Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser disruption amongst other things......


  • This topic is locked This topic is locked
25 replies to this topic

#1 Headhurts

Headhurts

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 July 2013 - 04:28 AM

Hi

I would be grateful if somebody could check my logs for me please.

 

We have been having all sorts of problems

firefox refused to work and had to be reloaded.

IE keeps changing the home page and poppng up ads

google earth had to be reloaded.

Microsoft Essentials would not protect and had to be removed ad reloaded before it would work.

Microsoft security updates fail to load(Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941)

 

I have ran malwarebytes and it did find some infections which it cleaned ( i will add this log to the end)

 

I have ran the dds log that is requiredDDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_38
Run by keith at 10:23:06 on 2013-07-25
#Option MBR scan  is disabled.
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.1709 [GMT 1:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\Norton Safe Web Lite\Engine\2013.4.0.10\ccSvcHst.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Norton Safe Web Lite\Engine\2013.4.0.10\ccSvcHst.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\DOCUME~1\keith\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Documents and Settings\keith\Application Data\SearchProtect\bin\cltmng.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AVG Secure Search\ScriptHelperInstaller\15.3.0\ScriptHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: FLV Runner Toolbar: {3bbd3c14-4c16-4989-8366-95bc9179779d} - c:\program files\flv_runner\prxtbFLV_.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.3.0.11\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - c:\program files\norton safe web lite\engine\2013.4.0.10\coieplg.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: FLV Runner Toolbar: {3BBD3C14-4C16-4989-8366-95BC9179779D} - c:\program files\flv_runner\prxtbFLV_.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - c:\program files\norton safe web lite\engine\2013.4.0.10\coieplg.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\15.3.0.11\AVG Secure Search_toolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - c:\program files\norton safe web lite\engine\2013.4.0.10\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SearchProtect] c:\documents and settings\keith\application data\searchprotect\bin\cltmng.exe
uRun: [NTRedirect] c:\windows\system32\rundll32.exe "c:\documents and settings\keith\application data\babsolution\shared\NTRedirect.dll",Run
mRun: [SkyTel] SkyTel.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [EOUApp] "c:\program files\intel\wireless\bin\EOUWiz.exe"
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
mRun: [DivXMediaServer] c:\program files\divx\divx media server\DivXMediaServer.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdfxaudioplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDFXAudioPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\direct3dvideooutput.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\Direct3DVideoOutput.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dseplugins\divxplaybackmodule.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dseplugins\DivXPlaybackModule.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxbanneradplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXBannerAdPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxdownloadmanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXDownloadManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxmediamanagerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXMediaManagerPlugin.dll",DllRegisterServer
mRunOnce: [B Register c:\program files\divx\divx plus player\dpxplugins\dpxplayerplugin.dll] "c:\windows\system32\rundll32.exe" "c:\program files\divx\divx plus player\dpxplugins\DPXPlayerPlugin.dll",DllRegisterServer
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [SearchProtect] c:\documents and settings\sarah\application data\searchprotect\bin\cltmng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_38-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{94F2A92D-6913-4336-8FF7-275022D796A8} : DHCPNameServer = 192.168.1.1 0.0.0.0
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.3.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\keith\application data\mozilla\firefox\profiles\uson2peo.default\
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.3.0\npsitesafety.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-06-16 19:23; avg@toolbar; c:\documents and settings\all users\application data\avg secure search\firefoxext\15.2.0.5
FF - ExtSQL: 2013-07-13 11:06; {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - ExtSQL: 2013-07-13 11:06; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - ExtSQL: 2013-07-13 11:06; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
FF - ExtSQL: 2013-07-22 22:07; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\documents and settings\keith\application data\mozilla\firefox\profiles\uson2peo.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}
FF - ExtSQL: 2013-07-24 23:08; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-07-24 23:57; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\documents and settings\all users\application data\norton\{92622aad-05e8-4459-b256-765ce1e929fb}\nst_2013.3.3.19\coFFPlgn
FF - ExtSQL: !HIDDEN! 2011-05-01 07:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0019D208F080C8B3
FF - user.js: extensions.mysearchdial.instlDay - 15908
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 21:51:23
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dnldmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1798992329
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
FF - user.js: extensions.irmysearch.aflt - dnldmsd
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1798992329
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - ac94c8b3000000000000001636fecf6c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15910
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:51:54
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=230713_18215&tsp=4953
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 245048]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 96568]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 39224]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 211560]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-6-5 28552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 170808]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-10-15 37664]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\nst\7dd04000.00a\ccsetx86.sys [2013-6-21 134744]
R1 MpKslbea46646;MpKslbea46646;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{415c2995-9074-4f41-bf10-7b9e16c65029}\MpKslbea46646.sys [2013-7-25 29904]
R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_51755.sys [2013-3-31 317112]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-4-30 103120]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\acer arcade deluxe\playmovie\000.fcl [2011-1-5 61424]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2013-5-14 4937264]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2013-4-18 283136]
R2 BrowserDefendert;BrowserDefendert;c:\documents and settings\all users\application data\browserdefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [2013-7-24 2827728]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2011-1-5 81504]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-3-6 93984]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-9-7 12672]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-10-30 28672]
R2 NCO;Norton Identity Safe;c:\program files\norton safe web lite\engine\2013.4.0.10\ccsvchst.exe [2013-6-21 144368]
R2 NTIPPKernel;NTIPPKernel;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\NTIPPKernel.sys [2011-1-5 122368]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2013-5-14 3289208]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0\ToolbarUpdater.exe [2013-7-5 1598128]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-25 40776]
S2 gupdate1ca0e0336031886;Google Update Service (gupdate1ca0e0336031886);c:\program files\google\update\GoogleUpdate.exe [2009-7-26 133104]
S2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-4-30 1124632]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys [2009-8-30 705536]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [2009-7-20 8320]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-4-30 102448]
S3 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-4-30 174320]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2011-1-22 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2011-1-22 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2011-1-22 114472]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2011-1-22 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2011-1-22 109736]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-12 947528]
.
=============== Created Last 30 ================
.
2013-07-25 08:58:31 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-25 08:32:49 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{415c2995-9074-4f41-bf10-7b9e16c65029}\MpKslbea46646.sys
2013-07-25 06:59:29 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{415c2995-9074-4f41-bf10-7b9e16c65029}\mpengine.dll
2013-07-24 22:24:08 -------- d-----w- c:\program files\Ask.com
2013-07-24 21:51:21 -------- d-----w- c:\documents and settings\all users\application data\BrowserDefender
2013-07-24 21:51:20 -------- d-----w- c:\documents and settings\keith\application data\BabSolution
2013-07-24 21:50:23 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-07-24 21:50:22 -------- d-----w- c:\documents and settings\keith\application data\Babylon
2013-07-24 20:45:32 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-24 20:40:38 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-22 20:53:48 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-07-22 20:51:38 -------- d-----w- c:\documents and settings\keith\application data\mysearchdial
2013-07-22 20:51:21 -------- d-----w- c:\program files\MyPC Backup
2013-07-22 20:51:02 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer
2013-07-16 23:09:11 -------- d-----w- c:\windows\system32\MRT
2013-07-05 08:34:56 -------- d-----w- c:\program files\AVG Secure Search
.
==================== Find3M  ====================
.
2013-07-05 08:34:42 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-06-18 20:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-12 22:17:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 22:17:41 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-07 22:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-11 16:29:06 3571992 ----a-w- C:\rcsetup146.exe
2013-05-08 23:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 00:28:50 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
============= FINISH: 10:24:21.17 ===============
 

malwarebytes log..

Malwarebytes' Anti-Malware 1.38
Database version: 2297
Windows 5.1.2600 Service Pack 3

26/12/2009 17:25:13
mbam-log-2009-12-26 (17-25-13).txt

Scan type: Quick Scan
Objects scanned: 80311
Time elapsed: 9 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\appidat_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\kr_done1 (Malware.Trace) -> Quarantined and deleted successfully.

 

 

many thanks for your time

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 25 July 2013 - 07:34 AM

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Headhurts

Headhurts
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 July 2013 - 08:45 AM

Hi Marius, thank you for you help.

The log found no threats :)

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

www.malwarebytes.org

 

Database version: v2013.07.25.03

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

keith :: KEITHS [administrator]

 

25/07/2013 14:17:10

mbar-log-2013-07-25 (14-17-10).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: PUP

Objects scanned: 265936

Time elapsed: 21 minute(s), 21 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 25 July 2013 - 08:47 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Headhurts

Headhurts
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 25 July 2013 - 12:25 PM

Thank you - here is the log you requested.

ComboFix 13-07-24.03 - keith 25/07/2013  17:54:08.2.2 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2261 [GMT 1:00]

Running from: c:\documents and settings\keith\Desktop\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\keith\Application Data\PriceGong

c:\documents and settings\keith\Application Data\PriceGong\Data\1.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\11.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\2229.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\2255.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\2499.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\2620.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\407.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\4489.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\8553.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\a.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\b.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\c.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\d.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\e.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\f.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\g.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\h.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\i.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\j.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\k.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\l.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\m.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\keith\Application Data\PriceGong\Data\n.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\o.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\p.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\q.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\r.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\s.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\t.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\u.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\v.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\w.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\x.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\y.txt

c:\documents and settings\keith\Application Data\PriceGong\Data\z.txt

c:\documents and settings\Sarah\Application Data\PriceGong

c:\documents and settings\Sarah\Application Data\PriceGong\Data\1.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\1091.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\11.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\1708.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\2229.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\2255.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\407.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\4489.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\5406.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\7639.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\8778.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\a.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\b.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\c.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\d.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\e.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\f.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\g.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\h.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\i.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\j.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\k.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\l.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\m.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\n.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\o.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\p.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\q.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\r.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\s.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\t.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\u.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\v.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\w.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\wlu.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\x.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\y.txt

c:\documents and settings\Sarah\Application Data\PriceGong\Data\z.txt

c:\windows\system32\Cache

c:\windows\system32\Cache\223f6df57878acb7.fb

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\b0e8448d9f086266.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e4c72ecae8b87af7.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

.

.

(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BROWSERDEFENDERT

-------\Service_BrowserDefendert

.

.

(((((((((((((((((((((((((   Files Created from 2013-06-25 to 2013-07-25  )))))))))))))))))))))))))))))))

.

.

2013-07-25 13:16 . 2013-07-25 13:40            --------            d-----w-          c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)

2013-07-25 06:59 . 2013-07-01 22:54            7143960          ----a-w-           c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{415C2995-9074-4F41-BF10-7B9E16C65029}\mpengine.dll

2013-07-24 22:24 . 2013-07-24 22:24            --------            d-----w-          c:\program files\Ask.com

2013-07-24 21:51 . 2013-07-24 21:51            --------            d-----w-          c:\documents and settings\All Users\Application Data\BrowserDefender

2013-07-24 21:51 . 2013-07-24 21:51            --------            d-----w-          c:\documents and settings\keith\Application Data\BabSolution

2013-07-24 21:50 . 2013-07-24 21:50            --------            d-----w-          c:\documents and settings\All Users\Application Data\Babylon

2013-07-24 21:50 . 2013-07-24 21:50            --------            d-----w-          c:\documents and settings\keith\Application Data\Babylon

2013-07-24 20:45 . 2013-07-01 22:54            7143960          ----a-w-           c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-24 20:40 . 2013-07-24 23:28            --------            d-----w-          c:\program files\Microsoft Security Client

2013-07-22 20:53 . 2013-07-22 20:53            0          ----a-w-           c:\windows\system32\TempWmicBatchFile.bat

2013-07-22 20:51 . 2013-07-22 20:53            --------            d-----w-          c:\documents and settings\keith\Application Data\mysearchdial

2013-07-22 20:51 . 2013-07-24 22:02            --------            d-----w-          c:\program files\MyPC Backup

2013-07-22 20:51 . 2013-07-24 21:59            --------            d-----w-          c:\documents and settings\All Users\Application Data\Tarma Installer

2013-07-16 23:09 . 2013-07-16 23:13            --------            d-----w-          c:\windows\system32\MRT

2013-07-05 08:34 . 2013-07-22 21:07            --------            d-----w-          c:\program files\AVG Secure Search

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-05 08:34 . 2012-10-15 20:33            37664  ----a-w-           c:\windows\system32\drivers\avgtpx86.sys

2013-06-18 20:50 . 2013-01-20 14:59            211560            ----a-w-           c:\windows\system32\drivers\MpFilter.sys

2013-06-12 22:17 . 2012-04-09 10:05            692104            ----a-w-           c:\windows\system32\FlashPlayerApp.exe

2013-06-12 22:17 . 2011-05-29 19:03            71048  ----a-w-           c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-07 22:55 . 2004-08-04 12:00            385024            ----a-w-           c:\windows\system32\html.iec

2013-06-07 21:56 . 2004-08-04 12:00            920064            ----a-w-           c:\windows\system32\wininet.dll

2013-06-07 21:56 . 2004-08-04 12:00            43520  ----a-w-           c:\windows\system32\licmgr10.dll

2013-06-07 21:56 . 2004-08-04 12:00            1469440          ------w-           c:\windows\system32\inetcpl.cpl

2013-06-04 07:23 . 2004-08-04 12:00            562688            ----a-w-           c:\windows\system32\qedit.dll

2013-06-04 01:40 . 2004-08-04 12:00            1876736          ----a-w-           c:\windows\system32\win32k.sys

2013-05-11 16:29 . 2013-05-11 16:28            3571992          ----a-w-           C:\rcsetup146.exe

2013-05-08 23:28 . 2006-10-18 20:47            1543680          ------w-           c:\windows\system32\wmvdecod.dll

2013-05-03 01:30 . 2004-08-04 12:00            2149888          ----a-w-           c:\windows\system32\ntoskrnl.exe

2013-05-03 00:38 . 2004-08-03 22:59            2028544          ----a-w-           c:\windows\system32\ntkrnlpa.exe

2013-05-02 15:28 . 2012-11-19 19:04            238872            ------w-           c:\windows\system32\MpSigStub.exe

2013-04-30 00:28 . 2013-04-30 00:28            102448            ----a-w-            c:\windows\system32\drivers\RapportKELL.sys

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2013-04-01 1500440]

.

[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]

[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]

[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{3bbd3c14-4c16-4989-8366-95bc9179779d}]

2011-05-09 09:49       176936            ----a-w-           c:\program files\FLV_Runner\prxtbFLV_.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2013-07-05 08:34       3055280          ----a-w-           c:\program files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-07-05 3055280]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3BBD3C14-4C16-4989-8366-95BC9179779D}"= "c:\program files\FLV_Runner\prxtbFLV_.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{3bbd3c14-4c16-4989-8366-95bc9179779d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]

"SearchProtect"="c:\documents and settings\keith\Application Data\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]

"NTRedirect"="c:\documents and settings\keith\Application Data\BabSolution\Shared\NTRedirect.dll" [2013-07-18 121856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]

"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]

"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 471040]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]

"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]

"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]

"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-25 147456]

"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]

"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-25 167936]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-07-05 2236080]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]

"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

"SearchProtect"="c:\documents and settings\Sarah\Application Data\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute     REG_MULTI_SZ        autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]

backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 01:36       421736            ----a-w-           c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]

2012-05-25 03:25       6595928          ----a-w-           c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12       1695232          ------w-           c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-07-13 12:33       17418928        ----a-r-            c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2012-09-11 16:29       1022352          ----a-w-           c:\program files\uTorrent\uTorrent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]

2005-09-08 22:14       1363968          ------w-           c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"AVG Security Toolbar Service"=3 (0x3)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 60216]

R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [21/09/2012 03:46 245048]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 39224]

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [05/06/2011 14:18 28552]

R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 208184]

R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 22328]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 170808]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 182072]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [15/10/2012 21:33 37664]

R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccsetx86.sys [21/06/2013 07:48 134744]

R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys [31/03/2013 10:15 317112]

R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [30/04/2013 01:28 103120]

R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [05/01/2011 00:58 61424]

R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [14/05/2013 00:54 4937264]

R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [18/04/2013 04:34 283136]

R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [05/01/2011 00:59 81504]

R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\SearchProtect\bin\CltMngSvc.exe [06/03/2013 13:36 93984]

R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [30/10/2008 11:58 28672]

R2 NCO;Norton Identity Safe;c:\program files\Norton Safe Web Lite\Engine\2013.4.0.10\ccsvchst.exe [21/06/2013 07:48 144368]

R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [05/01/2011 00:59 122368]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/05/2013 13:26 3289208]

R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [05/07/2013 09:35 1598128]

S1 MpKsl7adc5a5d;MpKsl7adc5a5d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{415C2995-9074-4F41-BF10-7B9E16C65029}\MpKsl7adc5a5d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{415C2995-9074-4F41-BF10-7B9E16C65029}\MpKsl7adc5a5d.sys [?]

S2 gupdate1ca0e0336031886;Google Update Service (gupdate1ca0e0336031886);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 16:10 133104]

S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [30/04/2013 01:28 1124632]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944]

S3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys [30/08/2009 17:41 705536]

S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [20/07/2009 19:02 8320]

S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [30/04/2013 01:28 102448]

S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [30/04/2013 01:28 174320]

S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22/01/2011 12:22 86696]

S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22/01/2011 12:23 15016]

S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22/01/2011 12:23 114472]

S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22/01/2011 12:23 104616]

S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22/01/2011 12:24 109736]

S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [12/04/2011 00:42 947528]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 01:56       1173456          ----a-w-           c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 22:17]

.

2013-07-25 c:\windows\Tasks\BrowserDefendert.job

- c:\windows\system32\sc.exe [2004-08-04 10:39]

.

2013-07-14 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-15 13:41]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 15:10]

.

2013-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 15:10]

.

2013-07-25 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 17:05]

.

2013-07-25 c:\windows\Tasks\MpIdleTask.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 17:05]

.

2013-07-14 c:\windows\Tasks\ParetoLogic Registration.job

- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25]

.

2013-05-29 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]

.

2013-07-24 c:\windows\Tasks\User_Feed_Synchronization-{75766D88-08FA-486B-BE73-4A001CC00B2B}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

TCP: DhcpNameServer = 192.168.1.1 0.0.0.0

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll

FF - ProfilePath - c:\documents and settings\keith\Application Data\Mozilla\Firefox\Profiles\uson2peo.default\

FF - ExtSQL: 2013-06-16 19:23; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.2.0.5

FF - ExtSQL: 2013-07-22 22:07; {ad9a41d2-9a49-4fa6-a79e-71a0785364c8}; c:\documents and settings\keith\Application Data\Mozilla\Firefox\Profiles\uson2peo.default\extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}

FF - ExtSQL: 2013-07-24 23:57; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\documents and settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn

FF - ExtSQL: !HIDDEN! 2011-05-01 07:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - user.js: yahoo.homepage.dontask - true

FF - user.js: extensions.mysearchdial.hmpg - true

FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=

FF - user.js: extensions.mysearchdial.dfltSrch - true

FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial

FF - user.js: extensions.mysearchdial.dnsErr - true

FF - user.js: extensions.mysearchdial_i.newTab - false

FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=

FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=&q=

FF - user.js: extensions.mysearchdial.id - 0019D208F080C8B3

FF - user.js: extensions.mysearchdial.instlDay - 15908

FF - user.js: extensions.mysearchdial.vrsn -

FF - user.js: extensions.mysearchdial.vrsni -

FF - user.js: extensions.mysearchdial_i.vrsnTs - 21:51

FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial

FF - user.js: extensions.mysearchdial.prdct - mysearchdial

FF - user.js: extensions.mysearchdial.aflt - dnldmsd

FF - user.js: extensions.mysearchdial_i.smplGrp - none

FF - user.js: extensions.mysearchdial.tlbrId - base

FF - user.js: extensions.mysearchdial.instlRef -

FF - user.js: extensions.mysearchdial.dfltLng -

FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

FF - user.js: extensions.mysearchdial.excTlbr - false

FF - user.js: extensions.mysearchdial_i.hmpg - true

FF - user.js: extensions.mysearchdial.cr - 1798992329

FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q

FF - user.js: extensions.irmysearch.aflt - dnldmsd

FF - user.js: extensions.irmysearch.instlRef -

FF - user.js: extensions.irmysearch.cr - 1798992329

FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - ac94c8b3000000000000001636fecf6c

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15910

FF - user.js: extensions.delta.vrsn - 1.8.21.5

FF - user.js: extensions.delta.vrsni - 1.8.21.5

FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:51

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.ffxUnstlRst - true

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=230713_18215&tsp=4953

FF - user.js: extensions.delta_i.babExt -

FF - user.js: extensions.delta_i.srcExt - ss

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-07-25 18:04

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ... 

.

scanning hidden autostart entries ...

.

scanning hidden files ... 

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NCO]

"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Safe Web Lite\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]

"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(5576)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Intel\Wireless\Bin\EvtEng.exe

c:\program files\Intel\Wireless\Bin\S24EvMon.exe

c:\windows\system32\agrsmsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Intel\Wireless\Bin\RegSrvc.exe

c:\program files\CyberLink\Shared Files\RichVideo.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\igfxext.exe

c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe

c:\windows\system32\rundll32.exe

c:\docume~1\keith\LOCALS~1\Temp\RtkBtMnt.exe

.

**************************************************************************

.

Completion time: 2013-07-25  18:11:49 - machine was rebooted

ComboFix-quarantined-files.txt  2013-07-25 17:11

ComboFix2.txt  2012-11-18 18:06

.

Pre-Run: 1,252,687,872 bytes free

Post-Run: 1,128,062,976 bytes free

.

- - End Of File - - 1122EC6B14B9DB0CC2323E5BD3BA6572

8F558EB6672622401DA993E1E865C861



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 26 July 2013 - 12:42 AM

Multiple Antivirus Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either AVG or MSE.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Headhurts

Headhurts
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 26 July 2013 - 02:41 AM

Thank you for that advice.

I have chosen to delete AVG from my system. - all done.



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 26 July 2013 - 02:57 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Headhurts

Headhurts
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 26 July 2013 - 04:15 AM

done the first scan with combofix - addng the script (combofix did an update during this process)

 

ran fine - got a DLL error on reboot 

Error loading c:\documents and settings\eith\application data\BabSolution\shared\NTRedirect.dll

 

assuming this is to do with a  'bad item' removal during combofix

 

here is the logComboFix 13-07-25.02 - keith 26/07/2013   9:40.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3062.2296 [GMT 1:00]
Running from: c:\documents and settings\keith\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\keith\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\Tasks\BrowserDefendert.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Babylon
c:\documents and settings\All Users\Application Data\BrowserDefender
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\dm
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23
c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
c:\documents and settings\All Users\Application Data\Tarma Installer
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
c:\documents and settings\All Users\Application Data\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
c:\documents and settings\keith\Application Data\BabSolution
c:\documents and settings\keith\Application Data\BabSolution\CR\Delta.crx
c:\documents and settings\keith\Application Data\BabSolution\Shared\BabMaint.exe
c:\documents and settings\keith\Application Data\BabSolution\Shared\BUSolution.dll
c:\documents and settings\keith\Application Data\BabSolution\Shared\Delta.ico
c:\documents and settings\keith\Application Data\BabSolution\Shared\GUninstaller.exe
c:\documents and settings\keith\Application Data\BabSolution\Shared\NTRedirect.dll
c:\documents and settings\keith\Application Data\BabSolution\Shared\SetupParams.ini
c:\documents and settings\keith\Application Data\BabSolution\Shared\sqlite3.dll
c:\documents and settings\keith\Application Data\Babylon
c:\documents and settings\keith\Application Data\Babylon\log_file.txt
c:\documents and settings\keith\Application Data\mysearchdial
c:\documents and settings\keith\Application Data\mysearchdial\icons_2.2.4.731\magnifying.ico
c:\documents and settings\keith\Application Data\mysearchdial\icons_2.2.4.731\star2.ico
c:\documents and settings\keith\Application Data\mysearchdial\UpdateProc\config.dat
c:\documents and settings\keith\Application Data\mysearchdial\UpdateProc\TTL.DAT
c:\documents and settings\keith\Application Data\SearchProtect
c:\documents and settings\keith\Application Data\SearchProtect\bin\ChromeModule.dll
c:\documents and settings\keith\Application Data\SearchProtect\bin\cltmng.exe
c:\documents and settings\keith\Application Data\SearchProtect\bin\CltMngSvc.exe
c:\documents and settings\keith\Application Data\SearchProtect\bin\FirefoxModule.dll
c:\documents and settings\keith\Application Data\SearchProtect\bin\InternetExplorerModule.dll
c:\documents and settings\keith\Application Data\SearchProtect\bin\msvcp100.dll
c:\documents and settings\keith\Application Data\SearchProtect\bin\msvcr100.dll
c:\documents and settings\keith\Application Data\SearchProtect\bin\rep.dat
c:\documents and settings\keith\Application Data\SearchProtect\bin\SPHook32.dll
c:\documents and settings\keith\Application Data\SearchProtect\bin\SPRunner.exe
c:\documents and settings\keith\Application Data\SearchProtect\bin\uninstall.exe
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\dialogsApi.js
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\lib\jquery.min.js
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\lib\json2.js
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spbd\bubble.css
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spbd\bubble.js
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spbd\images\information.png
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spsd\images\warning.png
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\keith\Application Data\SearchProtect\Dialogs\spsd\settings.js
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\abstraction.js
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\application.js
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\popupTransparent.xul
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\SProtectorRepository\EN
c:\documents and settings\keith\Application Data\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\documents and settings\Sarah\Application Data\SearchProtect
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\ChromeModule.dll
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\cltmng.exe
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\CltMngSvc.exe
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\FirefoxModule.dll
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\InternetExplorerModule.dll
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\msvcp100.dll
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\msvcr100.dll
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\rep.dat
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\SPHook32.dll
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\SPRunner.exe
c:\documents and settings\Sarah\Application Data\SearchProtect\bin\uninstall.exe
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\dialogsApi.js
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\lib\jquery.min.js
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\lib\json2.js
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spbd\bubble.css
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spbd\bubble.js
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spbd\images\information.png
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spsd\images\warning.png
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\Sarah\Application Data\SearchProtect\Dialogs\spsd\settings.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\abstraction.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\application.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\nsprotector.js
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\popupTransparent.xul
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\SProtectorRepository\EN
c:\documents and settings\Sarah\Application Data\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\FLV_Runner
c:\program files\FLV_Runner\FLV_RunnerToolbarHelper.exe
c:\program files\FLV_Runner\GottenAppsContextMenu.xml
c:\program files\FLV_Runner\ldrtbFLV_.dll
c:\program files\FLV_Runner\OtherAppsContextMenu.xml
c:\program files\FLV_Runner\prxtbFLV_.dll
c:\program files\FLV_Runner\SharedAppsContextMenu.xml
c:\program files\FLV_Runner\tbFLV_.dll
c:\program files\FLV_Runner\toolbar.cfg
c:\program files\FLV_Runner\ToolbarContextMenu.xml
c:\program files\FLV_Runner\uninstall.exe
c:\program files\MyPC Backup
c:\program files\MyPC Backup\DEL_UnRegisterExtensions.exe
c:\program files\SearchProtect
c:\program files\SearchProtect\bin\ChromeModule.dll
c:\program files\SearchProtect\bin\cltmng.exe
c:\program files\SearchProtect\bin\CltMngSvc.exe
c:\program files\SearchProtect\bin\FirefoxModule.dll
c:\program files\SearchProtect\bin\InternetExplorerModule.dll
c:\program files\SearchProtect\bin\msvcp100.dll
c:\program files\SearchProtect\bin\msvcr100.dll
c:\program files\SearchProtect\bin\rep.dat
c:\program files\SearchProtect\bin\SPHook32.dll
c:\program files\SearchProtect\bin\SPRunner.exe
c:\program files\SearchProtect\bin\uninstall.exe
c:\program files\SearchProtect\Dialogs\dialogsApi.js
c:\program files\SearchProtect\Dialogs\lib\jquery.min.js
c:\program files\SearchProtect\Dialogs\lib\json2.js
c:\program files\SearchProtect\Dialogs\spbd\bubble.css
c:\program files\SearchProtect\Dialogs\spbd\bubble.js
c:\program files\SearchProtect\Dialogs\spbd\images\information.png
c:\program files\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\program files\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\program files\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\program files\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\program files\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\program files\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\program files\SearchProtect\Dialogs\spsd\images\warning.png
c:\program files\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\program files\SearchProtect\Dialogs\spsd\settings.js
c:\program files\SearchProtect\ffprotect\abstraction.js
c:\program files\SearchProtect\ffprotect\application.js
c:\program files\SearchProtect\ffprotect\nsprotector.js
c:\program files\Yahoo!\Companion
c:\program files\Yahoo!\Companion\Data\apps.html
c:\program files\Yahoo!\Companion\Data\cna.html
c:\program files\Yahoo!\Companion\Data\dlg_act_ff_upg.html
c:\program files\Yahoo!\Companion\Data\dlg_act_ie_upg.html
c:\program files\Yahoo!\Companion\Data\dlg_act_srch1.html
c:\program files\Yahoo!\Companion\Data\dlg_act_srch2.html
c:\program files\Yahoo!\Companion\Data\dlg_anstip.html
c:\program files\Yahoo!\Companion\Data\dlg_anstipg.html
c:\program files\Yahoo!\Companion\Data\dlg_as.html
c:\program files\Yahoo!\Companion\Data\dlg_atb.html
c:\program files\Yahoo!\Companion\Data\dlg_auttip.html
c:\program files\Yahoo!\Companion\Data\dlg_auttipg.html
c:\program files\Yahoo!\Companion\Data\dlg_bootip.html
c:\program files\Yahoo!\Companion\Data\dlg_catb.html
c:\program files\Yahoo!\Companion\Data\dlg_clutip.html
c:\program files\Yahoo!\Companion\Data\dlg_clutipg.html
c:\program files\Yahoo!\Companion\Data\dlg_cnf.html
c:\program files\Yahoo!\Companion\Data\dlg_cotb.html
c:\program files\Yahoo!\Companion\Data\dlg_ctb.html
c:\program files\Yahoo!\Companion\Data\dlg_fantip.html
c:\program files\Yahoo!\Companion\Data\dlg_fantipg.html
c:\program files\Yahoo!\Companion\Data\dlg_fintip.html
c:\program files\Yahoo!\Companion\Data\dlg_fintipg.html
c:\program files\Yahoo!\Companion\Data\dlg_flktip.html
c:\program files\Yahoo!\Companion\Data\dlg_flktipg.html
c:\program files\Yahoo!\Companion\Data\dlg_grptip.html
c:\program files\Yahoo!\Companion\Data\dlg_grptipg.html
c:\program files\Yahoo!\Companion\Data\dlg_loctip.html
c:\program files\Yahoo!\Companion\Data\dlg_loctipg.html
c:\program files\Yahoo!\Companion\Data\dlg_logtip.html
c:\program files\Yahoo!\Companion\Data\dlg_mailatip.html
c:\program files\Yahoo!\Companion\Data\dlg_mailtip.html
c:\program files\Yahoo!\Companion\Data\dlg_map.html
c:\program files\Yahoo!\Companion\Data\dlg_mlbtip.html
c:\program files\Yahoo!\Companion\Data\dlg_mlbtipg.html
c:\program files\Yahoo!\Companion\Data\dlg_movtip.html
c:\program files\Yahoo!\Companion\Data\dlg_movtipg.html
c:\program files\Yahoo!\Companion\Data\dlg_msgratip.html
c:\program files\Yahoo!\Companion\Data\dlg_msgrtip.html
c:\program files\Yahoo!\Companion\Data\dlg_mustip.html
c:\program files\Yahoo!\Companion\Data\dlg_mustipg.html
c:\program files\Yahoo!\Companion\Data\dlg_nbatip.html
c:\program files\Yahoo!\Companion\Data\dlg_nbatipg.html
c:\program files\Yahoo!\Companion\Data\dlg_newstip.html
c:\program files\Yahoo!\Companion\Data\dlg_newstipg.html
c:\program files\Yahoo!\Companion\Data\dlg_newtip.html
c:\program files\Yahoo!\Companion\Data\dlg_newtipg.html
c:\program files\Yahoo!\Companion\Data\dlg_nfltip.html
c:\program files\Yahoo!\Companion\Data\dlg_nfltipg.html
c:\program files\Yahoo!\Companion\Data\dlg_opt.html
c:\program files\Yahoo!\Companion\Data\dlg_pub.html
c:\program files\Yahoo!\Companion\Data\dlg_shotip.html
c:\program files\Yahoo!\Companion\Data\dlg_shotipg.html
c:\program files\Yahoo!\Companion\Data\dlg_srchtip.html
c:\program files\Yahoo!\Companion\Data\dlg_tratip.html
c:\program files\Yahoo!\Companion\Data\dlg_tratipg.html
c:\program files\Yahoo!\Companion\Data\dlg_upg.html
c:\program files\Yahoo!\Companion\Data\dlg_upg8tip.html
c:\program files\Yahoo!\Companion\Data\dlg_wctb.html
c:\program files\Yahoo!\Companion\Data\dlg_weatip.html
c:\program files\Yahoo!\Companion\Data\dlg_weatipg.html
c:\program files\Yahoo!\Companion\Data\dlg_wp.html
c:\program files\Yahoo!\Companion\Data\dlg_wp2.html
c:\program files\Yahoo!\Companion\Data\dlg_yq.html
c:\program files\Yahoo!\Companion\Data\settings.html
c:\program files\Yahoo!\Companion\Installs\cpn0\inyt.exe.manifest
c:\program files\Yahoo!\Companion\Installs\cpn0\visic_coupon.dll
c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll
c:\program files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
c:\program files\Yahoo!\Companion\Installs\cpn0\ytbn.exe
c:\program files\Yahoo!\Companion\Installs\cpn1\inyt.exe.manifest
c:\program files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll
c:\program files\Yahoo!\Companion\Installs\cpn1\yt.dll
c:\program files\Yahoo!\Companion\Installs\cpn1\ytbb.exe
c:\program files\Yahoo!\Companion\Installs\cpn1\ytbn.exe
c:\program files\Yahoo!\Companion\Installs\cpn2\visic_coupon.dll
c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll
c:\program files\Yahoo!\Companion\Installs\cpn2\ytbb.exe
c:\program files\Yahoo!\Companion\Installs\cpn2\ytbn.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CLTMNGSVC
-------\Service_CltMngSvc
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-26 to 2013-07-26  )))))))))))))))))))))))))))))))
.
.
2013-07-26 07:38 . 2013-07-01 22:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B6193E0-F774-4A1A-A45D-90453D2B28C5}\mpengine.dll
2013-07-25 19:51 . 2013-07-01 22:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-25 17:34 . 2013-07-25 17:34 -------- d-----w- c:\documents and settings\Sarah\Application Data\Malwarebytes
2013-07-25 13:16 . 2013-07-25 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-07-24 20:40 . 2013-07-24 23:28 -------- d-----w- c:\program files\Microsoft Security Client
2013-07-22 20:53 . 2013-07-22 20:53 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-07-16 23:09 . 2013-07-16 23:13 -------- d-----w- c:\windows\system32\MRT
2013-07-05 08:34 . 2013-07-22 21:07 -------- d-----w- c:\program files\AVG Secure Search
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-05 08:34 . 2012-10-15 20:33 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-06-18 20:50 . 2013-01-20 14:59 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-12 22:17 . 2012-04-09 10:05 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 22:17 . 2011-05-29 19:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-07 22:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-11 16:29 . 2013-05-11 16:28 3571992 ----a-w- C:\rcsetup146.exe
2013-05-08 23:28 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:30 . 2004-08-04 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2004-08-03 22:59 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2012-11-19 19:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-30 00:28 . 2013-04-30 00:28 102448 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-07-05 08:34 3055280 ----a-w- c:\program files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll" [2013-07-05 3055280]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-07-19 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-19 16248320]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2006-07-19 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-29 766041]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2006-07-14 471040]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 569413]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-13 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-13 118784]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-10-22 1310720]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-25 147456]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-25 167936]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-07-05 2236080]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-20 995176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-17 618557]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 01:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 03:25 6595928 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 12:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-09-11 16:29 1022352 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Registry Repair Pro]
2005-09-08 22:14 1363968 ------w- c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Security Toolbar Service"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [05/06/2011 14:18 28552]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [15/10/2012 21:33 37664]
R1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DD04000.00A\ccsetx86.sys [21/06/2013 07:48 134744]
R1 RapportCerberus_51755;RapportCerberus_51755;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_51755.sys [31/03/2013 10:15 317112]
R1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [30/04/2013 01:28 103120]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [05/01/2011 00:58 61424]
R2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [05/01/2011 00:59 81504]
R2 KodakSvc;Kodak AiO Device Service;c:\program files\Kodak\Printer\Center\KodakSvc.exe [30/10/2008 11:58 28672]
R2 NCO;Norton Identity Safe;c:\program files\Norton Safe Web Lite\Engine\2013.4.0.10\ccsvchst.exe [21/06/2013 07:48 144368]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [05/01/2011 00:59 122368]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [14/05/2013 13:26 3289208]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [05/07/2013 09:35 1598128]
S1 MpKsl326b8d2b;MpKsl326b8d2b;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B6193E0-F774-4A1A-A45D-90453D2B28C5}\MpKsl326b8d2b.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B6193E0-F774-4A1A-A45D-90453D2B28C5}\MpKsl326b8d2b.sys [?]
S2 gupdate1ca0e0336031886;Google Update Service (gupdate1ca0e0336031886);c:\program files\Google\Update\GoogleUpdate.exe [26/07/2009 16:10 133104]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [30/04/2013 01:28 1124632]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944]
S3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys [30/08/2009 17:41 705536]
S3 memcard;PCMCIA Memory Card Driver;c:\windows\system32\drivers\memcard.sys [20/07/2009 19:02 8320]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [30/04/2013 01:28 102448]
S3 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [30/04/2013 01:28 174320]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [22/01/2011 12:22 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [22/01/2011 12:23 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [22/01/2011 12:23 114472]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [22/01/2011 12:23 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [22/01/2011 12:24 109736]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 01:56 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 22:17]
.
2013-07-26 c:\windows\Tasks\BrowserDefendert.job
- c:\windows\system32\sc.exe [2004-08-04 10:39]
.
2013-07-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-15 13:41]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 15:10]
.
2013-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-26 15:10]
.
2013-07-26 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 17:05]
.
2013-07-26 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-20 17:05]
.
2013-07-14 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 11:25]
.
2013-05-29 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 11:25]
.
2013-07-25 c:\windows\Tasks\User_Feed_Synchronization-{75766D88-08FA-486B-BE73-4A001CC00B2B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.1.1 0.0.0.0
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\keith\Application Data\Mozilla\Firefox\Profiles\uson2peo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - ExtSQL: 2013-06-16 19:23; avg@toolbar; c:\documents and settings\All Users\Application Data\AVG Secure Search\FireFoxExt\15.2.0.5
FF - ExtSQL: 2013-07-24 23:57; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; c:\documents and settings\All Users\Application Data\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.3.19\coFFPlgn
FF - ExtSQL: !HIDDEN! 2011-05-01 07:22; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=1798992329&ir=&q=
FF - user.js: extensions.mysearchdial.id - 0019D208F080C8B3
FF - user.js: extensions.mysearchdial.instlDay - 15908
FF - user.js: extensions.mysearchdial.vrsn -
FF - user.js: extensions.mysearchdial.vrsni -
FF - user.js: extensions.mysearchdial_i.vrsnTs - 21:51
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - dnldmsd
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef -
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 1798992329
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
FF - user.js: extensions.irmysearch.aflt - dnldmsd
FF - user.js: extensions.irmysearch.instlRef -
FF - user.js: extensions.irmysearch.cr - 1798992329
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzutDtDtCzy0DtBtDzz0FtDzztD0Czz0BtAtN0D0Tzu0CyDyCzytN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - ac94c8b3000000000000001636fecf6c
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15910
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.522:51
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119357&tt=230713_18215&tsp=4953
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-NTRedirect - c:\documents and settings\keith\Application Data\BabSolution\Shared\NTRedirect.dll
AddRemove-Delta Chrome Toolbar - c:\documents and settings\keith\Application Data\BabSolution\Shared\GUninstaller.exe
AddRemove-FLV_Runner Toolbar - c:\program files\FLV_Runner\uninstall.exe
AddRemove-SearchProtect - c:\program files\SearchProtect\bin\uninstall.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\documents and settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-26 10:00
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NCO]
"ImagePath"="\"c:\program files\Norton Safe Web Lite\Engine\2013.4.0.10\ccSvcHst.exe\" /s \"NCO\" /m \"c:\program files\Norton Safe Web Lite\Engine\2013.4.0.10\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\docume~1\keith\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2013-07-26  10:04:48 - machine was rebooted
ComboFix-quarantined-files.txt  2013-07-26 09:04
ComboFix2.txt  2013-07-25 17:11
ComboFix3.txt  2012-11-18 18:06
.
Pre-Run: 2,463,719,424 bytes free
Post-Run: 2,350,493,696 bytes free
.
- - End Of File - - 6E819CA5EEB1BC9C809389FCB2838C1D
8F558EB6672622401DA993E1E865C861
 

 

 

now going to run antimalware..



#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 26 July 2013 - 05:07 AM

-------------------


Edited by TB-Psychotic, 26 July 2013 - 05:31 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Headhurts

Headhurts
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 26 July 2013 - 07:55 AM

antimalware log as requested..

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.26.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
keith :: KEITHS [administrator]

26/07/2013 10:16:15
mbam-log-2013-07-26 (10-16-15).txt

Scan type: Full scan (C:\|D:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 325365
Time elapsed: 1 hour(s), 58 minute(s), 13 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP511\A0711075.dll (Adware.BProtector) -> Quarantined and deleted successfully.

(end)

 

many thanks



#12 Headhurts

Headhurts
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 26 July 2013 - 09:22 AM

Just tried to use Firefox and it not working at all - just a donk sound. Have tried rebooting but that no good. Ie working ok. Ty

#13 Headhurts

Headhurts
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 27 July 2013 - 04:25 AM

hi

ran another antimalware this morning and it found 2 objects - something insecure somewhere!

 

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.07.27.02

 

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

keith :: KEITHS [administrator]

 

27/07/2013 09:59:24

mbam-log-2013-07-27 (09-59-24).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 262058

Time elapsed: 12 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 2

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Quarantined and deleted successfully.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)



#14 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:27 AM

Posted 27 July 2013 - 08:03 AM

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#15 Headhurts

Headhurts
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 28 July 2013 - 03:07 AM

Hi

Here is my threat log you requested from ESET.

 

 

C:\Comp progs\7zipfree_8675.exe a variant of Win32/InstallIQ.A application
C:\Comp progs\ac3filter.exe a variant of Win32/InstallIQ.A application
C:\Comp progs\virus removers\AntiPuper.exe Win32/PrcView application
C:\Comp progs\virus removers\smitRem\Process.exe Win32/PrcView application
C:\Documents and Settings\keith\My Documents\Downloads\cbsidlm-cbsi118-Revo_Uninstaller-ORG-10687648.exe probably a variant of Win32/CNETInstaller.A application
C:\Documents and Settings\keith\My Documents\Downloads\cpuz-setup.exe Win32/DownloadAdmin.G application
C:\Documents and Settings\keith\My Documents\Downloads\cpuz_152_setup.exe a variant of Win32/Bundled.Toolbar.Ask.A application
C:\Documents and Settings\keith\My Documents\Downloads\filehelper_setup_mov.exe multiple threats
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe.vir a variant of Win32/bProtector.A application
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe.vir a variant of Win32/bProtector.A application
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\BrowserDefender\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\bprotector.js.vir Win32/bProtector.F application
C:\Qoobox\Quarantine\C\Documents and Settings\keith\Application Data\SearchProtect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Documents and Settings\keith\Application Data\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application
C:\Qoobox\Quarantine\C\Documents and Settings\keith\Application Data\SearchProtect\bin\CltMngSvc.exe.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\Documents and Settings\keith\Application Data\SearchProtect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Documents and Settings\keith\Application Data\SearchProtect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Documents and Settings\keith\Application Data\SearchProtect\bin\SPHook32.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Documents and Settings\keith\Application Data\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\Documents and Settings\Sarah\Application Data\SearchProtect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Documents and Settings\Sarah\Application Data\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application
C:\Qoobox\Quarantine\C\Documents and Settings\Sarah\Application Data\SearchProtect\bin\CltMngSvc.exe.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\Documents and Settings\Sarah\Application Data\SearchProtect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Documents and Settings\Sarah\Application Data\SearchProtect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Documents and Settings\Sarah\Application Data\SearchProtect\bin\SPHook32.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Documents and Settings\Sarah\Application Data\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\Documents and Settings\Sarah\Application Data\SearchProtect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\bin\ChromeModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\bin\cltmng.exe.vir a variant of Win32/Conduit.SearchProtect.B application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\bin\CltMngSvc.exe.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\bin\FirefoxModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\bin\InternetExplorerModule.dll.vir a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\bin\SPHook32.dll.vir probably a variant of Win32/Conduit.SearchProtect.C application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\ffprotect\application.js.vir Win32/Conduit.SearchProtect.A application
C:\Qoobox\Quarantine\C\Program Files\SearchProtect\ffprotect\nsprotector.js.vir Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP501\A0710325.exe Win32/DownloadAdmin.G application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP502\A0710443.dll Win32/Wajam.A application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP502\A0710444.exe Win32/Wajam.A application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP502\A0710608.dll probably a variant of Win32/Adware.Yontoo.B application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712069.exe a variant of Win32/bProtector.A application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712070.exe a variant of Win32/bProtector.A application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712084.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712085.exe a variant of Win32/Conduit.SearchProtect.B application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712086.exe Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712087.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712088.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712091.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712094.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712095.exe a variant of Win32/Conduit.SearchProtect.B application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712096.exe Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712097.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712098.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712101.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712116.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712117.exe a variant of Win32/Conduit.SearchProtect.B application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712118.exe Win32/Conduit.SearchProtect.A application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712119.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712120.dll a variant of Win32/Conduit.SearchProtect.C application
C:\System Volume Information\_restore{2032208B-B646-4DDB-90F0-25F7E69B146D}\RP521\A0712123.dll probably a variant of Win32/Conduit.SearchProtect.C application
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\application.js Win32/Conduit.SearchProtect.A application
C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect\ffprotect\nsprotector.js Win32/Conduit.SearchProtect.A application

 

 

Just been looking at my  'all programs' list from the start menu and there are 2 programm that i dont recognise

 

Norton Identity Safe

Browser Defender

 

are these bad?

 

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users