288 bytes free
Post-Run: 204,388,827,136 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 4C8EF2663248265B5A6FB59CA3DE8538
5CB90281D1A59B251F6603134774EEC3
 

Link to post
Share on other sites

Hello Debili

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::Folder::c:\program files\ReimageDriver::ReimageRealTimeProtection FoxAwdWINFLASH 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

CFScriptB-4.gif

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
Link to post
Share on other sites

Ok Gringo I dont know...I tried and tried to drag and drop it it would not do it...

it did run comfix again I will paste report for you

but I am sure I did not do what you asked in last post

I am sorry I dont know what to do...

:wacko: Deb

 

ComboFix 13-09-22.01 - deb 09/22/2013  14:05:49.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1013.318 [GMT -5:00]
Running from: c:\documents and settings\deb\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-22 to 2013-09-22  )))))))))))))))))))))))))))))))
.
.
2013-09-20 18:03 . 2013-09-20 18:03    --------    d-----w-    c:\documents and settings\deb\Application Data\AVG2013
2013-09-20 18:01 . 2013-09-20 18:01    --------    d-----w-    c:\documents and settings\deb\Application Data\TuneUp Software
2013-09-20 18:00 . 2013-09-20 18:00    --------    d-----w-    C:\$AVG
2013-09-20 18:00 . 2013-09-20 18:02    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG2013
2013-09-20 17:59 . 2013-09-20 17:59    --------    d-----w-    c:\program files\AVG
2013-09-20 17:58 . 2013-09-20 17:58    --------    d-----w-    c:\documents and settings\All Users\Application Data\CDB
2013-09-20 17:57 . 2013-09-20 17:57    --------    d-----w-    c:\program files\Reimage
2013-09-20 17:57 . 2013-09-20 17:59    --------    d-----w-    C:\rei
2013-09-20 17:57 . 2013-09-22 10:00    --------    d-----w-    c:\documents and settings\All Users\Application Data\MFAData
2013-09-20 17:57 . 2013-09-20 19:09    --------    d-----w-    c:\documents and settings\deb\Local Settings\Application Data\Avg2013
2013-09-20 17:57 . 2013-09-20 17:57    --------    d-----w-    c:\documents and settings\deb\Local Settings\Application Data\MFAData
2013-09-20 17:56 . 2013-09-20 17:56    --------    d-----w-    c:\documents and settings\deb\Local Settings\Application Data\AVG SafeGuard toolbar
2013-09-20 17:54 . 2013-09-20 17:54    --------    d-----w-    c:\documents and settings\deb\Application Data\AVG SafeGuard toolbar
2013-09-20 17:54 . 2013-09-22 09:23    37664    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2013-09-20 17:54 . 2013-09-20 17:54    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar
2013-09-20 17:54 . 2013-09-20 17:54    --------    d-----w-    c:\program files\Common Files\AVG Secure Search
2013-09-20 17:54 . 2013-09-22 09:23    --------    d-----w-    c:\program files\AVG SafeGuard toolbar
2013-09-20 13:50 . 2013-09-20 17:49    --------    d-----w-    C:\AdwCleaner
2013-09-19 23:46 . 2013-09-19 23:46    --------    d--h--w-    c:\windows\PIF
2013-09-18 02:50 . 2013-09-18 02:50    --------    d-----w-    c:\documents and settings\joslyn\Local Settings\Application Data\Axialis
2013-09-18 02:12 . 2013-09-18 02:12    --------    d-----w-    c:\documents and settings\mine
2013-09-10 06:34 . 2013-09-10 06:34    22328    ----a-w-    c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 14:04 . 2013-09-05 14:04    209272    ----a-w-    c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-05 14:04 . 2013-09-05 14:04    209272    ----a-w-    c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2013-09-05 06:43 . 2013-09-05 06:43    39224    ----a-w-    c:\windows\system32\drivers\avgrkx86.sys
2013-08-30 23:17 . 2013-08-30 23:17    --------    d-----w-    c:\program files\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-11 12:41 . 2012-12-22 13:17    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-09-11 12:41 . 2011-12-07 01:24    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-09 01:56 . 2004-08-11 22:00    386560    ----a-w-    c:\windows\system32\themeui.dll
2013-08-08 01:27 . 2004-08-11 22:00    1877760    ----a-w-    c:\windows\system32\win32k.sys
2013-08-05 13:30 . 2004-08-11 22:00    1289728    ----a-w-    c:\windows\system32\ole32.dll
2013-08-03 19:18 . 2006-10-19 02:47    1543680    ------w-    c:\windows\system32\wmvdecod.dll
2013-08-01 04:17 . 2004-08-11 22:00    668672    ----a-w-    c:\windows\system32\wininet.dll
2013-08-01 04:17 . 2004-08-11 22:00    61952    ----a-w-    c:\windows\system32\tdc.ocx
2013-08-01 04:17 . 2012-10-18 15:04    81920    ----a-w-    c:\windows\system32\ieencode.dll
2013-08-01 01:01 . 2004-08-11 22:00    369664    ----a-w-    c:\windows\system32\html.iec
2013-07-20 06:51 . 2013-07-20 06:51    246072    ----a-w-    c:\windows\system32\drivers\avglogx.sys
2013-07-20 06:50 . 2013-07-20 06:50    60216    ----a-w-    c:\windows\system32\drivers\avgidshx.sys
2013-07-20 06:50 . 2013-07-20 06:50    208184    ----a-w-    c:\windows\system32\drivers\avgidsdriverx.sys
2013-07-20 06:50 . 2013-07-20 06:50    171320    ----a-w-    c:\windows\system32\drivers\avgldx86.sys
2013-07-10 10:37 . 2004-08-11 22:00    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2004-08-11 22:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2004-08-04 03:59    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-07-01 06:45 . 2013-07-01 06:45    96568    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2009-11-08 18:24 . 2013-08-22 13:27    119808    ----a-w-    c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-09-22 09:23    3122864    ----a-w-    c:\program files\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll" [2013-09-22 3122864]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG SafeGuard toolbar.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-02-17 5244216]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"NTServiceManager"="c:\program files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe" [2011-07-01 436224]
"ALconnect"="c:\documents and settings\deb\Application Data\DirectLife\ALconnect\ALconnect.exe" [2013-08-29 715880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-17 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-07-17 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-07-17 138008]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-17 16132608]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-03-11 202544]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-10-31 296096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"vProt"="c:\program files\AVG SafeGuard toolbar\vprot.exe" [2013-09-22 2314416]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-6-24 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [7/20/2013 1:50 AM 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [7/20/2013 1:51 AM 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/5/2013 1:43 AM 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [7/20/2013 1:50 AM 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [9/10/2013 1:34 AM 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/20/2013 1:50 AM 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [3/21/2013 3:08 AM 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [9/20/2013 12:54 PM 37664]
R1 crlscsi;crlscsi;c:\windows\system32\drivers\crlscsi.sys [10/6/2008 6:13 PM 6144]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [7/23/2013 7:09 PM 283136]
R2 dldf_device;dldf_device;c:\windows\system32\dldfcoms.exe -service --> c:\windows\system32\dldfcoms.exe -service [?]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [10/10/2012 8:17 AM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/22/2010 9:40 PM 701512]
R2 ReimageRealTimeProtection;Reimage Real Time Protection;c:\program files\Reimage\Reimage Repair\ReiGuard.exe [9/15/2013 5:19 AM 3495784]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [9/22/2013 4:23 AM 1643184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/22/2010 9:40 PM 22856]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe --> c:\program files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [7/4/2013 3:53 PM 4939312]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/21/2013 9:53 AM 162408]
S3 cpuz134;cpuz134;\??\c:\docume~1\deb\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\deb\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 FoxAwdWINFLASH;FoxAwdWINFLASH;\??\c:\docume~1\deb\LOCALS~1\Temp\_D5DC.tmp\FoxAwdWINFLASH.sys --> c:\docume~1\deb\LOCALS~1\Temp\_D5DC.tmp\FoxAwdWINFLASH.sys [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12    REG_MULTI_SZ       Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt    REG_MULTI_SZ       hpqcxs08 hpqddsvc
HPService    REG_MULTI_SZ       HPSLPSVC
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-18 22:18    1177552    ----a-w-    c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-22 12:41]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-31 01:43]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-31 01:43]
.
2013-09-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2478960191-3616728088-2335036081-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-09-22 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2478960191-3616728088-2335036081-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-09-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2478960191-3616728088-2335036081-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-09-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2478960191-3616728088-2335036081-1006.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 19:27]
.
2013-09-22 c:\windows\Tasks\ReclaimerUpdateFiles_deb.job
- c:\documents and settings\deb\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 13:02]
.
2013-09-22 c:\windows\Tasks\ReclaimerUpdateXML_deb.job
- c:\documents and settings\deb\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 13:02]
.
2013-09-20 c:\windows\Tasks\Reimage Reminder.job
- c:\program files\Reimage\Reimage Repair\ReimageReminder.exe [2013-09-15 10:16]
.
2013-09-22 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_deb.job
- c:\documents and settings\deb\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.60\agent\rnupgagent.exe [2013-09-04 13:02]
.
.
------- Supplementary Scan -------
.



IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\joslyn\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\deb\Application Data\Mozilla\Firefox\Profiles\u8w2ujv7.default-1377172185593\
FF - prefs.js: browser.search.selectedEngine - GoogleFeed.net


FF - ExtSQL: 2013-09-20 12:54; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-22 14:16
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Messenger (Yahoo!) = "c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet?r
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(336)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-09-22  14:17:31
ComboFix-quarantined-files.txt  2013-09-22 19:17
ComboFix2.txt  2013-09-22 13:32
.
Pre-Run: 204,372,004,864 bytes free
Post-Run: 204,358,217,728 bytes free
.
- - End Of File - - 5896AE7B0663610D4D2D5216D9D4E2DD
5CB90281D1A59B251F6603134774EEC3
 

Link to post
Share on other sites

Hello Debili

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
Link to post
Share on other sites

Good Morning Gringo....

I also need to tell you one other thing that I do not know if you see

when I reboot my system it does not boot up normal

and I have to press F1 to get it to boot up.

This is something that has been going on a lojng time that I do not know how to fix.

I dont know if it matters or not

ok here is the file:

 

OTL logfile created on: 9/23/2013 6:09:54 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\deb\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1013.10 Mb Total Physical Memory | 505.40 Mb Available Physical Memory | 49.89% Memory free
2.38 Gb Paging File | 1.78 Gb Available in Paging File | 74.60% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.47 Gb Total Space | 190.26 Gb Free Space | 82.91% Space Free | Partition Type: NTFS
 
Computer Name: DEBSPUTER | User Name: deb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\deb\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe ()
PRC - C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe (Reimage®)
PRC - C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe ()
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\system32\dldfcoms.exe ( )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\log4cplusU.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\SiteSafety.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_dbba2568\mscorlib.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_a114faf1\system.xml.dll ()
MOD - c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_740ced21\system.dll ()
MOD - c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll ()
MOD - C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe ()
MOD - C:\Program Files\Yahoo!\Messenger\yui.dll ()
MOD - C:\WINDOWS\system32\spool\prtprocs\w32x86\dldfdrpp.dll ()
MOD - c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AntiSpywareService) -- C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe File not found
SRV - (vToolbarUpdater15.5.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe (AVG Secure Search)
SRV - (ReimageRealTimeProtection) -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe (Reimage®)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (sprtsvc_dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (dldf_device) -- C:\WINDOWS\system32\dldfcoms.exe ( )
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (lbrtfdc) --  File not found
DRV - (FoxAwdWINFLASH) -- C:\DOCUME~1\deb\LOCALS~1\Temp\_D5DC.tmp\FoxAwdWINFLASH.sys File not found
DRV - (cpuz134) -- C:\DOCUME~1\deb\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\DOCUME~1\deb\LOCALS~1\Temp\catchme.sys File not found
DRV - (avgtp) -- C:\WINDOWS\system32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (IntcAzAudAddService) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SQTECH905C) -- C:\WINDOWS\system32\drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (crlscsi) -- C:\WINDOWS\System32\drivers\crlscsi.sys (Corel Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
 
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\..\SearchScopes,DefaultScope = {AB79D3B4-AEDB-428a-B504-BAC00521A1C7}
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\..\SearchScopes\{5D437BC9-7C05-48ED-9AF9-415E36420BD6}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebsearch.net/index.php?from=4&q={searchTerms}
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value found
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=LMW2&o=&src=crm&q={searchTerms}&locale=
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=7WYjYU88qYGbP8P1SUxmvRhYt1g?q={searchTerms}
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{88868DB0-F684-43A2-9EB9-CD8BADFE28B1}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value found
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value found
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\SearchScopes,DefaultScope = {E4D26AE5-0A7C-48D0-B068-A1634527CFE4}
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=bmUTxHEFqGg6cBdYRuMwOCmz0PY?q={searchTerms}
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\SearchScopes\{C6DEA9EE-25F2-4155-8046-8FF0F4C8F6EC}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\SearchScopes\{E4D26AE5-0A7C-48D0-B068-A1634527CFE4}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-500\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "google-feed.net"
FF - prefs.js..browser.search.selectedEngine: "GoogleFeed.net"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.smartwebsearch.net/index.php?from=3"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://smartwebsearch.net/results.php?q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\deb\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\deb\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/30 21:01:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2 [2013/09/22 04:25:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/22 08:27:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/20 12:49:24 | 000,000,000 | ---D | M]
 
[2012/07/11 06:42:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deb\Application Data\Mozilla\Extensions
[2009/09/25 16:33:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deb\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/02/01 14:44:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deb\Application Data\Mozilla\Extensions\uploadr@flickr.com
[2013/09/17 17:11:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\deb\Application Data\Mozilla\Firefox\Profiles\u8w2ujv7.default-1377172185593\extensions
[2013/09/22 14:29:40 | 000,002,126 | ---- | M] () -- C:\Documents and Settings\deb\Application Data\Mozilla\Firefox\Profiles\u8w2ujv7.default-1377172185593\searchplugins\GoogleFeed.xml
[2013/08/22 08:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/08/22 08:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{8545daff-ad1e-493f-a37e-eed1ac79682b}
[2013/08/22 08:27:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/22 08:27:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/10/30 21:01:26 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2013/08/16 07:41:22 | 000,003,725 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\safeguard-secure-search.xml
CHR - Extension: No name found = C:\Documents and Settings\deb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: No name found = C:\Documents and Settings\deb\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
 
O1 HOSTS File: ([2013/09/22 08:30:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\15.5.0.2\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.
O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005..\Run: [ALconnect] C:\Documents and Settings\deb\Application Data\DirectLife\ALconnect\ALconnect.exe (Koninklijke Philips Electronics N.V.)
O4 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005..\Run: [NTServiceManager] C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe ()
O4 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006..\Run: [ALconnect] C:\Documents and Settings\shara\Application Data\DirectLife\ALconnect\ALconnect.exe (Koninklijke Philips Electronics N.V.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1008\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2478960191-3616728088-2335036081-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\joslyn\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O15 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB697A2C-6298-4912-B730-BAFC1F1FCB4F}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\deb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\deb\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/22 08:15:51 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013/09/22 08:12:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/09/22 08:12:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/09/22 08:12:40 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/09/22 08:12:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/09/22 08:12:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/09/22 08:12:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/09/20 13:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deb\Application Data\AVG2013
[2013/09/20 13:01:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2013/09/20 13:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deb\Application Data\TuneUp Software
[2013/09/20 13:00:24 | 000,000,000 | ---D | C] -- C:\$AVG
[2013/09/20 13:00:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2013/09/20 12:59:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2013/09/20 12:58:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CDB
[2013/09/20 12:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair
[2013/09/20 12:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage
[2013/09/20 12:57:42 | 000,000,000 | ---D | C] -- C:\rei
[2013/09/20 12:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deb\Local Settings\Application Data\MFAData
[2013/09/20 12:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2013/09/20 12:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deb\Local Settings\Application Data\Avg2013
[2013/09/20 12:56:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deb\Local Settings\Application Data\AVG SafeGuard toolbar
[2013/09/20 12:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deb\Application Data\AVG SafeGuard toolbar
[2013/09/20 12:54:23 | 000,037,664 | ---- | C] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/09/20 12:54:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG SafeGuard toolbar
[2013/09/20 12:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/09/20 12:54:17 | 000,000,000 | ---D | C] -- C:\Program Files\AVG SafeGuard toolbar
[2013/09/20 08:50:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/09/20 08:48:45 | 000,761,160 | ---- | C] (Reimage®) -- C:\Documents and Settings\deb\Desktop\ReimageRepair.exe
[2013/09/19 19:05:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2013/09/19 18:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deb\Desktop\Malwarebytes  Online Store_files
[2013/09/19 18:54:43 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\deb\Desktop\dds.com
[2013/09/19 18:54:26 | 000,688,992 | R--- | C] (Swearware) -- C:\Documents and Settings\deb\Desktop\dds.scr
[2013/09/19 18:46:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2013/09/19 18:03:22 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\deb\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/17 16:00:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2013/09/17 16:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2013/09/16 17:29:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2013/09/16 08:18:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\deb\Application Data\Google
[2013/09/10 01:34:48 | 000,022,328 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/05 01:43:42 | 000,039,224 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/08/30 18:17:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/08/30 18:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/23 06:07:36 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\Shortcut to OTL.lnk
[2013/09/22 20:41:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/22 20:18:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/22 13:59:47 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2478960191-3616728088-2335036081-1005.job
[2013/09/22 13:59:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/22 13:59:34 | 000,000,404 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_deb.job
[2013/09/22 13:59:34 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2478960191-3616728088-2335036081-1005.job
[2013/09/22 13:58:53 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/22 13:58:53 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2478960191-3616728088-2335036081-1006.job
[2013/09/22 13:58:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/22 13:58:45 | 1062,387,712 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/22 13:50:33 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\Shortcut to ComboFix.lnk
[2013/09/22 11:20:02 | 000,000,394 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_deb.job
[2013/09/22 10:53:10 | 000,002,549 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\CorelDRAW X4.lnk
[2013/09/22 10:50:47 | 000,002,559 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\Corel PHOTO-PAINT X4.lnk
[2013/09/22 10:19:02 | 000,000,398 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_deb.job
[2013/09/22 08:44:36 | 000,382,022 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/22 08:44:36 | 000,053,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/22 08:30:17 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/09/22 08:15:56 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/09/22 04:25:51 | 000,003,725 | ---- | M] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/22 04:23:40 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[2013/09/20 13:01:47 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/09/20 12:59:04 | 000,000,162 | ---- | M] () -- C:\WINDOWS\Reimage.ini
[2013/09/20 12:58:54 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/09/20 12:57:49 | 000,001,749 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2013/09/20 08:48:46 | 000,761,160 | ---- | M] (Reimage®) -- C:\Documents and Settings\deb\Desktop\ReimageRepair.exe
[2013/09/20 08:47:29 | 001,039,554 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\AdwCleaner.exe
[2013/09/19 18:59:31 | 000,018,776 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\Malwarebytes  Online Store.htm
[2013/09/19 18:54:43 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\deb\Desktop\dds.com
[2013/09/19 18:54:27 | 000,688,992 | R--- | M] (Swearware) -- C:\Documents and Settings\deb\Desktop\dds.scr
[2013/09/19 18:04:12 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\deb\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/09/19 18:04:12 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/19 18:03:22 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Documents and Settings\deb\Desktop\mbam-setup-1.75.0.1300.exe
[2013/09/19 12:13:37 | 000,155,526 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\Shara and Brandi.jpg
[2013/09/18 17:24:13 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/09/17 19:14:29 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2478960191-3616728088-2335036081-1006.job
[2013/09/16 16:00:06 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\deb\Application Data\WB.CFG
[2013/09/16 16:00:06 | 000,000,005 | ---- | M] () -- C:\Documents and Settings\deb\Application Data\WBPU-TTL.DAT
[2013/09/14 06:30:44 | 000,843,300 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\Graphic1.cdr
[2013/09/14 05:40:55 | 001,072,122 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\Backup_of_Graphic1.cdr
[2013/09/13 06:23:04 | 002,068,616 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/13 03:05:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/11 07:41:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/11 07:41:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/11 06:57:44 | 000,030,283 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\yorkie.jpg
[2013/09/10 01:34:48 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys
[2013/09/10 00:45:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/09/09 13:06:53 | 000,068,563 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\il_570xN.248260983.jpg
[2013/09/07 08:12:31 | 000,026,028 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\Grumpy_l_tnb.png
[2013/09/05 12:53:00 | 001,674,305 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\workfile9-5.cdr
[2013/09/05 01:43:42 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2013/08/31 07:04:59 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2013/08/30 17:53:37 | 000,490,652 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\wicked sky.jpg
[2013/08/28 19:28:21 | 000,160,613 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\582102_379892378742938_916156889_n.jpg
[2013/08/28 06:18:58 | 000,012,202 | ---- | M] () -- C:\Documents and Settings\deb\Application Data\wklnhst.dat
[2013/08/28 06:18:45 | 000,017,408 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\meal plan.xlr
[2013/08/27 09:13:04 | 000,083,766 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\il_570xN.414770079_i8zx.jpg
[2013/08/27 09:07:46 | 000,040,083 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\il_570xN.228960258.jpg
[2013/08/27 08:56:13 | 000,050,149 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\il_570xN.437497826_6drk.jpg
[2013/08/27 08:41:10 | 000,101,128 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\il_570xN.375304385_gjxv.jpg
[2013/08/27 08:32:28 | 000,116,731 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\il_570xN.256426562.jpg
[2013/08/27 08:25:10 | 000,037,506 | ---- | M] () -- C:\Documents and Settings\deb\Desktop\il_fullxfull.481249952_qgwi.jpg
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/23 06:07:36 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\Shortcut to OTL.lnk
[2013/09/22 13:50:33 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\Shortcut to ComboFix.lnk
[2013/09/22 08:15:56 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2013/09/22 08:15:52 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2013/09/22 08:12:40 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/09/22 08:12:40 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/09/22 08:12:40 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/09/22 08:12:40 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/09/22 08:12:40 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/09/20 13:01:47 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2013/09/20 12:58:53 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job
[2013/09/20 12:57:49 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk
[2013/09/20 12:54:15 | 000,003,725 | ---- | C] () -- C:\Program Files\Mozilla Firefoxsafeguard-secure-search.xml
[2013/09/20 12:52:57 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini
[2013/09/20 08:47:29 | 001,039,554 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\AdwCleaner.exe
[2013/09/19 18:59:29 | 000,018,776 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\Malwarebytes  Online Store.htm
[2013/09/19 12:13:34 | 000,155,526 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\Shara and Brandi.jpg
[2013/09/14 06:30:43 | 001,072,122 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\Backup_of_Graphic1.cdr
[2013/09/14 05:40:53 | 000,843,300 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\Graphic1.cdr
[2013/09/11 06:57:43 | 000,030,283 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\yorkie.jpg
[2013/09/09 13:06:52 | 000,068,563 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\il_570xN.248260983.jpg
[2013/09/07 08:12:28 | 000,026,028 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\Grumpy_l_tnb.png
[2013/09/05 12:52:59 | 001,674,305 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\workfile9-5.cdr
[2013/09/04 11:03:01 | 000,000,404 | ---- | C] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_deb.job
[2013/09/04 11:03:00 | 000,000,398 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_deb.job
[2013/09/04 11:03:00 | 000,000,394 | ---- | C] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_deb.job
[2013/08/30 17:53:29 | 000,490,652 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\wicked sky.jpg
[2013/08/28 19:28:18 | 000,160,613 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\582102_379892378742938_916156889_n.jpg
[2013/08/28 06:18:45 | 000,017,408 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\meal plan.xlr
[2013/08/27 09:13:04 | 000,083,766 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\il_570xN.414770079_i8zx.jpg
[2013/08/27 09:07:42 | 000,040,083 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\il_570xN.228960258.jpg
[2013/08/27 08:56:12 | 000,050,149 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\il_570xN.437497826_6drk.jpg
[2013/08/27 08:41:09 | 000,101,128 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\il_570xN.375304385_gjxv.jpg
[2013/08/27 08:32:23 | 000,116,731 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\il_570xN.256426562.jpg
[2013/08/27 08:25:09 | 000,037,506 | ---- | C] () -- C:\Documents and Settings\deb\Desktop\il_fullxfull.481249952_qgwi.jpg
[2013/08/04 16:01:18 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\deb\Application Data\WB.CFG
[2013/07/27 16:00:02 | 000,000,106 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/06/17 16:00:19 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\deb\Application Data\WBPU-TTL.DAT
[2013/06/15 16:00:14 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2012/05/27 06:11:09 | 000,118,895 | ---- | C] () -- C:\WINDOWS\hpoins30.dat
[2012/05/27 06:11:09 | 000,000,449 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat
[2012/04/05 20:04:19 | 000,000,537 | ---- | C] () -- C:\WINDOWS\PenPresenter.INI
[2012/02/14 18:16:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/10/21 21:37:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\asr32311.dll
[2011/10/21 21:14:05 | 000,081,920 | ---- | C] () -- C:\WINDOWS\asr32311.dll
[2011/10/21 21:14:05 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2011/05/21 17:22:06 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\deb\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/21 17:17:02 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2008/10/03 09:05:10 | 000,012,202 | ---- | C] () -- C:\Documents and Settings\deb\Application Data\wklnhst.dat
[2008/10/01 08:11:52 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\deb\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2004/08/11 17:21:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/07/31 23:17:51 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
 

Link to post
Share on other sites

Hello Debili

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.

    :OTLIE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\..\URLSearchHook:  - No CLSID value foundIE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - No CLSID value foundIE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value foundIE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - No CLSID value foundIE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - No CLSID value foundFF - user.js - File not foundO3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - No CLSID value found.O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.O3 - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not foundO9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\joslyn\Start Menu\Programs\IMVU\Run IMVU.lnk File not foundO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)[2013/09/20 12:58:53 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\Reimage Reminder.job[2013/09/20 12:57:49 | 000,001,749 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk[2013/09/20 12:52:57 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Reimage.ini[2013/09/20 08:48:46 | 000,761,160 | ---- | M] (Reimage®) -- C:\Documents and Settings\deb\Desktop\ReimageRepair.exePRC - C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe (Reimage®)SRV - (ReimageRealTimeProtection) -- C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe (Reimage®)IE - HKU\S-1-5-19\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...101881&l=dis&q={SEARCHTERMS}IE - HKU\S-1-5-20\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...101881&l=dis&q={SEARCHTERMS}IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebs...ndex.php?from=3IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.smartwebs...x.php?from=4&q={searchTerms}IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...2&o=&src=crm&q={searchTerms}&locale=IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...1SUxmvRhYt1g?q={searchTerms}IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1006\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...101881&l=dis&q={SEARCHTERMS}IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...YRuMwOCmz0PY?q={searchTerms}IE - HKU\S-1-5-21-2478960191-3616728088-2335036081-1007\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...101881&l=dis&q={SEARCHTERMS}[2013/09/20 12:57:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair[2013/09/20 12:57:44 | 000,000,000 | ---D | C] -- C:\Program Files\Reimage:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Let me know How things are doing

Gringo

Link to post
Share on other sites

Ok Gringo here you go

 

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1005\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}\ not found.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61539ECD-CC67-4437-A03C-9AACCBD14326} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61539ECD-CC67-4437-A03C-9AACCBD14326}\ not found.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\tasks\Reimage Reminder.job moved successfully.
C:\Documents and Settings\All Users\Desktop\PC Scan & Repair by Reimage.lnk moved successfully.
C:\WINDOWS\Reimage.ini moved successfully.
C:\Documents and Settings\deb\Desktop\ReimageRepair.exe moved successfully.
Process ReiGuard.exe killed successfully!
Service ReimageRealTimeProtection stopped successfully!
Service ReimageRealTimeProtection deleted successfully!
C:\Program Files\Reimage\Reimage Repair\ReiGuard.exe moved successfully.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
HKU\S-1-5-21-2478960191-3616728088-2335036081-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1005\Software\Microsoft\Internet Explorer\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}\ not found.
Registry key HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1006\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Registry key HKEY_USERS\S-1-5-21-2478960191-3616728088-2335036081-1007\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Reimage Repair folder moved successfully.
C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files\Reimage\Reimage Repair folder moved successfully.
C:\Program Files\Reimage folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\deb\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\deb\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: Administrator
 
User: All Users
 
User: deb
->Java cache emptied: 21894496 bytes
 
User: Default User
 
User: joslyn
->Java cache emptied: 5792079 bytes
 
User: LocalService
 
User: mine
 
User: NetworkService
 
User: shara
->Java cache emptied: 194255 bytes
 
Total Java Files Cleaned = 27.00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: deb
->Flash cache emptied: 3105581 bytes
 
User: Default User
 
User: joslyn
->Flash cache emptied: 10540 bytes
 
User: LocalService
 
User: mine
 
User: NetworkService
->Flash cache emptied: 492 bytes
 
User: shara
->Flash cache emptied: 118877 bytes
 
Total Flash Files Cleaned = 3.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09242013_055240
 

Link to post
Share on other sites

Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner

    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see that you have MBAM installed - That is great!! and at this time I would like you to update it and run me a quick scan

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
Link to post
Share on other sites

Ok Gringo,

i ran these last three things I have not been on since running so hard to say how it is doing and I have to run out again

only home long enough to do this and hten leave again.

I will be back on later this eve and then I can let you know how it is running.

Nothing found in any of those cleans....NO PROBLEMS

 

***** one thing I need to know am I to disable MWB each and evrytime I run a clean or scan that you give me

 

MWB is blocking outgoing and incoming malacious website and it seems to be the same number over and over do you need to know that?

 

 

here are the logs:

I will check in later thank you! :P

 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.24.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
deb :: DEBSPUTER [administrator]

Protection: Enabled

9/24/2013 5:11:59 PM
mbam-log-2013-09-24 (17-11-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 285475
Time elapsed: 6 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:20:58 PM, on 9/24/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\dldfcoms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
C:\Documents and Settings\deb\Application Data\DirectLife\ALconnect\ALconnect.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ssstars.scr
C:\Documents and Settings\deb\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smartwebsearch.net/index.php?from=3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5080624
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [NTServiceManager] C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe
O4 - HKCU\..\Run: [ALconnect] C:\Documents and Settings\deb\Application Data\DirectLife\ALconnect\ALconnect.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe (file missing)
O23 - Service: dldf_device -   - C:\WINDOWS\system32\dldfcoms.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: vToolbarUpdater15.5.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 7336 bytes

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

Link to post
Share on other sites

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional

These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):
    • O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

      O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter

      O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"

      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

      O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot

      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

      O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet

      O4 - HKCU\..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe

      O4 - HKCU\..\Run: [NTServiceManager] C:\Program Files\YoutubeDownloader.org\YoutubeDownloader\YoutubeDownloader Updater.exe

      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    • NOTE**You can research each of those lines >here< and see if you want to keep them or not

      just copy the name between the brackets and paste into the search space

      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
Link to post
Share on other sites

Gringo I do not have IE on my system...do I need to download it to run this last scan?

I have Chrome can I use that instead?

I am going to go ahead and run the hijack one for startup entries....

It does seem faster already

I hope to hear from you about IE

thanks so much

Deb

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.