Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

firefox: infected with click.livesearchnow redirect issue


  • This topic is locked This topic is locked
30 replies to this topic

#1 dollymama23

dollymama23

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 26 February 2013 - 09:46 PM

I am guessing I have more issues than just this redirect, but nothing I've tried to cure this particular issue has worked so far. I had problems with IE and google chrome with redirects as well, so I haven't used them and might have even removed them from my pc completely. This issue is becoming pretty serious as I have younger children who use my pc also. When they get frustrated with the redirects happening all of the time, they go click crazy :nono: !!

 

Please help me!! Thanks in advance.



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 26 February 2013 - 10:02 PM


Hello dollymama23

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-
  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
information and logs
  • In your next post I need the following
    • both reports from DDS
      • report from security check
        • let me know of any problems you may have had
      Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 dollymama23

dollymama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 26 February 2013 - 10:33 PM

 Results of screen317's Security Check version 0.99.60  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
avast! Antivirus   
McAfee VirusScan   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Malwarebytes Anti-Malware version 1.70.0.1100  
 CCleaner     
 Java™ 6 Update 24  
 Java version out of Date!
 Adobe Flash Player     11.6.602.171  
 Adobe Reader XI  
 Mozilla Firefox (19.0)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUI.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 18% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by HP_Administrator at 22:30:47 on 2013-02-26
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.281 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: Norton Internet Worm Protection *Disabled*
FW: McAfee Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\SecurityCheck.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate09282012
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uProxyOverride = <local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
BHO: hpWebHelper Class: {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Verizon_UninstallTracking] c:\docume~1\hp_adm~1.you\locals~1\temp\IHU1D7.tmp.exe /uninstalltrackingvendor=Verizon
mRunOnce: [DeleteYahooUninstaller] command /c del c:\progra~1\yahoo!\common\UNINST~1.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxps://picasaweb.google.com/s/v/71.32/uploader2.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1348898877781
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DHCPNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{8D3A9867-2EDC-4291-80DE-B3A3870E38C6} : DHCPNameServer = 192.168.1.1
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\mozilla\firefox\profiles\6yx86k61.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.flylady.net/c/lp.php
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 47392
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\hp_administrator.your-4dacd0ea75\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\documents and settings\hp_administrator.your-4dacd0ea75\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - ExtSQL: 2013-02-25 23:54; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-25 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-25 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-25 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-25 44808]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
RUnknown SASKUTIL;SASKUTIL; [x]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-9 14336]
S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]
.
=============== Created Last 30 ================
.
2013-02-26 03:06:48    738504    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-26 03:06:05    41224    ----a-w-    c:\windows\avastSS.scr
2013-02-26 03:05:43    --------    d-----w-    c:\program files\AVAST Software
2013-02-26 03:05:43    --------    d-----w-    c:\documents and settings\all users\application data\AVAST Software
2013-02-26 02:47:19    --------    d-----w-    c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\SUPERAntiSpyware.com
2013-02-26 02:47:10    --------    d-----w-    c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-02-26 01:48:38    --------    d-----w-    c:\documents and settings\hp_administrator.your-4dacd0ea75\application data\Malwarebytes
2013-02-26 01:48:28    --------    d-----w-    c:\documents and settings\all users\application data\Malwarebytes
2013-02-26 01:48:27    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-02-26 01:48:27    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-06 06:34:06    --------    d-----w-    c:\program files\Mozilla Firefox.bak
.
==================== Find3M  ====================
.
2013-02-27 02:43:51    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 02:43:50    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53:21    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-26 03:55:44    552448    ------w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19:45    2148864    ------w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01    2027520    ------w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49:10    1292288    ------w-    c:\windows\system32\quartz.dll
2012-12-26 20:16:29    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16:28    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59    385024    ----a-w-    c:\windows\system32\html.iec
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
.
============= FINISH: 22:32:00.46 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/16/2010 9:18:42 PM
System Uptime: 2/26/2013 1:18:01 AM (21 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | LEUCITE
Processor:               Intel® Pentium® D CPU 2.80GHz | Socket 775 | 2800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 177 GiB total, 82.397 GiB free.
D: is FIXED (FAT32) - 9 GiB total, 0.451 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.01)
Adobe Shockwave Player 11.6
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
Alien Outbreak 2
Ancient Sudoku
Apple Application Support
Apple Software Update
ArcSoft Panorama Maker 4
avast! Free Antivirus
Bejeweled 2 Deluxe
Big Kahuna Reef
Blackhawk Striker 2
Blasterball 2 Remix
Blasterball 2 Revolution
Bookworm Deluxe
Bounce Symphony
Brother MFL-Pro Suite
BufferChm
CameraDrivers
CameraUserGuides
CCleaner
Chuzzle Deluxe
Coupon Printer for Windows
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
Data Fax SoftModem with SmartCP
Destinations
DeviceManagementQFolder
Diner Dash
DISCover
DivX Setup
DocProc
DocumentViewer
Easy Internet Sign-up
Enhanced Multimedia Keyboard Solution
Fairies
Family Feud
FATE
Fax
Fax_CDA
File Uploader
Flip Words
FullDPAppQFolder
GemMaster Mystic
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 10 (KB910393)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Document Viewer 6.1
HP DVD Play 2.1
HP Game Console
HP Imaging Device Functions 7.0
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Photosmart Cameras 6.0
HP Photosmart for Media Center PC
HP Photosmart Premier Software 6.5
HP PSC & OfficeJet 5.3.B
HP PSC & OfficeJet 6.1.A
HP Rhapsody
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
hpiCamDrvQFolder
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
IHA_MessageCenter
Insaniquarium Deluxe
InstantShareDevices
Intel Matrix Storage Manager
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
Intel® Quick Resume Technology Drivers
Intel® Viiv™ Software
Java Auto Updater
Java™ 6 Update 24
Jewel Quest
LightScribe System Software  1.10.19.1
Mah Jong Quest
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.0 Hotfix (KB979904)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2006
Microsoft Office 2003 Edition 60 Days Trial Welcome Tour
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Picture It! Publishing 2001
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Mozilla Firefox 19.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee autoProducer 5.0
muvee autoProducer unPlugged 2.0
Mystery Case Files
Nero 8 Essentials
neroxml
Netscape Browser (remove only)
NewCopy
NewCopy_CDA
Nikon Message Center
Nikon Transfer
OptionalContentQFolder
Otto
PanoStandAlone
PaperPort
PC-Doctor 5 for Windows
PhotoGallery
Poker Superstars
Polar Bowler
Polar Golfer
PSPrinters08
PSTAPlugin
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
Radialpoint Servicepoint Dashboard Extensions version 11.7.24.5
RandMap
Readme
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Ricochet Lost Worlds
SAMSUNG USB Driver for Mobile Phones
Scan
ScannerCopy
SCRABBLE
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Shockwave
SkinsHP1
SlideShow
SlideShowMusic
Slingo Deluxe
Snowy The Bears Adventure
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Status
Super Granny
swMSM
Tennis Titans
TMNT
Toolbox
Tornado Jockey
Tradewinds
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Media Player 10 (KB913800)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Updates from HP (remove only)
VC80CRTRedist - 8.0.50727.6195
VCRedistSetup
Verizon Help and Support Tool
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
Yahoo! BrowserPlus 2.9.8
Yahoo! Software Update
YouTube Downloader 2.7
.
==== Event Viewer Messages From Past Week ========
.
2/25/2013 8:48:50 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
2/25/2013 8:41:55 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  Fips intelppm MpFilter
2/25/2013 8:29:11 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip
2/25/2013 8:29:11 PM, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
2/25/2013 8:29:11 PM, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/25/2013 8:29:11 PM, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
2/25/2013 8:29:11 PM, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
2/25/2013 11:14:33 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/25/2013 10:18:15 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2/25/2013 10:14:16 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/25/2013 10:06:39 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
2/22/2013 2:07:39 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x8007f070: Security Update for Microsoft .NET Framework 1.0 SP3 on Windows XP Tablet PC and Media Center (KB2742607).
2/22/2013 2:06:47 AM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1.
2/21/2013 8:48:00 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3}
2/21/2013 8:42:39 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service YahooAUService with arguments "" in order to run the server: {3D369E3A-9EDF-46C4-B4BC-47BF3304BF7C}
.
==== End Of File ===========================
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 26 February 2013 - 10:40 PM


Hello dollymama23


These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 dollymama23

dollymama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 26 February 2013 - 11:05 PM

I have not ran into any problems with doing what you have told me to. Thanks for the easy steps and support!!

 

 

# AdwCleaner v2.113 - Logfile created 02/26/2013 at 22:47:39
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - YOUR-4DACD0EA75
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

-\\ Google Chrome v [Unable to get version]

*************************

AdwCleaner[S1].txt - [2059 octets] - [26/02/2013 22:47:39]

########## EOF - C:\AdwCleaner[S1].txt - [2119 octets] ##########
 

 

RogueKiller V8.5.2 [Feb 23 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : HP_Administrator [Admin rights]
Mode : Scan -- Date : 02/26/2013 23:01:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] IHU1D7.tmp.exe -- C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\IHU1D7.tmp.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : Verizon_UninstallTracking (C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\IHU1D7.tmp.exe /uninstalltrackingvendor=Verizon) [-] -> FOUND
[TASK][SUSP PATH] Norton Product InstallerIdle.job : C:\Documents and Settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\Adobe\Shockwave 11\SymInstallStub.exe /partnerid=adobe /productlist=pccu /staging=false /delay=0 /debug /desktopshortcut=1 /startmenushortcut=1 /launchedby=4 [x] -> FOUND
[HJ] HKLM\[...]\SystemRestore : DisableSR (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3200827AS +++++
--- User ---
[MBR] 584597a12a6699573d531742885a4c46
[BSP] 05e3161cf4ce79602881f99911e8893d : Toshiba MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 181750 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 372242115 | Size: 9020 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02262013_02d2301.txt >>
RKreport[1]_S_02262013_02d2301.txt


 



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 26 February 2013 - 11:16 PM


Hello dollymama23

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 dollymama23

dollymama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 26 February 2013 - 11:32 PM

I just ran into an error.

Combofix has shown a warning that McAfee VirusScan is active. So, first off.. I was unaware that I have such a program on my pc. It is not listed in Control Panel: Add or Remove Programs and I do not use that program. What to do about this??



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 27 February 2013 - 12:14 AM

Go ahead and let combofix run


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 dollymama23

dollymama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 27 February 2013 - 01:55 AM

As you wish. It gave me a warning that it would be done at my own risk. It rebooted the pc and then produced this log:

 

 

ComboFix 13-02-26.01 - HP_Administrator 02/27/2013   1:07.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.590 [GMT -5:00]
Running from: c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: McAfee VirusScan *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Bailee Ryland\WINDOWS
c:\documents and settings\Breena RyAnn\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\GoToAssistDownloadHelper.exe
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\WINDOWS
c:\documents and settings\HP_Administrator\WINDOWS
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ReadMe.txt
c:\windows\system32\SET1631.tmp
c:\windows\system32\SET1636.tmp
c:\windows\system32\Thumbs.db
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\windrv.sys
c:\windows\wininit.ini
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-27 to 2013-02-27  )))))))))))))))))))))))))))))))
.
.
2013-02-27 05:21 . 2013-02-27 05:21    --------    d-----w-    c:\program files\Citrix
2013-02-27 05:17 . 2013-02-27 05:17    --------    d-----w-    c:\program files\McAfee
2013-02-27 03:15 . 2013-02-27 03:15    --------    d-----w-    c:\documents and settings\All Users\Application Data\Motive
2013-02-26 03:06 . 2012-10-30 23:51    361032    ----a-w-    c:\windows\system32\drivers\aswSP.sys
2013-02-26 03:06 . 2012-10-30 23:51    21256    ----a-w-    c:\windows\system32\drivers\aswFsBlk.sys
2013-02-26 03:06 . 2012-10-30 23:51    54232    ----a-w-    c:\windows\system32\drivers\aswTdi.sys
2013-02-26 03:06 . 2012-10-30 23:51    35928    ----a-w-    c:\windows\system32\drivers\aswRdr.sys
2013-02-26 03:06 . 2012-10-30 23:51    738504    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2013-02-26 03:06 . 2012-10-30 23:51    97608    ----a-w-    c:\windows\system32\drivers\aswmon2.sys
2013-02-26 03:06 . 2012-10-30 23:51    89752    ----a-w-    c:\windows\system32\drivers\aswmon.sys
2013-02-26 03:06 . 2012-10-30 23:51    25256    ----a-w-    c:\windows\system32\drivers\aavmker4.sys
2013-02-26 03:06 . 2012-10-30 23:51    41224    ----a-w-    c:\windows\avastSS.scr
2013-02-26 03:06 . 2012-10-30 23:50    227648    ----a-w-    c:\windows\system32\aswBoot.exe
2013-02-26 03:05 . 2013-02-26 03:05    --------    d-----w-    c:\program files\AVAST Software
2013-02-26 03:05 . 2013-02-26 03:05    --------    d-----w-    c:\documents and settings\All Users\Application Data\AVAST Software
2013-02-26 02:47 . 2013-02-26 02:47    --------    d-----w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\SUPERAntiSpyware.com
2013-02-26 02:47 . 2013-02-26 02:47    --------    d-----w-    c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-02-26 01:48 . 2013-02-26 01:48    --------    d-----w-    c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes
2013-02-26 01:48 . 2013-02-26 01:48    --------    d-----w-    c:\documents and settings\All Users\Application Data\Malwarebytes
2013-02-26 01:48 . 2013-02-26 01:48    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-02-26 01:48 . 2012-12-14 21:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-01-31 17:48 . 2013-01-31 17:48    --------    d-sh--w-    c:\documents and settings\Breena RyAnn\PrivacIE
2013-01-31 17:48 . 2013-01-31 17:48    --------    d-----w-    c:\documents and settings\Breena RyAnn\Local Settings\Application Data\Yahoo
2013-01-31 17:48 . 2013-01-31 17:48    --------    d-----w-    c:\documents and settings\Breena RyAnn\Application Data\Yahoo!
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 02:43 . 2012-09-29 05:51    691568    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-02-27 02:43 . 2011-05-14 00:04    71024    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-02-12 18:36    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-26 03:55 . 2004-08-10 04:00    552448    ------w-    c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-10 11:00    2148864    ------w-    c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-10 11:00    2027520    ------w-    c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-10 04:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-10 04:00    1292288    ------w-    c:\windows\system32\quartz.dll
2012-12-26 20:16 . 2004-08-10 04:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-10 04:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-10 04:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-10 04:00    385024    ----a-w-    c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-10 04:00    290560    ----a-w-    c:\windows\system32\atmfd.dll
2013-02-20 19:33 . 2013-02-20 19:32    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-13 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk.disabled [2006-6-13 1819]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-6-13 36903]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HsdService]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12    15360    ----a-w-    c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
2005-03-17 18:45    40960    ----a-w-    c:\program files\ScanSoft\PaperPort\IndexSearch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
2010-03-17 20:55    1565696    ----a-w-    c:\program files\Verizon\McciTrayApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"YahooAUService"=2 (0x2)
"WPFFontCache_v0400"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"tgsrvc_verizondm"=2 (0x2)
"sprtsvc_verizondm"=2 (0x2)
"ServicepointService"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"OnlineBackupSchedulerService"=2 (0x2)
"NMIndexingService"=3 (0x3)
"Nero BackItUp Scheduler 3"=2 (0x2)
"MsMpSvc"=2 (0x2)
"MDM"=2 (0x2)
"McciCMService"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IHA_MessageCenter"=2 (0x2)
"IDriverT"=3 (0x3)
"IAANTMon"=2 (0x2)
"FilesystemWatcher"=2 (0x2)
"ELService"=2 (0x2)
"aspnet_state"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"SetDefPrt"=c:\program files\Brother\Brmfl06a\BrStDvPt.exe
"PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe
"NeroFilterCheck"=c:\program files\Common Files\Nero\Lib\NeroCheck.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"HPHUPD08"=c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
"HP Software Update"=c:\program files\HP\HP Software Update\HPwuSchd2.exe
"DiscUpdateManager"=c:\program files\DISC\DiscUpdMgr.exe
"DISCover"=c:\program files\DISC\DISCover.exe
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe"  -osboot
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Nikon Transfer Monitor"=c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"50000:UDP"= 50000:UDP:IHA_MessageCenter
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/25/2013 10:06 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/25/2013 10:06 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/25/2013 10:06 PM 21256]
S4 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [10/13/2010 5:06 PM 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-10-18 19:25    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 02:43]
.
2013-02-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-26 23:50]
.
2012-11-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-592471782-3332125518-4203757176-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-02-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-592471782-3332125518-4203757176-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-02-27 c:\windows\Tasks\ReclaimerUpdateFiles_HP_Administrator.job
- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-08 00:05]
.
2013-02-27 c:\windows\Tasks\ReclaimerUpdateXML_HP_Administrator.job
- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-08 00:05]
.
2012-11-17 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_HP_Administrator.job
- c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.20\agent\rnupgagent.exe [2012-10-08 00:05]
.
2013-02-25 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-05-28 19:31]
.
2013-02-24 c:\windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2010-05-28 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://xfinity.comcast.net/?cid=insDate09282012
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
Trusted Zone: microsoft.com\www.update
Trusted Zone: trymedia.com
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\HP_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\6yx86k61.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.flylady.net/c/lp.php
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 47392
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-25 23:54; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Online Backup Auto Update - c:\program files\Verizon\Online Backup & Sharing\Auto Update\OnlineBackup.UpdateSystemTray.exe
MSConfigStartUp-Vault Explorer Cache Watcher - c:\program files\Verizon\Online Backup & Sharing\vewatch.exe
MSConfigStartUp-VERIZONDM - c:\program files\VERIZONDM\bin\sprtcmd.exe
MSConfigStartUp-VerizonServicepoint - c:\program files\Verizon\VSP\VerizonServicepoint.exe
AddRemove-Verizon Help and Support - c:\program files\Verizon\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-RadialpointServicepointDashboardExtensions_is1 - c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\is-8LEB4.tmp\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-27 01:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_171_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1416)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1.YOU\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\IME\SPGRMR.DLL
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\RTHDCPL.EXE
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2013-02-27  01:48:27 - machine was rebooted
ComboFix-quarantined-files.txt  2013-02-27 06:48
.
Pre-Run: 88,434,999,296 bytes free
Post-Run: 88,809,123,840 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition Safe Mode" /noexecute=optin /fastdetect /safeboot:network
.
- - End Of File - - 53710EF6407B230FC2F737AD6C636FE0
 



#10 dollymama23

dollymama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 27 February 2013 - 02:16 AM

I have a question though. Why does the log show McAfee and Norton at the top of the log? I have neither program on my pc, and to my knowledge, never did. How do I go about removing any files associated with those antivirus programs and such?

 

The computer is not showing any redirect activity as of now!!  :thumbsup: 

But I have windows update issues that fail now. I have had one in particular that has been very troublesome, pertaining to the .NET FRAMEWORK and never had luck installing correctly.. the .net framework 1.1 sp1.even with Microsoft's assistance and many many hours of trying to figure it out in other ways. The only thing Microsoft actually did was keep removing it from my critical updates and placing it in the "optional" category of updates. (It does not stay there, though. It ends up back in the critical) Do you have experience with this? Right now, I have other .net framework updates as well. And one for a update rollup 2 for xp and a root certificate update also. ALL downloaded, but failed. :(



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 27 February 2013 - 02:19 AM

How are things doing now?
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 dollymama23

dollymama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 27 February 2013 - 02:25 AM

The computer is not showing any redirect activity as of now!!  :thumbsup:

 

Why does the log show McAfee and Norton at
the top of the log? I have neither program on my pc, and to my
knowledge, never did. How do I go about removing any files associated
with those antivirus programs and such?

 

And I have windows update issues that fail now. I have had one in
particular that has been very troublesome, pertaining to the .NET
FRAMEWORK and never had luck installing correctly.. the .net framework
1.1 sp1.even with Microsoft's assistance and many many hours of trying
to figure it out in other ways. The only thing Microsoft actually did
was keep removing it from my critical updates and placing it in the
"optional" category of updates. (It does not stay there, though. It ends
up back in the critical) Do you have experience with this? Right now, I
have other .net framework updates as well. And one for a update rollup 2
for xp and a root certificate update also. ALL downloaded, but failed. :(



#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:39 PM

Posted 27 February 2013 - 02:25 AM

lets try thier removal tools


Norton - https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us


MaCafee - http://service.mcafee.com/FAQDocument.aspx?id=TS101331
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 dollymama23

dollymama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 27 February 2013 - 09:29 PM

No success with the removal tools.. maybe I shouldn't worry about it and get this pc ready for a complete system wipe soon. ?



#15 dollymama23

dollymama23
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 28 February 2013 - 01:43 PM

So, are we finished now? What about all these tools and logs on my desktop. Surely that wasn't the final step. Or was it?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users