Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 7/8 starts/locks up after trojan removal(?) - Win XP SP3


  • This topic is locked This topic is locked
9 replies to this topic

#1 JamesMacF

JamesMacF

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 15 April 2013 - 05:13 PM

(this is being moved from

http://www.bleepingcomputer.com/forums/t/491520/ie-78-startslocks-up-after-trojan-removal-win-xp-sp3/ 

I've been working on this computer for a few days now, and am beyond my knowledge.

 

Viper Business (AV from Sunbelt) detected and removed what they called Trojan.Win32.Generic!BT. I have since updated and scanned with Malware Bytes and Spybot S&D, and updated Spyware Blaster. I have also ran TDSSKiller and Minitoolbox. Everything is coming up clean, except still seeing occasional tracking cookies.

 

I don't seem to be having any problems with any other programs except IE. Firefox runs fine. The PC had IE7 on it before this happened; in the course of trying to fix it I installed IE8. The installation seemed to go fine. When I go to start IE (both 7 and 8 are same here), the home page starts to load and I get an message saying 'IE is not your default browser, would you like to make it so' (or close to that, it is the standard default browser message I see all the time), and whether I click yes or no it just sits there spinning its wheels and eventually says 'Internet Explorer is not responding'. I can close it out with taskmanager, but then go to restart it again or even after a reboot, get the same thing.

 

Currently I only have a Remote Desktop Connection to this PC, so haven't been able to try this with a safeboot. I may be able to physically get to the PC this coming week, so I am trying to get everything set up for this if needed.

 

Thank you so much for any help you can give me.

 

Here are the DDS files:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by administrator at 17:59:02 on 2013-04-15
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1918.1038 [GMT -4:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Documents and Settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\GFI Software\GFIAgent\SBAMSvc.exe
C:\Program Files\GFI Software\GFIAgent\SBPIMSvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\NCR\Passport Web Edition\pwecsrvc.exe
C:\Program Files\GFI Software\GFIAgent\SBAMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.hp.com
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\documents and settings\georgie.cain.vp\application data\qwiklinx\Qwiklinx.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\documents and settings\georgie.cain.vp\application data\defaulttab\defaulttab\DefaultTabBHO.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [Conime] c:\windows\system32\conime.exe
mRun: [Passport Web Edition Client] c:\program files\ncr\passport web edition\pwecsrvc.exe
mRun: [SBAMTray] "c:\program files\gfi software\gfiagent\SBAMTray.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242994510687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - file://vpav/VPHOME/CLT-INST/WEBINST/webinst.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F91AB7B8-EE67-42AF-A5AA-8E232C396A04} - hxxps://credit.getbis.com/cabs/htmlprint.cab
TCP: NameServer = 192.168.0.23 4.2.2.2 4.2.2.3
TCP: Interfaces\{183CE510-98BA-4686-9EB6-673686009707} : DHCPNameServer = 192.168.0.23 4.2.2.2 4.2.2.3
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator.vp\application data\mozilla\firefox\profiles\1m0c7my9.default-1365722938421\
FF - plugin: c:\documents and settings\jennifer.moline\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-04-12 12:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\administrator.vp\application data\mozilla\firefox\profiles\1m0c7my9.default-1365722938421\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-12 12:24; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\administrator.vp\application data\mozilla\firefox\profiles\1m0c7my9.default-1365722938421\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2010-9-25 22064]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2010-4-9 222368]
R2 DefaultTabUpdate;DefaultTabUpdate;c:\documents and settings\georgie.cain.vp\application data\defaulttab\defaulttab\DTUpdate.exe [2012-8-29 107520]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\EKAiOHostService.exe [2011-12-19 394672]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2007-9-18 540184]
R2 SBAMSvc;VIPRE Business;c:\program files\gfi software\gfiagent\SBAMSvc.exe [2012-10-16 3675976]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2010-9-25 66344]
R2 SBPIMSvc;SB Recovery Service;c:\program files\gfi software\gfiagent\SBPIMSvc.exe [2012-10-16 175496]
R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [2009-6-3 54016]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\sminst\virtdisk.sys [2007-9-18 57344]
.
=============== File Associations ===============
.
ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe"
ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe"
.
=============== Created Last 30 ================
.
2013-04-12 16:30:28    --------    d-----w-    c:\documents and settings\administrator.vp\application data\ElevatedDiagnostics
2013-04-11 23:05:54    --------    dc-h--w-    c:\windows\ie8
2013-04-11 22:43:35    --------    d-----w-    c:\documents and settings\administrator.vp\local settings\application data\Temp
2013-04-11 16:57:41    --------    d-----w-    c:\documents and settings\all users\application data\Licenses
2013-04-11 16:43:23    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-11 16:43:23    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-04-09 17:26:05    --------    d-----w-    c:\documents and settings\administrator.vp\local settings\application data\Sun
2013-04-09 17:24:39    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-04-09 17:22:37    --------    d-----w-    c:\documents and settings\administrator.vp\application data\FromDocToPDF_65
2013-04-09 17:21:54    --------    d-----w-    c:\documents and settings\administrator.vp\local settings\application data\Conduit
2013-04-09 17:17:08    --------    d-----w-    c:\documents and settings\administrator.vp\local settings\application data\Google
2013-04-09 17:14:57    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-03-18 09:16:02    12928    ------w-    c:\windows\system32\dllcache\usb8023x.sys
2013-03-18 09:16:02    12928    ------w-    c:\windows\system32\dllcache\usb8023.sys
.
==================== Find3M  ====================
.
2013-04-09 17:14:38    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-04-09 17:14:37    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-04-09 17:14:37    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-08 08:36:22    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32:25    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06:31    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06:30    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06:30    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25:02    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08:47    385024    ------w-    c:\windows\system32\html.iec
2013-02-27 07:56:51    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32:23    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
2013-01-26 03:55:44    552448    ----a-w-    c:\windows\system32\oleaut32.dll
.
============= FINISH: 17:59:43.60 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/22/2009 7:24:16 AM
System Uptime: 4/13/2013 6:23:32 AM (59 hours ago)
.
Motherboard: MSI |  | 0A7C
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket M2  | 2094/199mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 65 GiB total, 28.362 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.233 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP859: 3/12/2013 4:49:49 AM - System Checkpoint
RP860: 3/13/2013 6:01:27 AM - System Checkpoint
RP861: 3/14/2013 3:01:23 AM - Software Distribution Service 3.0
RP862: 3/15/2013 4:36:54 AM - System Checkpoint
RP863: 3/16/2013 4:46:40 AM - System Checkpoint
RP864: 3/17/2013 6:21:45 AM - System Checkpoint
RP865: 3/18/2013 6:41:46 AM - System Checkpoint
RP866: 3/18/2013 5:01:37 PM - Software Distribution Service 3.0
RP867: 3/19/2013 5:17:29 PM - System Checkpoint
RP868: 3/20/2013 5:24:43 PM - System Checkpoint
RP869: 3/21/2013 5:38:08 PM - System Checkpoint
RP870: 3/22/2013 6:34:28 PM - System Checkpoint
RP871: 3/23/2013 9:34:38 PM - System Checkpoint
RP872: 3/25/2013 12:34:18 PM - System Checkpoint
RP873: 3/26/2013 12:48:13 PM - System Checkpoint
RP874: 3/27/2013 5:22:58 PM - System Checkpoint
RP875: 3/28/2013 5:29:00 PM - System Checkpoint
RP876: 3/29/2013 6:29:00 PM - System Checkpoint
RP877: 3/30/2013 7:29:00 PM - System Checkpoint
RP878: 3/31/2013 8:29:00 PM - System Checkpoint
RP879: 4/1/2013 9:29:01 PM - System Checkpoint
RP880: 4/2/2013 10:29:00 PM - System Checkpoint
RP881: 4/3/2013 11:29:01 PM - System Checkpoint
RP882: 4/5/2013 12:29:00 AM - System Checkpoint
RP883: 4/6/2013 1:29:00 AM - System Checkpoint
RP884: 4/7/2013 2:29:00 AM - System Checkpoint
RP885: 4/8/2013 3:29:00 AM - System Checkpoint
RP886: 4/9/2013 4:09:45 AM - System Checkpoint
RP887: 4/9/2013 1:13:48 PM - Removed Java™ 6 Update 32
RP888: 4/9/2013 1:14:26 PM - Installed Java 7 Update 17
RP889: 4/9/2013 1:35:50 PM - Software Distribution Service 3.0
RP890: 4/9/2013 1:43:34 PM - Installed Windows Internet Explorer 8.
RP891: 4/9/2013 1:44:23 PM - Software Distribution Service 3.0
RP892: 4/10/2013 4:00:25 AM - Software Distribution Service 3.0
RP893: 4/10/2013 9:11:28 AM - Software Distribution Service 3.0
RP894: 4/11/2013 5:19:17 PM - System Checkpoint
RP895: 4/11/2013 6:18:23 PM - Removed Bonjour
RP896: 4/11/2013 6:39:40 PM - Removed Java™ SE Runtime Environment 6 Update 1
RP897: 4/11/2013 7:07:12 PM - Installed Windows Internet Explorer 8.
RP898: 4/11/2013 7:08:13 PM - Software Distribution Service 3.0
RP899: 4/11/2013 7:17:26 PM - Software Distribution Service 3.0
RP900: 4/12/2013 7:41:33 PM - System Checkpoint
RP901: 4/13/2013 7:42:00 PM - System Checkpoint
RP902: 4/15/2013 4:21:40 AM - System Checkpoint
.
==== Installed Programs ======================
.
2007 Microsoft Office system
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11
aioprnt
aioscnnr
ATI - Software Uninstall Utility
ATI Display Driver
AusLogics Disk Defrag
Business Contact Manager for Outlook 2007 SP2
CCleaner (remove only)
center
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Dual-Core Optimizer
essentials
GFI Business Agent
Google Apps Migration For Microsoft Outlook® 2.3.12.34
Google Apps Sync™ for Microsoft Outlook® 3.2.353.947
Google Update Helper
GoZone iSync
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP Help and Support
HpSdpAppCoreApp
IBM iSeries Access for Windows
Internet Explorer (Enable DEP)
InterVideo Register Manager
InterVideo WinDVD
Java 7 Update 17
Java Auto Updater
KMnet Viewer
Kodak AIO Printer
KODAK AiO Software
ksDIP
Kyocera Product Library
Lexmark Printer Software Uninstall
LightScribe  1.4.142.1
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
mp
mpmri
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
NetAssistant
ocr
PDF Complete
PreReq
Qwiklinx
Realtek High Definition Audio Driver
Remote Deposit Service 5.0
RemoteDepositWebClient
Roxio Audio Module
Roxio Copy Module
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator Tools
Roxio Data Module
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
SDMSSplash
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Sonic Activation Module
Spybot - Search & Destroy
SpywareBlaster 5.0
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
Windows Driver Package - Digital Check Corporation (TSUSB2) USB  (04/02/2010 1.10.0000)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows PowerShell™ 1.0 MUI pack
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
4/9/2013 1:49:42 PM, error: ati2mtag [44044]  - I2c return failed
4/9/2013 1:21:12 PM, error: Print [33]  - The PrintQueue Container could not be found because the DNS Domain name could not be retrieved.  Error: 6ba
4/9/2013 1:21:05 PM, error: TermServDevices [1111]  - Driver Lexmark Universal v2 required for printer !!vpdc.vp.local!Lexmark X364DN is unknown. Contact the administrator to install the driver before you log in again.
4/9/2013 1:21:04 PM, error: TermServDevices [1111]  - Driver Xerox WorkCentre 7120 PCL6 required for printer Xerox WorkCentre 7120 PCL6 is unknown. Contact the administrator to install the driver before you log in again.
4/9/2013 1:21:04 PM, error: TermServDevices [1111]  - Driver RICOH Aficio 2045e RPCS required for printer RICOH Aficio 2045e RPCS is unknown. Contact the administrator to install the driver before you log in again.
4/9/2013 1:21:04 PM, error: TermServDevices [1111]  - Driver HP Deskjet D4100 series required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
4/9/2013 1:21:03 PM, error: TermServDevices [1111]  - Driver RICOH Aficio 2045e PCL 6 required for printer RICOH Aficio 2045e PCL 6 is unknown. Contact the administrator to install the driver before you log in again.
4/9/2013 1:21:00 PM, error: TermServDevices [1111]  - Driver Microsoft Office Live Meeting 2007 Document Writer Driver required for printer Microsoft Office Live Meeting 2007 Document Writer is unknown. Contact the administrator to install the driver before you log in again.
4/9/2013 1:21:00 PM, error: TermServDevices [1111]  - Driver Lexmark Universal v2 required for printer !!vpdc!Lexmark T642 is unknown. Contact the administrator to install the driver before you log in again.
4/9/2013 1:21:00 PM, error: TermServDevices [1111]  - Driver LAN-Fax M3 required for printer LAN-Fax M3 is unknown. Contact the administrator to install the driver before you log in again.
4/9/2013 1:20:46 PM, error: NETLOGON [5719]  - No Domain Controller is available for domain VP due to the following:  The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
4/15/2013 4:02:27 AM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk0\D.
4/12/2013 7:37:36 AM, error: NETLOGON [5719]  - No Domain Controller is available for domain VP due to the following:  There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================
 

 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,207 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 16 April 2013 - 09:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 JamesMacF

JamesMacF
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 16 April 2013 - 09:33 PM

ComboFix 13-04-15.01 - administrator 04/16/2013  20:04:21.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1918.1194 [GMT -4:00]
Running from: c:\documents and settings\Administrator.VP\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\addon.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\amazon_ie.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\DefaultTabStart64.exe
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\DefaultTabWrap64.dll
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\DT.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\DTUpdate.exe
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\ebay_ie.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\facebook_ie.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\imdb_ie.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\search_here_ie.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\searchhere.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\twitter_ie.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\documents and settings\georgie.cain.VP\Application Data\DefaultTab\DefaultTab\youtube_ie.ico
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\1.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\16894.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\2247.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\2443.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\2626.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\2867.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\2967.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\3203.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\478.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\484.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\5375.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\6574.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\6781.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\7016.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\946.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\9551.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\a.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\b.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\c.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\d.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\e.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\f.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\g.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\h.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\i.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\j.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\k.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\l.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\m.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\n.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\o.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\p.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\q.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\r.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\s.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\t.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\u.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\v.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\w.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\x.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\y.txt
c:\documents and settings\georgie.cain.VP\Application Data\PriceGong\Data\z.txt
c:\documents and settings\georgie.cain.VP\g2mdlhlpx.exe
c:\documents and settings\georgie.cain.VP\My Documents\ShopToWin
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
D:\Autorun.inf
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DefaultTabUpdate
-------\Legacy_DefaultTabUpdate
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
(((((((((((((((((((((((((   Files Created from 2013-03-17 to 2013-04-17  )))))))))))))))))))))))))))))))
.
.
2013-04-12 16:30 . 2013-04-12 16:36    --------    d-----w-    c:\documents and settings\Administrator.VP\Application Data\ElevatedDiagnostics
2013-04-11 23:05 . 2013-04-11 23:07    --------    dc-h--w-    c:\windows\ie8
2013-04-11 22:43 . 2013-04-11 22:43    --------    d-----w-    c:\documents and settings\Administrator.VP\Local Settings\Application Data\Temp
2013-04-11 16:57 . 2013-04-11 16:57    --------    d-----w-    c:\documents and settings\All Users\Application Data\Licenses
2013-04-11 16:43 . 2013-04-11 16:44    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-04-11 16:43 . 2013-04-04 18:50    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-04-09 17:55 . 2013-04-09 17:55    --------    d-----w-    c:\documents and settings\georgie.cain.VP\Local Settings\Application Data\Sun
2013-04-09 17:26 . 2013-04-09 17:26    --------    d-----w-    c:\documents and settings\Administrator.VP\Local Settings\Application Data\Sun
2013-04-09 17:24 . 2013-04-11 23:37    --------    d-----w-    c:\program files\Mozilla Maintenance Service
2013-04-09 17:22 . 2013-04-09 17:22    --------    d-----w-    c:\documents and settings\Administrator.VP\Application Data\FromDocToPDF_65
2013-04-09 17:21 . 2013-04-09 17:21    --------    d-----w-    c:\documents and settings\Administrator.VP\Local Settings\Application Data\Conduit
2013-04-09 17:17 . 2013-04-11 22:49    --------    d-----w-    c:\documents and settings\Administrator.VP\Local Settings\Application Data\Google
2013-04-09 17:16 . 2013-04-11 22:53    --------    d-----w-    c:\documents and settings\Administrator.VP\Application Data\Yahoo!
2013-04-09 17:14 . 2013-04-09 17:14    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-04-08 13:26 . 2013-04-08 13:26    --------    d-----w-    c:\documents and settings\georgie.cain.VP\Local Settings\Application Data\Mozilla
2013-03-18 09:16 . 2013-02-12 00:32    12928    ------w-    c:\windows\system32\dllcache\usb8023x.sys
2013-03-18 09:16 . 2013-02-12 00:32    12928    ------w-    c:\windows\system32\dllcache\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-09 17:14 . 2007-09-18 20:53    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2013-04-09 17:14 . 2012-05-07 13:00    861088    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-04-09 17:14 . 2011-03-16 20:19    782240    ----a-w-    c:\windows\system32\deployJava1.dll
2013-03-08 08:36 . 2006-02-28 02:00    293376    ----a-w-    c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2006-02-28 02:00    2149888    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2006-02-28 02:00    2028544    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-03-02 02:06 . 2006-02-28 02:00    916480    ----a-w-    c:\windows\system32\wininet.dll
2013-03-02 02:06 . 2011-06-16 06:42    43520    ------w-    c:\windows\system32\licmgr10.dll
2013-03-02 02:06 . 2011-06-16 06:42    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2013-03-02 01:25 . 2006-02-28 02:00    1867264    ----a-w-    c:\windows\system32\win32k.sys
2013-03-02 01:08 . 2011-06-16 06:42    385024    ------w-    c:\windows\system32\html.iec
2013-02-27 07:56 . 2006-02-28 02:00    2067456    ----a-w-    c:\windows\system32\mstscax.dll
2013-02-12 00:32 . 2009-05-22 14:33    12928    ------w-    c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2006-02-28 02:00    12928    ----a-w-    c:\windows\system32\drivers\usb8023.sys
2013-01-26 03:55 . 2006-02-28 02:00    552448    ----a-w-    c:\windows\system32\oleaut32.dll
2013-04-11 23:29 . 2013-04-11 23:29    263064    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2011-06-16 2510848]
"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
"Passport Web Edition Client"="c:\program files\NCR\Passport Web Edition\pwecsrvc.exe" [2012-03-12 24675]
"SBAMTray"="c:\program files\GFI Software\GFIAgent\SBAMTray.exe" [2012-10-16 3226504]
.
c:\documents and settings\georgie.cain.VP\Start Menu\Programs\Startup\
GoZone iSync.lnk - c:\program files\GoZone\GoZone_iSync.exe [2011-6-21 431608]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AllAlertsDisabled"=dword:00000001
"TermService"=dword:00000001
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NCR\\Passport Web Edition\\pwecsrvc.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
"c:\\Program Files\\GFI Software\\GFIAgent\\SBAMSvc.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9323:TCP"= 9323:TCP:EKDiscovery
"5353:UDP"= 5353:UDP:Bonjour Port 5353
"9322:TCP"= 9322:TCP:EKDiscovery
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [9/25/2010 10:37 AM 22064]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [4/9/2010 10:50 AM 222368]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [12/19/2011 5:32 PM 394672]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [9/18/2007 4:58 PM 540184]
R2 SBAMSvc;VIPRE Business;c:\program files\GFI Software\GFIAgent\SBAMSvc.exe [10/16/2012 4:02 PM 3675976]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [9/25/2010 10:42 AM 66344]
R2 SBPIMSvc;SB Recovery Service;c:\program files\GFI Software\GFIAgent\SBPIMSvc.exe [10/16/2012 4:02 PM 175496]
R3 TSUSB2;Driver for TellerScan Device;c:\windows\system32\drivers\TSUSB2.sys [6/3/2009 10:39 AM 54016]
S3 VirtDisk;XSS Virtual Disk Driver;c:\windows\SMINST\virtdisk.sys [9/18/2007 5:00 PM 57344]
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 18:19]
.
2013-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-13 18:19]
.
2013-04-16 c:\windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-03-16 19:31]
.
2013-04-13 c:\windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2011-03-16 19:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
TCP: DhcpNameServer = 192.168.0.23 4.2.2.2 4.2.2.3
DPF: {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} - file://vpav/VPHOME/CLT-INST/WEBINST/webinst.cab
DPF: {F91AB7B8-EE67-42AF-A5AA-8E232C396A04} - hxxps://credit.getbis.com/cabs/htmlprint.cab
FF - ProfilePath - c:\documents and settings\Administrator.VP\Application Data\Mozilla\Firefox\Profiles\1m0c7my9.default-1365722938421\
FF - ExtSQL: 2013-04-12 12:22; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\Administrator.VP\Application Data\Mozilla\Firefox\Profiles\1m0c7my9.default-1365722938421\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-04-12 12:24; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\documents and settings\Administrator.VP\Application Data\Mozilla\Firefox\Profiles\1m0c7my9.default-1365722938421\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
BHO-{3E7C8B5A-96AB-438F-BF9B-782400655440} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - (no file)
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-16 21:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2942187122-310229054-4213148950-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,2e,b4,b4,97,fe,ab,40,b1,1f,09,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,2e,b4,b4,97,fe,ab,40,b1,1f,09,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,2e,b4,b4,97,fe,ab,40,b1,1f,09,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'winlogon.exe'(1836)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rdpclip.exe
.
**************************************************************************
.
Completion time: 2013-04-16  21:33:54 - machine was rebooted
ComboFix-quarantined-files.txt  2013-04-17 01:33
.
Pre-Run: 30,475,202,560 bytes free
Post-Run: 31,162,949,632 bytes free
.
- - End Of File - - F64CA0809A97CED25F4DD19F0242E0FC

 Results of screen317's Security Check version 0.99.62  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 SpywareBlaster 5.0    
 Spybot - Search & Destroy
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner (remove only)   
 Java 7 Update 17  
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player     10.2.152.32 Flash Player out of Date!  
 Adobe Reader XI  
 Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v2.200 - Logfile created 04/16/2013 at 21:48:11
# Updated 02/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : administrator - JENNIFERXP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator.VP\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Freeze.com
Folder Deleted : C:\Program Files\Qwiklinx

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100565.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\FCTB000100565
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0.1 (en-US)

*************************

AdwCleaner[S1].txt - [2939 octets] - [16/04/2013 21:48:11]

########## EOF - C:\AdwCleaner[S1].txt - [2999 octets] ##########
 

 

My connection ight now is slower than crap... I will have to check how IE is running in the morning when I have a better connection.

thank you for your help with this.



#4 JamesMacF

JamesMacF
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 17 April 2013 - 07:40 AM

Everything appears to be working. Can use IE and am able to log into the needed websites now.

It looks like I need to get Flash updated and defrag the drive, but obviously I will wait until we are done here (or you tell me to, whichever comes first).

Last night I was RDC-ing through a couple of systems from home, and it was being super slow.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,207 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 17 April 2013 - 10:18 AM

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Summary: Adobe has released security updates for Adobe Flash Player 11.6.602.180 and earlier versions for Windows and Macintosh, Adobe Flash Player 11.2.202.275 and earlier versions for Linux, Adobe Flash Player 11.1.115.48 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.44 and earlier versions for Android 3.x and 2.x. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Get the latest Flash Player

On the top of the page you will be given an opportunity to download the version for your operating system.
Make sure you select appropriate version.

You will also have an option to install the Free! McAfee Security Scan Plus Un-check the box if you are NOT using McAfee's virus protection software.

For the users of Internet Explorer download version 11.
Flash Player 11 (64 bit)
Flash Player 11 (32 bit)

Remove these old version using the Add/Remove programs list if present.
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 10.2.152.32 Flash Player out of Date!
===

Defrag the computer when you will not need it for one or two hours. Let it finish.

===

I do not see any Virus protection on this computer, if this is the case.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free versions of commercial antiviruses. Be sure to only install one.
AVG.
If you install AVG it will install Chrome unless you deny it.
avast!.
AVAST will install the Google Chrome if not already installed. If you do not want to keep it just remove it using the Add/Remove Programs list.
AntiVir

Keep me posted.

#6 JamesMacF

JamesMacF
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 17 April 2013 - 07:01 PM

Flash updated.

 

Currently defragging (and optimizing while I am at it).

 

The PC is running Vipre Business a/v...   http://www.sunbeltsoftware.com/



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,207 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 18 April 2013 - 07:47 AM

The PC is running Vipre Business a/v.

Ok good. I would normally see the type of protection in the header of ComboFix such as:

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Antivirus *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Any remaining issues?

#8 JamesMacF

JamesMacF
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:44 AM

Posted 20 April 2013 - 06:47 AM

Thank you. Everything appears to be working fine now.



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,207 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 20 April 2013 - 07:42 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,207 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:44 AM

Posted 26 April 2013 - 07:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users