Jump to content

Suspected Infection - XP Laptop sluggish

Gordon13

By Gordon13
in Resolved Malware Removal Logs

 Share

Recommended Posts

Gordon13

Gordon13

Posted
Posted

Hi,

 

I suspect that I have an infection of some sort.  Last night my lap to took ages to switch on.  Then wehen I clicked on my user icon it took ages for the desktop to appear.  Then when using IE8 it seemed sluggish.  A page would be displayed but it would be several seconds before I could use the scroll bar.

I checked Task Manager and nothing was hogging CPU.

 

I have run a full MBAM scan and nothing was found.

I have run a full Free AVG scan and nothing was found.

I downloaded MS Malicious Sofrware Removal tool and ran a full scan.  This found 1 virus which it removed.

I then ran ESET online virus checker.  This found and removed 1 virus.

If anyone knows where the log files are located I will be able to let you know what was removed.

 

I downloaded and ran combofix - log below

I downloaded and rad dds - logs below.

 

Do I have an infection or is everything OK?

 

ComboFix 13-10-26.01 - Gordon 26/10/2013  15:24:51.4.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.446 [GMT 1:00]
Running from: c:\documents and settings\Gordon\My Documents\Downloads\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\bcm505.tmp
c:\windows\bcm52C.tmp
c:\windows\bcm52D.tmp
c:\windows\bcm52E.tmp
c:\windows\bcm52F.tmp
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-09-26 to 2013-10-26  )))))))))))))))))))))))))))))))
.
.
2013-10-26 11:42 . 2013-10-26 11:42 -------- d-----w- c:\program files\ESET
2013-10-26 07:50 . 2013-10-26 07:50 -------- d-----w- c:\documents and settings\Gordon\Local Settings\Application Data\Sun
2013-10-26 07:40 . 2013-10-26 07:39 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-26 07:40 . 2013-10-26 07:39 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-13 09:51 . 2013-10-13 09:51 -------- d-----w- c:\program files\Microsoft Download Manager
2013-09-26 18:00 . 2013-09-26 18:00 208760 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2013-09-26 18:00 . 2013-09-26 18:00 208760 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-14 17:32 . 2012-07-21 07:13 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-14 17:32 . 2011-07-31 06:49 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33 . 2004-08-10 11:51 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33 . 2004-08-10 11:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33 . 2004-08-10 11:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33 . 2004-08-10 11:50 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-10 11:51 385024 ----a-w- c:\windows\system32\html.iec
2013-09-10 00:34 . 2011-12-23 12:32 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 00:43 . 2010-09-07 03:48 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-08-29 01:31 . 2004-08-10 11:51 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2004-08-10 11:51 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-03 22:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2012-01-29 14:29 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2001-08-17 13:03 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2004-08-10 11:51 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-30 15:18 . 2013-05-30 15:17 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\IsoBuster\tbIso2.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIso2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIso2.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2006-09-22 282624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-09-22 761947]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-03-28 593920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-04-06 136416]
"Seagate Dashboard"="c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-11-03 73728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=c:\windows\pss\Dell Network Assistant.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-03-16 17:10 1392640 ----a-w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2006-08-14 13:20 462336 ----a-w- c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2007-02-20 11:29 1191936 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-28 20:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ModemOnHold]
2003-09-10 01:24 20480 ------w- c:\program files\NetWaiting\netwaiting.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 03:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvcWMPNetworkSvc"=2 (0x2)
"wltrysvc"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
.
R0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys [19/06/2007 22:15 13824]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [08/02/2013 04:37 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 39224]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [19/06/2007 22:15 21632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [07/09/2010 04:48 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [09/11/2010 23:20 182072]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [23/07/2013 19:09 283136]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [06/04/2011 16:22 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [03/11/2011 19:10 8704]
S1 MpKslde3dcd33;MpKslde3dcd33;\??\c:\windows\system32\MpEngineStore\MpKslde3dcd33.sys --> c:\windows\system32\MpEngineStore\MpKslde3dcd33.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
S4 kucub;kucub;c:\windows\system32\drivers\cpnl.sys [29/04/2010 22:30 54016]
S4 wltrysvcWMPNetworkSvc;Dell Wireless WLAN Tray Service wltrysvcWMPNetworkSvc;c:\windows\system32\ActiveSkinq.exe srv --> c:\windows\system32\ActiveSkinq.exe srv [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-18 13:01 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 19:10]
.
2013-10-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-03 19:10]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank

IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: vivantio.co.uk\www
Trusted Zone: vivantioservicedesk.com\www
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\documents and settings\Gordon\Application Data\Mozilla\Firefox\Profiles\6kbrfpos.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-AVG-Secure-Search-Update_0913b - c:\documents and settings\Gordon\Application Data\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-26 15:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3891214042-1167728934-520486878-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1036)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\BCMLogon.dll
.
Completion time: 2013-10-26  15:59:13
ComboFix-quarantined-files.txt  2013-10-26 14:59
ComboFix2.txt  2012-01-22 22:41
ComboFix3.txt  2012-01-22 17:28
.
Pre-Run: 26,468,679,680 bytes free
Post-Run: 27,810,672,640 bytes free
.
- - End Of File - - CB647EF6FCA365378F027514E3964AAD
5CB90281D1A59B251F6603134774EEC3
 

DDS LOGS

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
Run by Gordon at 16:33:30 on 2013-10-26
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.894.428 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files\Memeo\AutoBackup\MemeoUpdater.exe
C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank

uURLSearchHooks: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIso2.dll
BHO: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIso2.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: IsoBuster Toolbar: {266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6} - c:\program files\isobuster\tbIso2.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Easy-WebPrint: {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - c:\program files\canon\easy-webprint\Toolband.dll
TB: IsoBuster Toolbar: {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - c:\program files\isobuster\tbIso2.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [sigmatelSysTrayApp] stsystra.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Lookup on Merriam Webster - c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - c:\program files\iespell\wikipedia.HTM
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.








TCP: NameServer = 192.168.10.1
TCP: Interfaces\{C2A53CAD-F0D7-4EAC-9B71-C59112E72E2A} : DHCPNameServer = 192.168.10.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.101\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gordon\application data\mozilla\firefox\profiles\6kbrfpos.default\
.
============= SERVICES / DRIVERS ===============
.
R0 AmdAcpi;AmdAcpi Bus Filter Driver;c:\windows\system32\drivers\amdacpi.sys [2007-6-19 13824]
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-2-8 246072]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 39224]
R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys [2007-6-19 21632]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-9 182072]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-7-23 283136]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-4-6 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-11-3 8704]
S1 MpKslde3dcd33;MpKslde3dcd33;\??\c:\windows\system32\mpenginestore\mpkslde3dcd33.sys --> c:\windows\system32\mpenginestore\MpKslde3dcd33.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-7-4 4939312]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys --> c:\windows\system32\vsdatant.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 kucub;kucub;c:\windows\system32\drivers\cpnl.sys [2010-4-29 54016]
S4 wltrysvcWMPNetworkSvc;Dell Wireless WLAN Tray Service wltrysvcWMPNetworkSvc;c:\windows\system32\activeskinq.exe srv --> c:\windows\system32\ActiveSkinq.exe srv [?]
.
=============== Created Last 30 ================
.
2013-10-26 11:42:13 -------- d-----w- c:\program files\ESET
2013-10-26 07:50:06 -------- d-----w- c:\documents and settings\gordon\local settings\application data\Sun
2013-10-26 07:40:38 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-26 07:40:19 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-13 09:51:16 -------- d-----w- c:\program files\Microsoft Download Manager
2013-09-26 18:00:39 208760 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2013-09-26 18:00:39 208760 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-10-14 17:32:54 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-14 17:32:50 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 18:33:58 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:33:57 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:33:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:33:56 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06:48 385024 ----a-w- c:\windows\system32\html.iec
2013-09-10 00:34:48 22328 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-09-05 00:43:42 39224 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-08-29 01:31:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55:07 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55:06 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-03 13:18:38 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 16:33:43.04 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 25/05/2007 18:07:16
System Uptime: 26/10/2013 08:05:24 (8 hours ago)
.
Motherboard: Dell Inc. |  | 0UW744
Processor: AMD Turion 64 X2 Mobile Technology TL-50 | Socket M2/S1G1 | 1595/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 25.905 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1358: 27/07/2013 09:21:16 - System Checkpoint
RP1359: 28/07/2013 08:57:21 - Before Updates
RP1360: 28/07/2013 09:05:47 - Software Distribution Service 3.0
RP1361: 29/07/2013 19:51:29 - System Checkpoint
RP1362: 31/07/2013 18:28:04 - System Checkpoint
RP1363: 03/08/2013 15:20:09 - System Checkpoint
RP1364: 04/08/2013 15:25:01 - System Checkpoint
RP1365: 11/08/2013 09:19:21 - Before updates
RP1366: 11/08/2013 09:24:22 - Software Distribution Service 3.0
RP1367: 16/08/2013 20:14:52 - System Checkpoint
RP1368: 17/08/2013 20:26:05 - System Checkpoint
RP1369: 18/08/2013 09:08:14 - Before Updates
RP1370: 18/08/2013 10:49:38 - Software Distribution Service 3.0
RP1371: 22/08/2013 19:15:24 - System Checkpoint
RP1372: 24/08/2013 08:38:48 - System Checkpoint
RP1373: 25/08/2013 13:08:52 - System Checkpoint
RP1374: 26/08/2013 15:06:02 - System Checkpoint
RP1375: 26/08/2013 18:10:46 - Installed TomTom HOME.
RP1376: 26/08/2013 18:28:44 - Removed TomTom HOME.
RP1377: 26/08/2013 18:35:09 - Installed Windows XP KB959765.
RP1378: 27/08/2013 21:05:33 - System Checkpoint
RP1379: 29/08/2013 20:55:21 - System Checkpoint
RP1380: 31/08/2013 11:28:23 - System Checkpoint
RP1381: 01/09/2013 11:52:52 - System Checkpoint
RP1382: 01/09/2013 19:57:16 - Before updates
RP1383: 01/09/2013 20:00:35 - Software Distribution Service 3.0
RP1384: 02/09/2013 20:26:23 - System Checkpoint
RP1385: 04/09/2013 19:18:41 - System Checkpoint
RP1386: 06/09/2013 12:46:17 - System Checkpoint
RP1387: 07/09/2013 13:56:22 - bfore updates
RP1388: 08/09/2013 20:12:33 - System Checkpoint
RP1389: 09/09/2013 21:52:26 - System Checkpoint
RP1390: 13/09/2013 21:31:21 - System Checkpoint
RP1391: 15/09/2013 15:06:23 - System Checkpoint
RP1392: 16/09/2013 18:41:45 - System Checkpoint
RP1393: 18/09/2013 16:05:53 - System Checkpoint
RP1394: 19/09/2013 19:04:32 - System Checkpoint
RP1395: 28/09/2013 09:56:51 - Before update
RP1396: 29/09/2013 18:29:18 - System Checkpoint
RP1397: 02/10/2013 20:42:00 - System Checkpoint
RP1398: 04/10/2013 21:18:01 - System Checkpoint
RP1399: 06/10/2013 09:36:32 - Before updates
RP1400: 08/10/2013 21:08:54 - System Checkpoint
RP1401: 09/10/2013 21:44:37 - System Checkpoint
RP1402: 10/10/2013 22:00:24 - System Checkpoint
RP1403: 12/10/2013 13:01:19 - System Checkpoint
RP1404: 13/10/2013 09:03:14 - Before updates and checks
RP1405: 13/10/2013 10:51:15 - Installed Microsoft Download Manager
RP1406: 13/10/2013 11:19:41 - Installed Windows XP KB2618444.
RP1407: 13/10/2013 11:38:02 - Software Distribution Service 3.0
RP1408: 14/10/2013 18:24:52 - System Checkpoint
RP1409: 16/10/2013 16:24:05 - System Checkpoint
RP1410: 18/10/2013 14:43:19 - System Checkpoint
RP1411: 20/10/2013 09:09:13 - After update before scanning
RP1412: 21/10/2013 20:26:32 - System Checkpoint
RP1413: 24/10/2013 18:49:21 - System Checkpoint
RP1414: 26/10/2013 08:38:46 - Removed Java 6 Update 26
RP1415: 26/10/2013 08:39:42 - Installed Java 7 Update 45
.
==== Installed Programs ======================
.
 Sansa Media Converter
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
AMD Dashboard Demo
AMD Processor Driver
Apple Application Support
Apple Software Update
Applian FLV Player
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.3.12 (Unicode)
AVG 2013
BBC iPlayer Desktop
BBC iPlayer Download Manager
Broadcom Management Programs
Canon PIXMA iP4000
Canon Utilities Easy-PrintToolBox
CCleaner
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Conexant HDA D110 MDC V.92 Modem
Corel Paint Shop Pro Photo XI
Corel Snapfire Plus
Dell Network Assistant
Dell Support 3.2.1
Dell System Restore
Dell Wireless WLAN Card
Digital Line Detect
Disc2Phone
DivX Content Uploader
DivX Web Player
Easy-WebPrint
ESET Online Scanner v3
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB959765)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
ieSpell
IrfanView (remove only)
IsoBuster 2.5
IsoBuster Toolbar
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Memeo Instant Backup
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Office 2000 SR-1 Professional
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Modem Helper
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.42
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyTomTom 3.2.0.1116
NetWaiting
Online Plug-in
PowerDVD 5.7
QuickSet
QuickTime
RealPlayer
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Seagate Dashboard
SearchAssist
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904-v2)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Sonic Update Manager
Sony Ericsson PC Suite
Synaptics Pointing Device Driver
System Checkup 3.3
The Arcade
TomTom HOME Visual Studio Merge Modules
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
VC 9.0 Runtime
Visual Studio C++ 10.0 Runtime
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
25/10/2013 20:25:02, error: sr [1]  - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'.  It has stopped monitoring the volume.
25/10/2013 19:59:12, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD AmdK8 APPDRV AVGIDSDriver AVGIDSShim Avgldx86 Avgtdix Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WS2IFSL
25/10/2013 19:59:12, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
25/10/2013 19:59:12, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
25/10/2013 19:59:12, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
25/10/2013 19:59:12, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
25/10/2013 19:59:12, error: Service Control Manager [7001]  - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error:  A device attached to the system is not functioning.
25/10/2013 19:58:54, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
25/10/2013 19:58:51, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
20/10/2013 13:53:30, error: ati2mtag [43016]  - Not an EDID device
20/10/2013 13:53:30, error: ati2mtag [43015]  - I2c return failed
20/10/2013 08:47:52, error: Dhcp [1001]  - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 00197E5E093D.  The following error occurred:  The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================
 

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Gordon13! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Note: Please do not run ComboFix without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here

Step 1

Please uninstall this application: IsoBuster Toolbar .

Step 2

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  • Step 3

    Please download AdwCleaner by Xplode onto your desktop.

    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Clean.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[s1].txt as well.
    Step 4
    • Launch Malwarebytes' Anti-Malware
    • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
    • Go to Scanner tab and select Perform Quick Scan, then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

    In your next reply, post the following log files:

    • Junkware Removal Tool log
    • AdwCleaner log
    • Malwarebytes' Anti-Malware log
Link to post
Share on other sites
Gordon13

Gordon13

Posted
  • Author
Posted

Hi Borislav,

Thanks for your help.

 

I have completed steps 1-4 and pasted logs below:

The Adware log files were in a subfolder on C.

 

Thanks

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Microsoft Windows XP x86
Ran by Gordon on 27/10/2013 at 13:47:08.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduitengine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\conduit.engine
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.eb_explorerbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.eb_explorerbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.ipm_printlistitem
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.ipm_printlistitem.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_launcher
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_launcher.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_printmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pm_printmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_bindstatuscallback
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_bindstatuscallback.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_cancelbuttoneventhandler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.pr_cancelbuttoneventhandler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.tbtoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.tbtoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.useroptions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolband.useroptions.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT1700389
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E28C934A-9BEF-4C57-B891-A2B392EBC07D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\askbardis"

 

~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\conduitengine.tmp"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\Gordon\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Gordon\Local Settings\Application Data\conduitengine"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduitengine"
Successfully deleted: [Folder] "C:\Program Files\askbardis"

 

~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27/10/2013 at 13:52:37.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 13:58:03
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gordon - DADS
# Running from : C:\Documents and Settings\Gordon\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found C:\Documents and Settings\Frances\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\Frances\Local Settings\Application Data\ConduitEngine

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Found : HKCU\Software\ParetoLogic
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\6kbrfpos.default\prefs.js ]

[ File : C:\Documents and Settings\Frances\Application Data\Mozilla\Firefox\Profiles\ojd4vpnj.default\prefs.js ]

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Frances\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2580 octets] - [27/10/2013 13:58:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2640 octets] ##########

 

 

# AdwCleaner v3.010 - Report created 27/10/2013 at 14:01:25
# Updated 20/10/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Gordon - DADS
# Running from : C:\Documents and Settings\Gordon\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Frances\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Frances\Local Settings\Application Data\ConduitEngine

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Documents and Settings\Gordon\Application Data\Mozilla\Firefox\Profiles\6kbrfpos.default\prefs.js ]

[ File : C:\Documents and Settings\Frances\Application Data\Mozilla\Firefox\Profiles\ojd4vpnj.default\prefs.js ]

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Gordon\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\Frances\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2720 octets] - [27/10/2013 13:58:03]
AdwCleaner[s0].txt - [2679 octets] - [27/10/2013 14:01:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2739 octets] ##########

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.27.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gordon :: DADS [administrator]

27/10/2013 14:09:30
mbam-log-2013-10-27 (14-09-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 284961
Time elapsed: 20 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites
  • 2 weeks later...
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.