Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mystery Infection


  • This topic is locked This topic is locked
5 replies to this topic

#1 dpcofhwa

dpcofhwa

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 03 September 2012 - 01:11 PM

I am running WIN XP Service pack 3 and have in the last week developed a problem. In my "Primary User Name - Local Settings - Temp folder" I have a file "clouds_2048.tmp" which can only be deleted in safe mode. It has the nasty habit of periodically growing to be the exact size of the used portion of my hard drive. I have run several spyware scanners, which found nothing. I have used AVG Business Edition, which found little, and AVAST free, which found several things, but none have prevented the return of this file and its eventual regrowth.

I cloned my hard drive to a spare and ran combfix on it, just to see what would happen. It made a number of changes but that same "tmp" file remains, currently with a zero content. That will change. I have deleted it before and it comes back at reboot empty but then refills, usually around midnight but sometimes sooner.

I have the log file from combofix for the clone drive if you want to see it. I would really like to resolve this without reformatting the drive if necessary. Whatever this is it seems that nothing sees it

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:26 AM

Posted 06 September 2012 - 07:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

#3 dpcofhwa

dpcofhwa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 06 September 2012 - 10:58 AM

I hope I am doing this right. These logs were requested by "nasdaq". I was unsure if I was to post directly back to him or just post. If I'm wrong someone correct me.

Dealing with a mystery infection that results in the placing of a temp file in "Local Settings" called "clouds_2048.tmp" which copies the entire C Drive into itself and fills up the drive.

Logs Requested are included


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.5.1
Run by David P. Clauss at 10:39:30 on 2012-09-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.905 [GMT -5:00]
.
AV: AVG Internet Security Business Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security Business Edition 2012 *Enabled*
.
============== Running Processes ===============
.
C:\Program Files\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2012\avgfws.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\MySoftware\MyInvoices\tracker.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\rundll32.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe
C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe
C:\Program Files\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\TightVNC\tvnserver.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\j2 Messenger 4.4\J2GDllCmd.exe
C:\Program Files\SensiGuard\SensiGuard.exe
C:\Program Files\CraveWorldClock\CWClock.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Firetrust\MailWasher\MailWasherPro.exe
C:\Program Files\j2 Messenger 4.4\J2GTray.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Soluto\Soluto.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
mWinlogon: UIHost=c:\windows\system32\logonuiX.exe
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
BHO: AC-Pro: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\program files\autocompletepro\AutocompletePro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: FlashCatchBHO Class: {88618a96-6d8a-42e7-b932-9073d5b2080f} - c:\program files\flashcatch\flashcatch.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} -
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} -
TB: FlashCatch: {10cecf4f-a96e-4803-8ac2-f565fb29ff47} - c:\program files\flashcatch\flashcatch.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\12.2.0.5\AVG Secure Search_toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [j2 4.4] "c:\program files\j2 messenger 4.4\J2GDllCmd.exe" /R
uRun: [SensiGuard] "c:\program files\sensiguard\SensiGuard.exe" /m
uRun: [Crave World Clock] c:\program files\craveworldclock\CWClock.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Tracker] c:\program files\mysoftware\myinvoices\tracker.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [EPSON Stylus Photo R300 Series on Paladin-3000 (from HWA-15)] c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE /P60 "EPSON Stylus Photo R300 Series on Paladin-3000 (from HWA-15)" /O5 "TS003" /M "Stylus Photo R300"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EaseUs Watch] "c:\program files\easeus\todo backup\bin\EuWatch.exe"
mRun: [EaseUs Tray] "c:\program files\easeus\todo backup\bin\TrayNotify.exe"
mRun: [Ashampoo HDD Control Guard] "c:\program files\ashampoo\ashampoo hdd control\HDDControlGuard.exe"
mRun: [Print2PDF Print Monitor] "c:\program files\software602\print2pdf\Print2PDF.exe" /server
mRun: [tvncontrol] "c:\program files\tightvnc\tvnserver.exe" -controlservice -slave
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\davidp~1.cla\startm~1\programs\startup\jconne~1.lnk - c:\program files\j2 messenger 4.4\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher\MailWasherPro.exe
uPolicies-explorer: NoThumbnailCache = 1 (0x1)
mPolicies-system: SoftwareSASGeneration = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
Trusted Zone: txu.com
Trusted Zone: txu.com\www
Trusted Zone: yahoo.com\att.my
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/pcpitstop/PCPitStop.CAB
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/stg_drm.ocx
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper20073151.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221750772531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20Japan/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
TCP: Interfaces\{B35070AD-E2FD-4E7B-8580-CADDF64F0645} : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\12.2.0\ViProtocol.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\david p. clauss\application data\mozilla\firefox\profiles\ynwp7op1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=DCF1DF&PC=DCF1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://att.my.yahoo.com/?_bc=1
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113959&tt=280612_6_&babsrc=KW_ss&mntrId=24c4b6ea000000000000001e9076bf3f&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\david p. clauss\application data\mozilla\firefox\profiles\ynwp7op1.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\david p. clauss\application data\mozilla\firefox\profiles\ynwp7op1.default\extensions\{463f6ca5-ee3c-4be1-b7e6-7fee11953374}\platform\winnt\components\FoxyTunes.dll
FF - component: c:\documents and settings\david p. clauss\application data\mozilla\firefox\profiles\ynwp7op1.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\flashcatch\firefox\components\FlashCatch.dll
FF - component: c:\program files\flashcatch\firefox\components\FlashCatch191.dll
FF - component: c:\program files\flashcatch\firefox\components\FlashCatch192.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\david p. clauss\application data\mozilla\firefox\profiles\ynwp7op1.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\david p. clauss\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101710.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\12.2.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmirage.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.blink_allowed - true
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 50
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=280612_6_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 24c4b6ea000000000000001e9076bf3f
FF - user.js: extensions.BabylonToolbar_i.hardId - 24c4b6ea000000000000001e9076bf3f
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15519
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:41:53
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2009-8-16 30600]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-5-5 35720]
R0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys [2009-8-16 20744]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2012-6-12 16064]
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [2012-9-6 51144]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-5 27496]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2009-8-16 14216]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2012\avgfws.exe [2012-6-13 2321560]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-7-4 5160568]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-2-28 1373576]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2012-6-12 224960]
R2 SCRCAMHRDRV;ScreenCamera HR;c:\windows\system32\drivers\SCRCAMHRDRV.SYS [2011-2-11 74832]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2012-9-6 604688]
R2 tvnserver;TightVNC Server;c:\program files\tightvnc\tvnserver.exe [2012-6-26 1184312]
R2 vToolbarUpdater12.2.0;vToolbarUpdater12.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\12.2.0\ToolbarUpdater.exe [2012-9-5 927840]
R2 ZentimoService;Zentimo Assistant;c:\program files\zentimo\ZentimoService.exe [2011-12-13 259072]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2012-4-26 16640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 cpuz135;cpuz135;\??\c:\windows\temp\cpuz135\cpuz135_x32.sys --> c:\windows\temp\cpuz135\cpuz135_x32.sys [?]
R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys [2009-8-16 187528]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [2012-7-19 31848]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2012-4-7 25704]
R3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\system32\drivers\WsAudio_DeviceS(2).sys [2012-4-7 25704]
R3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\system32\drivers\WsAudio_DeviceS(3).sys [2012-4-7 25704]
R3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\system32\drivers\WsAudio_DeviceS(4).sys [2012-4-7 25704]
R3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\system32\drivers\WsAudio_DeviceS(5).sys [2012-4-7 25704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SSPORT;SSPORT; [x]
S3 602XML Updater;602Updater;c:\program files\common files\soft602\602updsvc\602updsvc.exe [2011-11-8 73728]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-6 250568]
S3 APL531;35mm Film Scanner;c:\windows\system32\drivers\FILMSCAN.SYS [2006-7-31 74832]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 CrossLoopService;CrossLoop Service;c:\documents and settings\david p. clauss\local settings\application data\crossloop\CrossLoopService.exe [2011-9-19 563216]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2011-2-19 406016]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2011-10-28 163008]
S3 EASEUS Agent;EASEUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2011-5-5 56200]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-2-2 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-2-2 8456]
S3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\drivers\GBRIDGE.SYS [2009-1-27 74832]
S3 hipeer20;Remobo Instant Private Network;c:\windows\system32\drivers\REMOBO32.SYS [2009-4-22 74832]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-27 113120]
S3 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-4-23 2214504]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2012-6-12 53952]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2009-3-2 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2009-3-2 37440]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [2012-7-19 31848]
S3 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
S3 VICAMUSB;3Com HomeConnect USB Camera; [x]
S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [2009-7-13 19024]
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);c:\windows\system32\drivers\ZD1211U.SYS [2007-4-20 74832]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
.
=============== File Associations ===============
.
.txt=NoteProTXT
.
=============== Created Last 30 ================
.
2012-09-06 15:07:51 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-09-06 15:07:46 -------- d-----w- c:\program files\Soluto
2012-09-05 17:01:16 -------- d-----w- c:\documents and settings\david p. clauss\application data\AVG2012
2012-09-05 16:59:44 -------- d-----w- c:\documents and settings\david p. clauss\local settings\application data\AVG Secure Search
2012-09-05 16:59:38 -------- d-----w- c:\documents and settings\all users\application data\AVG Secure Search
2012-09-05 16:59:25 -------- d-----w- c:\documents and settings\david p. clauss\application data\AVG Secure Search
2012-09-05 16:59:18 27496 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-09-05 16:59:10 -------- d-----w- c:\program files\common files\AVG Secure Search
2012-09-05 16:59:06 -------- d-----w- c:\program files\AVG Secure Search
2012-09-05 16:55:36 -------- d--h--w- C:\$AVG
2012-09-02 13:45:27 -------- d-----w- c:\program files\AVAST Software
2012-09-02 13:45:27 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-09-02 06:06:22 -------- d-----w- c:\documents and settings\david p. clauss\application data\QuickScan
2012-09-02 05:24:13 -------- d-----w- c:\documents and settings\david p. clauss\application data\IObit
2012-09-02 05:24:07 -------- d-----w- c:\program files\IObit
2012-09-01 13:20:29 -------- d-----w- c:\documents and settings\david p. clauss\application data\SUPERAntiSpyware.com
2012-09-01 13:20:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-01 13:20:18 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-09-01 02:07:23 -------- d-----w- c:\documents and settings\david p. clauss\application data\ElevatedDiagnostics
2012-08-29 05:06:44 -------- d-----w- c:\program files\TightVNC
2012-08-29 05:06:44 -------- d-----w- c:\documents and settings\all users\application data\TightVNC
2012-08-28 05:40:11 -------- d-----w- c:\documents and settings\david p. clauss\application data\M8 Software
2012-08-28 05:37:57 -------- d-----w- c:\program files\Spartan
2012-08-26 06:02:35 -------- d-----w- c:\program files\CCleaner
2012-08-26 03:36:36 -------- d-----w- c:\documents and settings\david p. clauss\application data\JAM Software
2012-08-26 03:36:24 -------- d-----w- c:\program files\JAM Software
2012-08-26 03:15:33 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 12:59:42 129176 ----a-w- c:\program files\mozilla firefox\plugins\nprpplugin.dll
2012-08-14 16:36:27 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2012-08-14 16:36:27 21504 ----a-w- c:\windows\system32\hidserv.dll
2012-08-14 16:36:25 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-08-14 16:36:25 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-08-14 16:36:15 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2012-08-14 16:36:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2012-08-13 13:08:13 -------- d-----w- c:\program files\SecCopy
.
==================== Find3M ====================
.
2012-08-23 23:05:22 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-23 23:05:22 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-22 12:59:28 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-08-22 12:59:28 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-07-20 04:21:19 39016 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2012-07-20 04:21:13 31848 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ----a-w- c:\windows\system32\html.iec
2012-06-25 21:04:24 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-12 16:19:20 12992 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2012-06-12 16:19:08 16064 ----a-w- c:\windows\system32\drivers\pssnap.sys
2012-06-12 16:19:02 53952 ----a-w- c:\windows\system32\drivers\psmounter.sys
.
============= FINISH: 10:41:12.87 ===============



Results of screen317's Security Check version 0.99.50
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
AVG Internet Security Business Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
DH Driver Cleaner Professional Edition
Duplicate Cleaner 1.4.7b
ExifCleaner 1.5
JavaFX 2.1.1
Java™ 6 Update 35
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader X (10.1.4)
Mozilla Firefox (Firefox,. Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Firetrust MailWasher MailWasherPro.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 25% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````



# AdwCleaner v2.000 - Logfile created 09/06/2012 at 10:44:36
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David P. Clauss - PALADIN-3000
# Boot Mode : Normal
# Running from : C:\Documents and Settings\David P. Clauss\desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\DOCUME~1\DAVIDP~1.CLA\LOCALS~1\Temp\Uninstall.exe
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
Folder Found : C:\DOCUME~1\DAVIDP~1.CLA\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\DOCUME~1\DAVIDP~1.CLA\LOCALS~1\Temp\TempDir
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\David P. Clauss\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\David P. Clauss\Application Data\Mozilla\Firefox\Profiles\ynwp7op1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Found : C:\Documents and Settings\David P. Clauss\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\David P. Clauss\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\DAEMON Tools Toolbar
Folder Found : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AskToolbar
Key Found : HKCU\Software\AutocompletePro
Key Found : HKCU\Software\AutocompleteProBHO
Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartNow Toolbar
Key Found : HKCU\Software\Zugo
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Found : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Found : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro2_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutocompletePro2_is1
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\StartNow Toolbar
Key Found : HKU\S-1-5-21-448539723-688789844-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-448539723-688789844-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-448539723-688789844-682003330-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@predictad.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={B5AB0009-6C05-4D4D-A90D-D9BCD469EE31}&mid=b52f630307e4e3e3e803a1dfe155dafc-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&pr=pr&d=2012-09-05 11:59:22&v=12.2.0.5&sap=nt

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\David P. Clauss\Application Data\Mozilla\Firefox\Profiles\ynwp7op1.default\prefs.js

Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113959&tt=280612_6_&babsrc=NT_ss&m[...]
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=280612_6_");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "24c4b6ea000000000000001e9076bf3f");
Found : user_pref("extensions.BabylonToolbar_i.id", "24c4b6ea000000000000001e9076bf3f");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15519");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113959&tt=28061[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:41:53");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=113959&tt=280612_6_&babsrc=KW_ss&mntrId=2[...]
Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Found : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "lf.startnow.com");

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\David P. Clauss\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13630 octets] - [06/09/2012 10:44:36]

########## EOF - C:\AdwCleaner[R1].txt - [13691 octets] ##########

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:26 AM

Posted 08 September 2012 - 09:11 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 35
Java™ 6 Update 7


===

Remove the AdWare, PUP (Potentially Unwanted Program) found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the log and let me know what problem persists.

p.s.
Please reply in this topic.
Do not start a new one.

When ready use the Add Reply button.

#5 dpcofhwa

dpcofhwa
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:26 AM

Posted 09 September 2012 - 11:52 PM

I updated JAVA during the interval of the first posting and your communication. Below is the log after running adwcleaner. However, my TMP file is still in the "Documents and Settings - Primary User Name - Local Settings - Temp" folder. It began to populate itself earlier so I rebooted and deleted it. Apparently, it can be inhibited by either the Anti-virus or Super Antispyware depending on loading order. If they load first it remains at 0. If whatever is creating and utilizing the file gets the jump the file will begin to grow.

Here is the log file after running adwcleaner


# AdwCleaner v2.000 - Logfile created 09/09/2012 at 23:10:49
# Updated 30/08/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : David P. Clauss - PALADIN-3000
# Boot Mode : Normal
# Running from : C:\Documents and Settings\David P. Clauss\desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\David P. Clauss\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\David P. Clauss\Application Data\Mozilla\Firefox\Profiles\ynwp7op1.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
Folder Deleted : C:\Documents and Settings\David P. Clauss\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\David P. Clauss\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\DAEMON Tools Toolbar
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\AskToolbarInfo
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AutocompletePro
Key Deleted : HKCU\Software\AutocompleteProBHO
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartNow Toolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7E8A36EA-2501-4ED3-A3C8-CFA9143FB169}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\AutocompletePro.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Toolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO
Key Deleted : HKLM\SOFTWARE\Classes\SuggestMeYes.SuggestMeYesBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.BandObject.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.ToolbarHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro2_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\StartNow Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [support@predictad.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxps://isearch.avg.com/tab?cid={B5AB0009-6C05-4D4D-A90D-D9BCD469EE31}&mid=b52f630307e4e3e3e803a1dfe155dafc-9a17500a96d428a5cdb8b2643968b9a928fc107f&lang=en&ds=AVG&pr=pr&d=2012-09-05 11:59:22&v=12.2.0.5&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\David P. Clauss\Application Data\Mozilla\Firefox\Profiles\ynwp7op1.default\prefs.js

C:\Documents and Settings\David P. Clauss\Application Data\Mozilla\Firefox\Profiles\ynwp7op1.default\user.js ... Deleted !

Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Deleted : user_pref("avg.install.userSPSettings", "AVG Secure Search");
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113959&tt=280612_6_&babsrc=NT_ss&m[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113959&tt=280612_6_");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "24c4b6ea000000000000001e9076bf3f");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "24c4b6ea000000000000001e9076bf3f");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15519");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113959&tt=28061[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1711:41:53");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("keyword.URL", "hxxps://isearch.avg.com/search?cid=%7Bdbbebd9b-84d0-4901-a85e-eca2365bf75a[...]
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.name", "StartNow Toolbar");
Deleted : user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.startpage", "lf.startnow.com");

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\David P. Clauss\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13761 octets] - [06/09/2012 10:44:36]
AdwCleaner[R2].txt - [13822 octets] - [06/09/2012 11:01:52]
AdwCleaner[R3].txt - [13883 octets] - [07/09/2012 10:09:56]
AdwCleaner[S3].txt - [13743 octets] - [09/09/2012 23:10:49]

########## EOF - C:\AdwCleaner[S3].txt - [13804 octets] ##########

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:26 AM

Posted 10 September 2012 - 07:40 AM

Temp" folder. It began to populate itself earlier so I rebooted and deleted it. Apparently, it can be inhibited by either the Anti-virus or Super Antispyware depending on loading order.


The primary reason for Temp folder is used to create working files that are required by programs while in function.
A good program will delete it's files when you close is. In your case they are left behind.

Check the folder after a fresh restart and delete the files in the folder.

You can run this tool on occasions to clean all your temporary files.

Please download CCleaner (freeware) from .
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner.

The following should be selected by default, if not, please select:
Posted Image

Then please click Posted Image and choose Posted Image

Please uncheck Posted Image

Then go back to Posted Image and click Posted Image to run it.

If presented with an option to install 3rd party software, deny it.
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!.
Run the installer, and uncheck the option to install Yahoo toolbar (unless you want Yahoo toolbar).
Once installed, run CCleaner.

The following should be selected by default, if not, please select:
Posted Image

Then please click Posted Image and choose Posted Image

Please uncheck Posted Image

Then go back to Posted Image and click Posted Image to run it.

If presented with an option to install 3rd party software, deny it.
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think [url=http://api.viglink.com/api/click?format=go&drKey=1493&loc=http%3A%2F%2Fwww.techsupportforum.com%2Fforums%2Ff100%2Fgoogle-redirects-resubmitted-592716.html&v=1&libid=1314197167437&out=http%3A%2F%2Fusers.telenet.be%2Fbluepatchy%2Fmiekiemoes%2Fprevention.html&ref=http%3A%2F%2Fwww.techsupportforum.com%2Fforums%2Ff50%2Fredirect-gone-but-problems-are-not-596046.html&title=google%20redirects%20resubmitted%20-%20Tech%20Support%20Forum&txt=Prevention!&jsonp=vglnk_jsonp_13141972804942]Prevention!
===

Edited by nasdaq, 10 September 2012 - 07:41 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users