Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer may be infected. Keeps freezing and wont respond.


  • This topic is locked This topic is locked
6 replies to this topic

#1 momof3ri

momof3ri

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 17 June 2013 - 11:45 AM

i'm not sure what the deal has been but it just isn't working as it should. I have been trying to get it in working order by removing files and moving pictures to my USB drive. It still isn't working right.
 
The browsers are constantly crashing, and computer freezing. It has even crashed a few times. I have Avast, SuperAntispyware and MalwareBytes installed. Which has not helped at all. It has gotten rid of some things but I can't figure this out. My computer is entremely important for my work and I need to get it working right.  I realize that you must get numerous request for help a day so I have tried to solve the problems myself. But Now I need help. Thank you kindly.
 
Also, I have a phony google search that is on my browsers. hxxttp://searchiu.com
As well as a constant page that opens that tells me to download this HD video thing. The website seems to change but at the bottom of the page it lists updatevideos.com. I obviously am not going to download that. it is just rather annoying that it keeps opening a new tab. 
 
 
I have installed the DDS and here are my logs. I also included the Rkill log. If that at all helps in assisting the problem.
 
 
*****START****
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.21.2
Run by Home at 12:06:57 on 2013-06-17
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Ginger\GingerClient.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Ginger\GingerServices\GingerServices.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://searchou.com/?id=f0e5b16d0000000000000019d12f62c9
uSearch Bar = hxxp://search.live.com/sphome.aspx
uSearch Page = hxxp://search.live.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070118
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: privitize Helper Object: {1ACB5ABE-4890-4747-952C-F13BDB93FB75} - c:\program files\industriya\privitize\1.8.16.22\bh\privitize.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Lyrics Fan: {A8720491-9558-4C0D-9E35-30EED15DFB2B} - c:\program files\lyricsfan\lrcfan.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\bae\BAE.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [GoogleChromeAutoLaunch_0F12B8340D100AEBEABDC46DFEFCB8F1] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNOTIFY.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mi1933~1\office14\ONBttnIE.dll/105
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1355599449718
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1355599232109
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1355599318328
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.1.1 71.243.0.12
TCP: Interfaces\{B462B5B7-2FE8-448A-AB42-AF331460007B} : DHCPNameServer = 192.168.1.1 71.243.0.12
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~1\google\google~1\goec62~1.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\k5j3xxkg.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Search The Web (privitize)
FF - prefs.js: browser.startup.homepage - hxxp://searchou.com/?id=f0e5b16d0000000000000019d12f62c9
FF - plugin: c:\documents and settings\home\local settings\application data\addlive\2.0.1.14\npAddLive.dll
FF - plugin: c:\documents and settings\home\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101799.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-06-12 19:12; lrcfan@fansoft.br; c:\program files\lyricsfan\FF
FF - ExtSQL: 2013-06-13 10:42; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R? buluxees;buluxees
R? Leapfrog-USBLAN;Leapfrog-USBLAN
R? qapnerlh;qapnerlh
S? !SASCORE;SAS Core Service
S? aswFsBlk;aswFsBlk
S? aswMonFlt;aswMonFlt
S? aswRvrt;aswRvrt
S? aswSnx;aswSnx
S? aswSP;aswSP
S? aswVmm;aswVmm
S? avast! Antivirus;avast! Antivirus
S? MpFilter;Microsoft Malware Protection Driver
S? MpKslac244ec8;MpKslac244ec8
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
.
=============== Created Last 30 ================
.
2013-06-16 23:57:41 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ee298e7-7aec-4acd-9fee-136157bd82f7}\MpKslac244ec8.sys
2013-06-16 22:06:41 7016152 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{0ee298e7-7aec-4acd-9fee-136157bd82f7}\mpengine.dll
2013-06-16 05:53:38 7016152 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-06-14 13:12:52 -------- d-----w- c:\program files\CleanUp!
2013-06-14 13:09:45 -------- d-----w- c:\program files\ESET
2013-06-13 14:46:42 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-13 14:46:40 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-13 14:46:39 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-13 14:46:35 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-13 14:41:55 41664 ----a-w- c:\windows\avastSS.scr
2013-06-13 14:26:45 -------- d-----w- c:\program files\AVAST Software
2013-06-13 14:23:20 -------- d-----w- c:\documents and settings\home\application data\SUPERAntiSpyware.com
2013-06-13 14:22:07 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-06-13 14:17:48 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-13 14:17:47 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2013-06-12 23:33:56 -------- d-----w- c:\windows\ERUNT
2013-06-12 23:33:12 -------- d-----w- C:\JRT
2013-06-12 23:24:08 -------- d-----w- c:\documents and settings\home\application data\Python-Eggs
2013-06-12 23:22:52 -------- d-----w- c:\documents and settings\home\application data\BitLord
2013-06-12 23:21:54 -------- d-----w- c:\documents and settings\home\application data\Malwarebytes
2013-06-12 23:21:17 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-06-12 23:21:13 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-12 23:21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-12 23:16:21 -------- d-----w- c:\program files\BitLord 2
2013-06-12 23:12:33 -------- d-----w- c:\program files\LyricsFan
2013-06-12 23:07:30 -------- d-----w- c:\documents and settings\all users\application data\StarApp
2013-06-12 23:07:08 -------- d-----w- c:\program files\MagniPic
2013-06-12 23:06:59 -------- d-----w- c:\documents and settings\all users\application data\MagunniiPic
2013-06-12 23:06:36 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2013-06-12 23:03:29 -------- d-----w- c:\program files\Industriya
2013-06-12 23:03:15 -------- d-----w- c:\documents and settings\home\application data\Industriya
2013-06-12 01:25:41 -------- d-----w- c:\documents and settings\all users\application data\29E3
2013-06-11 19:04:25 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-29 02:26:05 262552 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-05-26 18:10:04 -------- d-----w- c:\documents and settings\home\local settings\application data\Unity
.
==================== Find3M  ====================
.
2013-06-11 19:06:16 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 19:06:15 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30:05 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53:29 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:51:02 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-01 01:50:55 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-01 01:50:53 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-01 01:50:52 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:26:54.51 ===============
 
****END*****
 
*****************RKILL LOG************
 
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/17/2013 12:42:52 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
 * No malware services found to stop.
Checking for processes to terminate:
 * No malware processes found to kill.
Checking Registry for malware related settings:
 * No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
 * No issues found.
Checking Windows Service Integrity:
 * MSDTC [Missing Service]
Searching for Missing Digital Signatures:
 * No issues found.
Checking HOSTS File:
 * HOSTS file entries found:
  127.0.0.1       localhost
Program finished at: 06/17/2013 12:43:46 PM
Execution time: 0 hours(s), 0 minute(s), and 53 seconds(s)

Attached Files


Edited by nasdaq, 21 June 2013 - 09:16 AM.
Bad link obfuscated.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:28 PM

Posted 21 June 2013 - 09:20 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 momof3ri

momof3ri
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 21 June 2013 - 01:40 PM

ComboFix 13-06-20.01 - Home 06/21/2013  14:22:45.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1014.332 [GMT -4:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\MagunniiPic
c:\documents and settings\All Users\Application Data\MagunniiPic\51b90a29a8ab7.dll
c:\documents and settings\All Users\Application Data\MagunniiPic\51b90a29a8ab7.tlb
c:\documents and settings\All Users\Application Data\MagunniiPic\data\MagunniiPic.dat
c:\documents and settings\All Users\Application Data\MagunniiPic\settings.ini
C:\install.exe
c:\windows\Installer\{3D8B9E90-B711-4F60-A181-7CE80B2D6F89}\GingerClientStartu_A2F7C7DB989E489495DD2D78EDBE914A.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-05-21 to 2013-06-21  )))))))))))))))))))))))))))))))
.
.
2013-06-21 12:47 . 2013-06-21 12:47 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-06-21 12:47 . 2013-06-21 12:47 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-06-21 12:47 . 2013-06-21 12:47 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-06-20 21:29 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{599E0FCA-113A-411E-BAC1-A7A902ECA938}\mpengine.dll
2013-06-19 21:08 . 2013-06-12 04:18 7068072 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-17 16:58 . 2013-06-17 16:59 -------- d-----w- c:\program files\CCleaner
2013-06-14 13:12 . 2013-06-14 13:13 -------- d-----w- c:\program files\CleanUp!
2013-06-14 13:09 . 2013-06-14 13:09 -------- d-----w- c:\program files\ESET
2013-06-13 14:46 . 2013-05-09 08:59 368944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-13 14:46 . 2013-05-09 08:59 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-06-13 14:46 . 2013-05-09 08:59 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-06-13 14:46 . 2013-05-09 08:59 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-13 14:46 . 2013-05-09 08:59 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-06-13 14:46 . 2013-05-09 08:59 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-13 14:46 . 2013-05-09 08:59 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-06-13 14:46 . 2013-05-09 08:59 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-06-13 14:46 . 2013-05-09 08:58 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-06-13 14:41 . 2013-05-09 08:58 41664 ----a-w- c:\windows\avastSS.scr
2013-06-13 14:26 . 2013-06-13 14:26 -------- d-----w- c:\program files\AVAST Software
2013-06-13 14:23 . 2013-06-13 14:23 -------- d-----w- c:\documents and settings\Home\Application Data\SUPERAntiSpyware.com
2013-06-13 14:22 . 2013-06-13 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-06-13 14:17 . 2013-06-13 14:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-06-13 14:17 . 2013-06-13 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-06-12 23:33 . 2013-06-12 23:33 -------- d-----w- c:\windows\ERUNT
2013-06-12 23:33 . 2013-06-21 18:18 -------- d-----w- C:\JRT
2013-06-12 23:24 . 2013-06-12 23:24 -------- d-----w- c:\documents and settings\Home\Application Data\Python-Eggs
2013-06-12 23:22 . 2013-06-17 15:55 -------- d-----w- c:\documents and settings\Home\Application Data\BitLord
2013-06-12 23:21 . 2013-06-12 23:21 -------- d-----w- c:\documents and settings\Home\Application Data\Malwarebytes
2013-06-12 23:21 . 2013-06-12 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-06-12 23:21 . 2013-04-04 18:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-12 23:21 . 2013-06-12 23:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-06-12 23:16 . 2013-06-12 23:17 -------- d-----w- c:\program files\BitLord 2
2013-06-12 23:12 . 2013-06-15 16:26 -------- d-----w- c:\program files\LyricsFan
2013-06-12 23:07 . 2013-06-12 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\StarApp
2013-06-12 01:25 . 2013-06-12 01:25 -------- d-----w- c:\documents and settings\All Users\Application Data\29E3
2013-06-11 19:04 . 2013-06-11 19:05 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-05-26 18:10 . 2013-06-17 22:51 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Unity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-11 19:06 . 2012-12-04 15:54 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-11 19:06 . 2012-12-04 15:54 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-07 22:30 . 2004-08-11 22:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-05-07 22:30 . 2004-08-11 22:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-05-07 22:30 . 2004-08-11 22:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-05-07 21:53 . 2004-08-11 22:00 385024 ------w- c:\windows\system32\html.iec
2013-05-03 01:30 . 2004-08-11 22:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-04 03:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2012-12-16 14:46 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:51 . 2013-05-01 01:51 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-01 01:50 . 2012-12-04 17:02 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-01 01:50 . 2012-12-04 17:02 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-01 01:50 . 2012-12-04 17:02 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-10 01:31 . 2004-08-11 22:00 1876352 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{A8720491-9558-4C0D-9E35-30EED15DFB2B}]
2013-06-04 12:31 127488 ----a-w- c:\program files\LyricsFan\lrcfan.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 03:57 578512 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"GoogleChromeAutoLaunch_0F12B8340D100AEBEABDC46DFEFCB8F1"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-06-15 825808]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-19 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-19 98304]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2013-02-16 298616]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"VX3000"="c:\windows\vVX3000.exe" [2009-06-26 757248]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
c:\documents and settings\Home\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\BitLord 2\\Bitlord files\\bitlord.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [6/13/2013 10:46 AM 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [6/13/2013 10:46 AM 174664]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/13/2013 10:46 AM 765736]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/13/2013 10:46 AM 368944]
R1 MpKsld1a48dad;MpKsld1a48dad;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{599E0FCA-113A-411E-BAC1-A7A902ECA938}\MpKsld1a48dad.sys [6/21/2013 8:48 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [5/23/2013 4:11 PM 119056]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/13/2013 10:46 AM 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [6/13/2013 10:46 AM 66336]
S1 buluxees;buluxees;\??\c:\windows\system32\drivers\buluxees.sys --> c:\windows\system32\drivers\buluxees.sys [?]
S1 qapnerlh;qapnerlh;\??\c:\windows\system32\drivers\qapnerlh.sys --> c:\windows\system32\drivers\qapnerlh.sys [?]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [12/4/2012 11:52 AM 33792]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLD1A48DAD
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 15:34 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-04 19:06]
.
2013-06-21 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-06-13 08:58]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-04 15:45]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-12-04 15:45]
.
2013-06-21 c:\windows\Tasks\Lyrics Fan Update.job
- c:\program files\LyricsFan\LyricsFanUpdater.exe [2013-06-04 12:31]
.
2013-06-21 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1 71.243.0.12
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\k5j3xxkg.default\
FF - ExtSQL: 2013-06-12 19:12; lrcfan@fansoft.br; c:\program files\LyricsFan\FF
FF - ExtSQL: 2013-06-13 10:42; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Ginger.lnk - c:\windows\Installer\{3D8B9E90-B711-4F60-A181-7CE80B2D6F89}\GingerClientStartu_A2F7C7DB989E489495DD2D78EDBE914A.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-ViewpointMediaPlayer - c:\program files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe
AddRemove-{91FC4D60-4DD8-8083-F17B-E992480F8722} - c:\docume~1\ALLUSE~1\APPLIC~1\INSTAL~2\{2FA9B~1\Setup.exe
AddRemove-Consumer Input Chrome Extension - c:\program files\Consumer Input\Chrome\uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-21 14:32
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-06-21  14:34:48
ComboFix-quarantined-files.txt  2013-06-21 18:34
.
Pre-Run: 41,637,888,000 bytes free
Post-Run: 41,751,171,072 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 0A867723EA39E2F9C4EC0E8048D0B3A3
91722E6BC3A2B40FF00222DCA4A3DB3E
 

 

 

 

 

 

 

# AdwCleaner v2.303 - Logfile created 06/21/2013 at 14:36:32
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Home - ARPIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Home\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\All Users\Application Data\Ask
Folder Found : C:\Documents and Settings\Home\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Found : C:\Documents and Settings\Home\Local Settings\Application Data\PackageAware

***** [Registry] *****

Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\k5j3xxkg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [378 octets] - [12/06/2013 19:33:54]
AdwCleaner[R2].txt - [4959 octets] - [21/06/2013 14:35:31]
AdwCleaner[R3].txt - [4890 octets] - [21/06/2013 14:36:32]

########## EOF - C:\AdwCleaner[R3].txt - [4950 octets] ##########

 

 

 

 

 

 

 

 

 Results of screen317's Security Check version 0.99.67 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
avast! Antivirus               
 Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware    
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java™ 6 Update 37 
 Java 7 Update 21 
 Java version out of Date!
 Adobe Flash Player  11.7.700.224 
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (21.0)
 Google Chrome 27.0.1453.110 
 Google Chrome 27.0.1453.116 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast avastUI.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Home on Fri 06/21/2013 at 14:20:54.90
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\sprotector
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\pricegongie.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\axmetastream.metastreamctlsecondary.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{03f998b2-0e00-11d3-a498-00104b6eb52e}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\active setup\installed components\{1b00725b-c455-4de6-bfb6-ad540ad427cd}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{93808E41-C495-4E7D-96DC-551346798EE8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"

 

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\installmate"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\viewpoint"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\w3i"
Successfully deleted: [Folder] "C:\Documents and Settings\Home\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Home\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\consumer input"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\magnipic"
Successfully deleted: [Folder] "C:\Program Files\viewpoint"
Successfully deleted: [Folder] "C:\Program Files\w3i"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Failed to delete: [Folder] "C:\Documents and Settings\All Users\application data\ask"

 

~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Documents and Settings\Home\Application Data\mozilla\firefox\profiles\k5j3xxkg.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Home\Application Data\mozilla\firefox\profiles\k5j3xxkg.default\searchplugins\privitize.xml
Successfully deleted the following from C:\Documents and Settings\Home\Application Data\mozilla\firefox\profiles\k5j3xxkg.default\prefs.js

user_pref("browser.search.selectedEngine", "Search The Web (privitize)");
user_pref("browser.startup.homepage", "hxxp://searchou.com/?id=f0e5b16d0000000000000019d12f62c9");
user_pref("extensions.51b90a29a89cf.scode", "(function(){try{if('aol.com,mail.google.com,premiumreports.info,search.babylon.com,search.gboxapp.com'.indexOf(window.self.locatio
user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.dspFFXOld", "AVG Secure Search");
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=f0e5b16d0000000000000019d12f62c9");
user_pref("extensions.privitize.hpFFXOld", "hxxp://mysearch.avg.com/?cid={0AA12FB2-AB19-461D-8543-A4A6D5AA2CD7}&mid=5a94dc44a8de422dbeaa1c6b74becbed-a37ed9433f28f1e3fe8e4be6c0
user_pref("extensions.privitize.hpOld0", "");
user_pref("extensions.privitize.id", "f0e5b16d0000000000000019d12f62c9");
user_pref("extensions.privitize.instlDay", "15868");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=f0e5b16d0000000000000019d12f62c9");
user_pref("extensions.privitize.lastB", "hxxp://searchou.com/?id=f0e5b16d0000000000000019d12f62c9");
user_pref("extensions.privitize.lastVrsnTs", "1.8.16.2219:04:50");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=f0e5b16d0000000000000019d12f62c9");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=f0e5b16d0000000000000019d12f62c9&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2219:04:50");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
user_pref("sweetim.toolbar.searchguard.enable", "");

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 06/21/2013 at 14:28:34.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#4 momof3ri

momof3ri
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:28 PM

Posted 21 June 2013 - 02:00 PM

# AdwCleaner v2.303 - Logfile created 06/21/2013 at 14:49:50
# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Home - ARPIN
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Home\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\Home\Application Data\CheckPoint\ZoneAlarm LTD Toolbar
Folder Deleted : C:\Documents and Settings\Home\Local Settings\Application Data\PackageAware
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Viewpoint
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\k5j3xxkg.default\prefs.js
 
[OK] File is clean.
 
-\\ Google Chrome v27.0.1453.116
 
File : C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[R1].txt - [378 octets] - [12/06/2013 19:33:54]
AdwCleaner[R2].txt - [4959 octets] - [21/06/2013 14:35:31]
AdwCleaner[R3].txt - [5019 octets] - [21/06/2013 14:36:32]
AdwCleaner[S1].txt - [5038 octets] - [21/06/2013 14:49:50]
 
########## EOF - C:\AdwCleaner[S1].txt - [5098 octets] ##########


#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:28 PM

Posted 22 June 2013 - 07:24 AM

Looking better, let me know what problem persists.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 37
Java 7 Update 21


Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:28 PM

Posted 28 June 2013 - 09:36 AM

If all is well:

Time for some housekeeping
  • The following will implement some cleanup procedures as well as reset System Restore points:
  • Click Start > Run and copy/paste the following bold text into the Run box and click OK:
  • ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure to delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,933 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:28 PM

Posted 28 June 2013 - 09:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users