Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PUP.BundleOffers.IIQ


  • This topic is locked This topic is locked
24 replies to this topic

#1 srogers11

srogers11

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 15 August 2012 - 10:02 AM

The computer I have is operating Windows XP Professional. When I try to launch Internet Explorer it freezes on a blank screen. In addition the icons on the desktop are not working.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.04

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 7.0.5730.13
dphillips :: DC7PWZK1 [administrator]

Protection: Enabled

8/15/2012 8:59:41 AM
mbam-log-2012-08-15 (10-48-02).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 791622
Time elapsed: 1 hour(s), 6 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP558\A0110880.exe (PUP.BundleOffers.IIQ) -> No action taken.
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP566\A0120987.exe (PUP.BundleOffers.IIQ) -> No action taken.

(end)


# AdwCleaner v1.703 - Logfile created 08/14/2012 at 16:56:56
# Updated 20/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : SRogerssr - SR10
# Running from : C:\Documents and Settings\SRogerssr.WCSO\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Program Files\Fast Browser Search
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\SGPSA
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

[*] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{055069F3-F78B-4BD1-A277-FE66648D3300}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3F2A195-0D11-463b-96BB-D2FF1B7490A1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ECD0ECC6-DCA4-4013-A915-12355AB70999}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7327C09-B521-4EDB-8509-7D2660C9EC98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F8AD5AA5-D966-4667-9DAF-2561D68B2012}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v21.0.1180.60

*************************

AdwCleaner[S1].txt - [4913 octets] - [14/08/2012 16:56:56]

########## EOF - C:\AdwCleaner[S1].txt - [5041 octets] ##########

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:21 AM

Posted 15 August 2012 - 11:23 AM

Does this topic concern the same computer as the topic here? http://www.bleepingcomputer.com/forums/topic463234.html
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 srogers11

srogers11
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 15 August 2012 - 12:30 PM

no, it is a different computer. thanks for the inquiry.

Edited by srogers11, 15 August 2012 - 12:37 PM.


#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,011 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:21 AM

Posted 15 August 2012 - 12:50 PM

Thank you for the clarification. In that case, please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 srogers11

srogers11
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 15 August 2012 - 12:50 PM

Ok thanks.

Edited by srogers11, 15 August 2012 - 12:51 PM.


#6 srogers11

srogers11
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 16 August 2012 - 02:00 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13
Run by dphillips at 14:33:15 on 2012-08-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.972 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 4.2 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Digital Image World\Control Center\ControllerService.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\New World Systems\New World Aegis Sync Service\NewWorld.Client.WindowsSyncService.exe
C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe
C:\Program Files\Digital Image World\Control Center\Controller.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.TaskbarNotifier.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\eCopy\Desktop 9.0\Bin\eDP2ed.exe
C:\Program Files\eCopy\Desktop 9.0\Bin\eCopyDesktop.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Productivity 3.1 Toolbar: {9427041a-a8dc-4d06-9a68-93873486e957} - c:\program files\productivity_3.1\prxtbPro0.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Productivity 3.1 Toolbar: {9427041a-a8dc-4d06-9a68-93873486e957} - c:\program files\productivity_3.1\prxtbPro0.dll
TB: {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [ChangeTPMAuth] c:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [New World Update Notifier] c:\program files\new world systems\new world automatic updater\NewWorld.Management.Updater.TaskbarNotifier.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/distribution/alternatiff-ax-w32-2.0.3.cab
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://ssl1.gta.ga.gov/vdesk/cachecleaner.cab#version=6030,2009,0824,2121
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://ssl1.gta.ga.gov/vdesk/terminal/urxvpn.cab#version=6030,2009,820,1617
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://ssl1.gta.ga.gov/vdesk/terminal/f5tunsrv.cab#version=6030,2009,811,2213
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - hxxps://ssl1.gta.ga.gov/vdesk/terminal/InstallerControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340652039842
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://ssl1.gta.ga.gov/vdesk/terminal/urxshost.cab#version=6030,2009,828,1610
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://ssl1.gta.ga.gov/vdesk/terminal/urxhost.cab#version=6030,2009,828,1606
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.9 66.18.32.2
TCP: Interfaces\{47C7D4C8-6FB9-4EE4-B0AD-C2F16AF166BA} : DhcpNameServer = 192.168.1.9 66.18.32.2
Notify: GoToAssist - c:\program files\citrix\gotoassist\759\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 wvauth
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2010-12-21 94872]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2009-5-15 1803512]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-4-27 293968]
R2 CCStdController;CCStdController;c:\program files\digital image world\control center\ControllerService.exe [2009-9-27 9216]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-7-16 376096]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-1-12 810144]
R2 FAD;FAD;c:\program files\dell\dell controlpoint\connection manager\FADXP32.sys [2009-7-22 11904]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbguard.exe [2012-5-2 98304]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-11-9 10384]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-9 655944]
R2 New World Systems Aegis Sync Service;New World Windows Sync Service;c:\program files\new world systems\new world aegis sync service\NewWorld.Client.WindowsSyncService.exe [2012-3-1 54784]
R2 NewWorldUpdaterService;New World Updater;c:\program files\new world systems\new world automatic updater\NewWorld.Management.Updater.Service.exe [2011-12-17 18944]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-7-22 76288]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-10-2 112512]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\firebird\firebird_2_5\bin\fbserver.exe [2012-5-2 3735552]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-2 109568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-9 22344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [2009-10-2 232744]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [2009-8-20 33920]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [2012-4-11 10752]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\drivers\nvtsp50.sys --> c:\windows\system32\drivers\NvtSp50.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-25 14336]
.
=============== Created Last 30 ================
.
2012-08-13 20:10:25 -------- d-----w- c:\windows\system32\wbem\repository\FS
2012-08-13 20:10:25 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-13 15:10:03 -------- d-----w- c:\windows\pss
2012-08-10 14:54:35 -------- d-sha-r- C:\cmdcons
2012-08-09 20:09:02 -------- d-----w- c:\documents and settings\dphillips.wcso\application data\Malwarebytes
2012-08-09 20:08:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-09 20:08:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-09 20:08:50 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-26 20:12:27 -------- d-----w- c:\program files\ESET
2012-07-24 20:42:21 -------- d-----w- c:\documents and settings\dphillips.wcso\local settings\application data\SlimWare Utilities Inc
2012-07-20 15:51:11 -------- d-----w- c:\documents and settings\dphillips.wcso\application data\New World Systems
2012-07-20 15:41:47 713216 -c----w- c:\windows\system32\dllcache\sxs.dll
2012-07-20 15:40:42 -------- d-----w- c:\program files\Microsoft Corporation
2012-07-20 15:39:34 -------- d-----w- c:\documents and settings\all users\application data\New World Systems
2012-07-20 15:39:23 -------- d-----w- c:\program files\New World Systems
.
==================== Find3M ====================
.
2012-07-02 12:46:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-02 12:46:24 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-02 12:46:24 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-25 20:14:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 12:27:38 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-14 12:27:32 38864 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2012-06-14 12:27:32 1581136 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2012-06-14 12:27:28 51280 ----a-w- c:\windows\system32\LBTCoIns.DLL
2012-06-14 12:27:22 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2012-06-14 12:27:22 37328 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2012-06-13 13:29:09 1875072 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35:26 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 14:34:12.13 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-16 14:48:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD25 rev.11.0
Running: gmer.exe; Driver: C:\DOCUME~1\DPHILL~1.WCS\LOCALS~1\Temp\kwlyapoc.sys

Attached Files



#7 srogers11

srogers11
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 20 August 2012 - 07:34 AM

I think this post has been overlooked.

#8 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:21 AM

Posted 20 August 2012 - 10:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/465304 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#9 srogers11

srogers11
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 20 August 2012 - 11:45 AM

When internet explorer is opened the screen for IE briefly opens and then flashes closed. Sometimes the screen will stay up but do nothing but freeze. Also the desktop icons do nothing when clicked.

I've run adwcleaner which found wecarereminder and pricegong in the registry.
Malwarebytes found PUP.BundleOffers.IIQ
TDSKiller didn't find anything.
Eset's online scanner found some things but don't remember what.
Tried to run OTL but I get the following error: Access Violation at add 0052C053 in module OTL.exe. Read of address 00000000.

I had the logs for these scans but now can't find them.

Edited by srogers11, 20 August 2012 - 11:49 AM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:21 AM

Posted 20 August 2012 - 01:34 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    Ignore the installation of the Recovery Console. The Microsoft site is presently down.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.
===

Please post the logs and let me know if the problem persists.

#11 srogers11

srogers11
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 20 August 2012 - 03:04 PM

ComboFix 12-08-20.02 - dphillips 08/20/2012 15:34:05.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.917 [GMT -4:00]
Running from: c:\documents and settings\DPhillips.WCSO\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FAD
-------\Service_FAD
.
.
((((((((((((((((((((((((( Files Created from 2012-07-20 to 2012-08-20 )))))))))))))))))))))))))))))))
.
.
2012-08-13 20:10 . 2012-08-13 20:10 -------- d-----w- c:\windows\system32\wbem\Repository
2012-08-09 20:09 . 2012-08-09 20:09 -------- d-----w- c:\documents and settings\DPhillips.WCSO\Application Data\Malwarebytes
2012-08-09 20:08 . 2012-08-15 12:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-09 20:08 . 2012-08-09 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-08-09 20:08 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-26 20:12 . 2012-08-13 20:08 -------- d-----w- c:\program files\ESET
2012-07-26 20:12 . 2012-07-26 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-07-24 20:42 . 2012-07-24 20:42 -------- d-----w- c:\documents and settings\DPhillips.WCSO\Local Settings\Application Data\SlimWare Utilities Inc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-20 19:52 . 2012-01-13 14:11 0 ----a-w- c:\documents and settings\DPhillips.WCSO\Local Settings\Application Data\WavXMapDrive.bat
2012-08-13 14:12 . 2009-10-28 15:13 0 -c--a-w- c:\documents and settings\Donny\Local Settings\Application Data\WavXMapDrive.bat
2012-07-06 13:58 . 2008-04-25 16:16 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2008-04-25 21:26 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 15:07 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll
2012-07-03 15:07 . 2008-04-25 16:16 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-03 15:07 . 2010-06-25 17:43 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-07-03 15:07 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll
2012-07-03 13:40 . 2008-04-25 16:16 1875072 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 12:46 . 2012-07-02 12:46 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-02 12:46 . 2010-10-16 02:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-07-02 12:46 . 2010-06-14 12:03 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-25 20:14 . 2012-06-25 19:49 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-14 12:27 . 2012-06-14 12:26 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-14 12:27 . 2012-06-14 12:26 1581136 ----a-w- c:\windows\system32\LkmdfCoInst.dll
2012-06-14 12:27 . 2009-06-17 16:56 38864 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2012-06-14 12:27 . 2009-11-09 22:23 51280 ----a-w- c:\windows\system32\LBTCoIns.DLL
2012-06-14 12:27 . 2012-06-14 12:27 53328 ----a-w- c:\windows\system32\LMouFiltCoInst.dll
2012-06-14 12:27 . 2009-06-17 16:56 37328 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2012-06-05 15:50 . 2008-04-25 16:16 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-25 16:16 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 21:35 . 2010-02-12 16:52 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2008-04-25 16:16 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 19:19 . 2008-10-16 18:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 19:19 . 2008-10-16 18:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 19:19 . 2008-04-25 21:27 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 19:19 . 2008-04-25 21:27 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 19:19 . 2008-04-25 21:27 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 19:19 . 2008-10-16 18:09 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 19:19 . 2008-10-16 18:07 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 19:19 . 2008-04-25 21:27 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 19:19 . 2008-04-25 21:27 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 19:19 . 2008-04-25 16:16 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 19:19 . 2008-10-16 18:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 19:19 . 2008-04-25 21:27 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 19:19 . 2008-04-25 21:27 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 19:18 . 2010-02-12 16:52 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 19:18 . 2010-02-12 16:52 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9427041a-a8dc-4d06-9a68-93873486e957}]
2011-05-09 09:49 176936 ------w- c:\program files\Productivity_3.1\prxtbPro0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9427041a-a8dc-4d06-9a68-93873486e957}"= "c:\program files\Productivity_3.1\prxtbPro0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9427041A-A8DC-4D06-9A68-93873486E957}"= "c:\program files\Productivity_3.1\prxtbPro0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{9427041a-a8dc-4d06-9a68-93873486e957}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-06-11 23:41 49152 ------w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-06-11 23:41 49152 ------w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-06-12 656384]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-07-22 1796096]
"ChangeTPMAuth"="c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [2009-06-03 184320]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2009-05-18 145920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2009-07-05 15872]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"Garmin Lifetime Updater"="c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-02-15 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"New World Update Notifier"="c:\program files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.TaskbarNotifier.exe" [2011-12-17 153088]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-01-12 2219184]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\documents and settings\agilleland\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - [N/A]
Dell ControlPoint System Manager.lnk - [N/A]
Logitech SetPoint.lnk - [N/A]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2012-06-11 14:51 13672 ----a-w- c:\program files\Citrix\GoToAssist\759\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ------w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-309213858-4288789142-494382189-1244\Scripts\Logon\0\0]
"Script"=\\WCSO.local\SysVol\WCSO.local\scripts\cid_map.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth Connection Assistant]
LBTWIZ.EXE -silent [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-03-26 13:00 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-03-27 09:40 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr]
2009-03-17 01:57 729088 ------w- c:\windows\system32\AESTFltr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2012-02-23 14:31 488816 ----a-w- c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-05-31 00:06 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2009-10-02 10:15 2396160 ------w- c:\windows\system32\WLTRAY.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]
2008-04-14 12:00 27648 -c--a-w- c:\windows\system32\conime.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCopy Scan Inbox Monitor]
2006-06-27 05:45 65536 ------w- c:\program files\eCopy\Desktop 9.0\Bin\InboxMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDP2eD]
2006-06-27 05:28 118784 ------w- c:\program files\eCopy\Desktop 9.0\Bin\eDP2eD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 21:08 166912 ------w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-02-11 22:38 186904 ------w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 21:08 134656 ------w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 23:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2009-06-17 16:55 55824 ------w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 17:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2009-02-05 02:26 128232 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 21:08 134656 ------w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-19 00:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SRS Premium Sound]
2009-03-25 22:58 3261688 -c----w- c:\program files\SRS Labs\SRS Premium Sound\SRSPremiumSoundBig_Small.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
2008-04-14 12:00 143360 ----a-w- c:\windows\system32\mobsync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2009-03-17 01:57 483420 ------w- c:\program files\IDT\WDM\sttray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\eCopy\\Desktop 9.0\\Bin\\eCopyDesktop.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Documents and Settings\\dphillips\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"63349:TCP"= 63349:TCP:Trend Micro Client/Server Security Agent Listener
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [12/21/2010 1:47 PM 94872]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/15/2009 6:33 PM 1803512]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [4/27/2009 2:40 PM 293968]
R2 CCStdController;CCStdController;c:\program files\Digital Image World\Control Center\ControllerService.exe [9/27/2009 8:47 PM 9216]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 3:22 PM 822624]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [7/16/2009 1:04 PM 376096]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [1/12/2011 4:41 PM 810144]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [5/2/2012 10:20 AM 98304]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [11/9/2009 6:23 PM 10384]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/9/2012 4:08 PM 655944]
R2 New World Systems Aegis Sync Service;New World Windows Sync Service;c:\program files\New World Systems\New World Aegis Sync Service\NewWorld.Client.WindowsSyncService.exe [3/1/2012 5:42 PM 54784]
R2 NewWorldUpdaterService;New World Updater;c:\program files\New World Systems\New World Automatic Updater\NewWorld.Management.Updater.Service.exe [12/17/2011 5:40 PM 18944]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [10/1/2011 9:30 AM 508776]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [7/22/2009 7:13 PM 76288]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [10/2/2009 8:39 AM 112512]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [5/2/2012 10:20 AM 3735552]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [10/2/2009 8:39 AM 109568]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/9/2012 4:08 PM 22344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 11:23 PM 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 11:23 PM 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 11:23 PM 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 11:23 PM 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [10/1/2011 9:30 AM 219496]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\SRS_PremiumSound_i386.sys [10/2/2009 6:15 AM 232744]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\covpndrv.sys [8/20/2009 12:19 PM 33920]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:50 AM 135664]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [4/11/2012 2:01 PM 10752]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:50 AM 135664]
S3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys --> c:\windows\system32\Drivers\NvtSp50.sys [?]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-08-16 c:\windows\Tasks\Backup.job
- c:\windows\system32\ntbackup.exe [2008-04-25 12:00]
.
2012-08-16 c:\windows\Tasks\Court Ser Backup.job
- c:\windows\system32\ntbackup.exe [2008-04-25 12:00]
.
2012-08-16 c:\windows\Tasks\Court Services & D Phillips T Drive Backup .job
- c:\windows\system32\ntbackup.exe [2008-04-25 12:00]
.
2012-08-16 c:\windows\Tasks\Court Services Backup 2012.job
- c:\windows\system32\ntbackup.exe [2008-04-25 12:00]
.
2012-08-16 c:\windows\Tasks\COURT SERVICES BACKUP.job
- c:\windows\system32\ntbackup.exe [2008-04-25 12:00]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 13:50]
.
2012-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 13:50]
.
2012-08-20 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2453552817-3116757156-2166998733-1157.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
2012-08-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2453552817-3116757156-2166998733-1157.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-01-30 22:45]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.9 66.18.32.2
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-20 15:51
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(820)
c:\program files\Citrix\GoToAssist\759\G2AWinLogon.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\wvauth.dll
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3436)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Logishrd\Bluetooth\LBTServ.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Logitech\Easy Synchronization\servicestub.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Digital Image World\Control Center\Controller.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
.
**************************************************************************
.
Completion time: 2012-08-20 15:57:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-20 19:57
.
Pre-Run: 206,179,389,440 bytes free
Post-Run: 206,217,994,240 bytes free
.
- - End Of File - - E958ABCC3291DEEE3AC9BFF367DA5223

Results of screen317's Security Check version 0.99.46
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET NOD32 Antivirus 4.2
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java™ 6 Update 22
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader X 10.1.2 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
ESET NOD32 Antivirus egui.exe
ESET NOD32 Antivirus ekrn.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

# AdwCleaner v1.801 - Logfile created 08/20/2012 at 16:01:26
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : dphillips - DC7PWZK1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\DPhillips.WCSO\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files\Productivity_3.1

***** [Registry] *****

Key Found : HKCU\Software\Productivity_3.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_3.1 Toolbar
Key Found : HKLM\SOFTWARE\Productivity_3.1

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{9427041A-A8DC-4D06-9A68-93873486E957}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58EE97A5-6813-4407-972B-64D1489A4048}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{913354BB-A9EF-4260-BB28-87EAE1F28138}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041A-A8DC-4D06-9A68-93873486E957}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9427041A-A8DC-4D06-9A68-93873486E957}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9427041A-A8DC-4D06-9A68-93873486E957}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9427041A-A8DC-4D06-9A68-93873486E957}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2850 octets] - [10/08/2012 10:30:30]
AdwCleaner[S1].txt - [2966 octets] - [10/08/2012 10:31:18]
AdwCleaner[R2].txt - [1908 octets] - [20/08/2012 16:01:26]

########## EOF - C:\AdwCleaner[R2].txt - [2036 octets] ##########

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:21 AM

Posted 21 August 2012 - 07:25 AM

c:\documents and settings\agilleland\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - [N/A]
Dell ControlPoint System Manager.lnk - [N/A]
Logitech SetPoint.lnk - [N/A]

You should delete all the file in the Startup folders.
===

For your security you should update Internet Explorer to Version 8.
http://windows.microsoft.com/en-US/internet-explorer/downloads/ie-8
===

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 22
Java™ 6 Update 33


===

Critical vulnerabilities have been identified in Adobe Flash Player v11.3.300.264 and earlier versions... being exploited in the wild in active targeted attacks...

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs and let me know what problem persists.

#13 srogers11

srogers11
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 22 August 2012 - 07:51 AM

I tried installing Java and got the following error: The windows installer could not be accessed. This can occur if you are running windows in safe mode, or if the windows installer is not correctly installed.

The computer was not in safe mode at the time I tried the install.

# AdwCleaner v1.801 - Logfile created 08/22/2012 at 08:31:28
# Updated 14/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : dphillips - DC7PWZK1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\DPhillips.WCSO\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Productivity_3.1

***** [Registry] *****

Key Deleted : HKCU\Software\Productivity_3.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Productivity_3.1 Toolbar
Key Deleted : HKLM\SOFTWARE\Productivity_3.1

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9427041A-A8DC-4D06-9A68-93873486E957}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{58EE97A5-6813-4407-972B-64D1489A4048}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{913354BB-A9EF-4260-BB28-87EAE1F28138}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9427041A-A8DC-4D06-9A68-93873486E957}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2273BD45-9747-41D0-B552-6CE3A3ED94DA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9427041A-A8DC-4D06-9A68-93873486E957}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{9427041A-A8DC-4D06-9A68-93873486E957}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{9427041A-A8DC-4D06-9A68-93873486E957}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.5730.13

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [2850 octets] - [10/08/2012 10:30:30]
AdwCleaner[S1].txt - [2966 octets] - [10/08/2012 10:31:18]
AdwCleaner[R2].txt - [2037 octets] - [20/08/2012 16:01:26]
AdwCleaner[S2].txt - [1994 octets] - [22/08/2012 08:31:28]

########## EOF - C:\AdwCleaner[S2].txt - [2122 octets] ##########

#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,197 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:21 AM

Posted 22 August 2012 - 10:28 AM

Go to this Microsoft link.

Error "Windows Installer service could not be accessed"
http://support.microsoft.com/kb/315346

Read the article and execute the fixes suggested under the Resolution section.

Keep me posted.

#15 srogers11

srogers11
  • Topic Starter

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Local time:07:21 AM

Posted 22 August 2012 - 12:43 PM

Updated everything except IE8. It took Java and Adobe fine. When I start the install for IE it just hangs on the initial download part.

Edited by srogers11, 23 August 2012 - 07:57 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users