Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

do I have crsssss90210 virus??? Microsoft says I do


  • Please log in to reply
5 replies to this topic

#1 dgreear

dgreear

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 27 July 2013 - 03:56 AM

Here are the 2 logs from DDS, sorry don't know how to zip.  Please keep your suggestions or comments simple.  Your dealing with a pretty big dunder head here.  Thanks
 
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by Deb at 1:43:16 on 2013-07-27
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1093 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\StkASv2K.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\sj655\hpupdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CrossriderWebApps\Crossrider.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CrossRiderPlugin] c:\program files\crossriderwebapps\Crossrider.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [HP Update 4200C] c:\sj655\hpupdate.exe 4200C+
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [tscuninstall] c:\windows\system32\tscupgrd.exe
StartupFolder: c:\documents and settings\deb\start menu\programs\startup\OneNote Table Of Contents.onetoc2
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374574427078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1311847406625
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.254.232.1
TCP: Interfaces\{2D9ECAA5-C9C9-4CD8-8610-110355AC607F} : DHCPNameServer = 172.16.5.2
TCP: Interfaces\{E8CE5496-BB6C-462C-9107-D4F046CB9FF6} : DHCPNameServer = 10.254.232.1
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 211560]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2012-10-26 465216]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S0 dmwvad;dmwvad;c:\windows\system32\drivers\qbwng.sys --> c:\windows\system32\drivers\qbwng.sys [?]
S0 xsyiwve;xsyiwve;c:\windows\system32\drivers\fvwljjb.sys --> c:\windows\system32\drivers\fvwljjb.sys [?]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; [x]
S3 Aldebaran;Aldebaran - Storage Filter Drivers; [x]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\HP4200C.SYS [2012-8-19 9312]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
.
=============== File Associations ===============
.
ShellExec: EasyShare.exe: Preview="c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe"
.
=============== Created Last 30 ================
.
2013-07-26 17:25:27 7143960 ----a-w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\{0fbb9923-90aa-494e-bca6-6d7e7c6e14bd}\mpengine.dll
2013-07-26 02:42:16 7143960 ------w- c:\documents and settings\all users.windows\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-23 02:20:28 -------- d-----w- c:\program files\common files\Bitdefender
2013-07-22 21:42:49 -------- d-----w- c:\documents and settings\deb\local settings\application data\LogMeIn Rescue Applet
2013-07-13 09:22:13 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-06-25 01:44:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-25 01:44:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-25 01:37:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 01:37:26 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-25 01:37:24 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-25 01:37:23 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-19 04:50:08 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-08 06:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-22 15:21:06 4325376 ----a-w- c:\documents and settings\all users.windows\application data\ReadOnlyInstaller.msi
2013-05-09 07:28:02 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:26:26 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:18 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
2004-07-09 11:08:36 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 11:08:34 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 10:03:10 62976 ----a-w- c:\program files\DSETUP.dll
.
============= FINISH:  1:44:30.48 ===============
 
Thiss one says not to post, but ?????
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/9/2011 10:12:42 AM
System Uptime: 7/25/2013 12:21:22 PM (37 hours ago)
.
Motherboard: Hewlett-Packard |  | 309D
Processor:         Intel® Pentium® M processor 1.73GHz | U1 | 1729/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 42.253 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP844: 5/26/2013 3:13:10 AM - Software Distribution Service 3.0
RP845: 5/26/2013 3:20:51 AM - Software Distribution Service 3.0
RP846: 5/26/2013 3:33:16 AM - Software Distribution Service 3.0
RP847: 5/26/2013 3:57:12 AM - Software Distribution Service 3.0
RP848: 5/26/2013 8:34:37 AM - Removed Java™ 6 Update 43
RP849: 5/26/2013 8:36:41 AM - Installed Java 7 Update 21
RP850: 5/27/2013 3:03:32 PM - Software Distribution Service 3.0
RP851: 5/29/2013 2:52:14 AM - System Checkpoint
RP852: 5/29/2013 2:37:54 PM - Software Distribution Service 3.0
RP853: 5/31/2013 3:47:11 AM - Software Distribution Service 3.0
RP854: 6/1/2013 4:10:43 AM - Software Distribution Service 3.0
RP855: 6/2/2013 2:10:28 AM - Removed ASPCA Reminder by We-Care.com v4.1.22.1
RP856: 6/2/2013 2:27:02 AM - Software Distribution Service 3.0
RP857: 6/3/2013 8:16:39 PM - Software Distribution Service 3.0
RP858: 6/5/2013 4:45:43 PM - Software Distribution Service 3.0
RP859: 6/6/2013 5:46:11 PM - Software Distribution Service 3.0
RP860: 6/7/2013 8:57:21 PM - System Checkpoint
RP861: 6/8/2013 2:36:38 AM - Software Distribution Service 3.0
RP862: 6/9/2013 3:11:59 AM - Software Distribution Service 3.0
RP863: 6/10/2013 2:41:23 PM - Software Distribution Service 3.0
RP864: 6/11/2013 3:17:14 PM - Software Distribution Service 3.0
RP865: 6/12/2013 4:45:07 AM - Software Distribution Service 3.0
RP866: 6/12/2013 4:07:19 PM - Software Distribution Service 3.0
RP867: 6/13/2013 5:24:06 PM - Software Distribution Service 3.0
RP868: 6/15/2013 2:49:55 AM - Software Distribution Service 3.0
RP869: 6/16/2013 2:04:47 AM - Software Distribution Service 3.0
RP870: 6/17/2013 8:36:21 AM - Software Distribution Service 3.0
RP871: 6/18/2013 5:37:18 PM - Software Distribution Service 3.0
RP872: 6/19/2013 4:55:12 AM - Installed Windows XP KB2808679.
RP873: 6/20/2013 3:46:59 AM - Software Distribution Service 3.0
RP874: 6/21/2013 3:56:01 AM - Software Distribution Service 3.0
RP875: 6/22/2013 8:04:41 AM - Software Distribution Service 3.0
RP876: 6/23/2013 2:03:44 AM - Software Distribution Service 3.0
RP877: 6/24/2013 8:54:29 AM - Software Distribution Service 3.0
RP878: 6/24/2013 6:02:56 PM - Removed Java 7 Update 21
RP879: 6/24/2013 6:04:07 PM - Removed J2SE Runtime Environment 5.0 Update 4
RP880: 6/24/2013 6:09:18 PM - Removed Adobe Reader 9.5.5.
RP881: 6/24/2013 6:36:50 PM - Installed Java 7 Update 25
RP882: 6/25/2013 4:59:22 PM - Software Distribution Service 3.0
RP883: 6/27/2013 2:13:20 AM - Software Distribution Service 3.0
RP884: 6/28/2013 8:22:17 AM - Software Distribution Service 3.0
RP885: 6/29/2013 1:54:53 PM - Software Distribution Service 3.0
RP886: 6/30/2013 2:42:18 AM - Software Distribution Service 3.0
RP887: 7/1/2013 3:22:20 PM - Software Distribution Service 3.0
RP888: 7/2/2013 6:48:30 PM - Software Distribution Service 3.0
RP889: 7/4/2013 7:48:46 AM - Software Distribution Service 3.0
RP890: 7/5/2013 8:07:40 AM - Software Distribution Service 3.0
RP891: 7/6/2013 7:38:36 PM - Software Distribution Service 3.0
RP892: 7/7/2013 2:25:41 AM - Software Distribution Service 3.0
RP893: 7/8/2013 9:11:20 AM - System Checkpoint
RP894: 7/8/2013 1:53:32 PM - Software Distribution Service 3.0
RP895: 7/9/2013 2:45:23 PM - System Checkpoint
RP896: 7/10/2013 6:31:42 AM - Software Distribution Service 3.0
RP897: 7/10/2013 7:56:24 AM - Software Distribution Service 3.0
RP898: 7/10/2013 9:08:28 PM - Software Distribution Service 3.0
RP899: 7/11/2013 8:14:42 AM - Software Distribution Service 3.0
RP900: 7/12/2013 11:00:05 AM - Software Distribution Service 3.0
RP901: 7/13/2013 2:20:34 AM - Software Distribution Service 3.0
RP902: 7/13/2013 5:09:26 PM - Software Distribution Service 3.0
RP903: 7/14/2013 2:07:50 AM - Software Distribution Service 3.0
RP904: 7/15/2013 9:47:37 AM - Software Distribution Service 3.0
RP905: 7/16/2013 1:36:31 PM - Software Distribution Service 3.0
RP906: 7/17/2013 3:49:32 PM - Software Distribution Service 3.0
RP907: 7/18/2013 4:04:07 PM - Software Distribution Service 3.0
RP908: 7/19/2013 5:27:30 PM - Software Distribution Service 3.0
RP909: 7/20/2013 6:02:32 PM - Software Distribution Service 3.0
RP910: 7/21/2013 1:43:34 AM - Software Distribution Service 3.0
RP911: 7/22/2013 8:00:39 AM - Software Distribution Service 3.0
RP912: 7/23/2013 1:33:54 AM - Uniblue SpeedUpMyPC installation
RP913: 7/24/2013 3:51:24 AM - Software Distribution Service 3.0
RP914: 7/25/2013 9:35:24 AM - Software Distribution Service 3.0
RP915: 7/26/2013 10:25:20 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.03)
Advanced SystemCare 6
Agere Systems AC'97 Modem
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 6 FREE v.6.84
aspi
Bonjour
Broadcom 802.11 Wireless LAN Adapter
CCHelp
CCScore
Cisco Connect
DivX Version Checker
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
ffdshow [rev 2527] [2008-12-19]
Google Update Helper
HLPCCTR
HLPIndex
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Help and Support
HP Software Update
HP Update
HP Wireless Assistant 1.01 B2
HP_User_Guides_0005
InstaCodecs
Intel® Graphics Media Accelerator Driver for Mobile
InterVideo WinDVD
iTunes
Java 7 Update 25
Java Auto Updater
Kodak EasyShare software
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 12
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Notifier
Octoshape add-in for Adobe Flash Player
OTtBP
PCDLNCH
REALTEK Gigabit and Fast Ethernet NIC Driver
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SFR
SFR2
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SoundMAX
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Zip Opener
USB2.0 Capture Device
VC80CRTRedist - 8.0.50727.6195
VCAMCEN
VHS2DVD Wizard
VLC media player 2.0.7
VPRINTOL
WebFldrs XP
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
7/25/2013 10:33:33 AM, error: Service Control Manager [7034]  - The ScsiAccess service terminated unexpectedly.  It has done this 1 time(s).
7/24/2013 12:10:31 AM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.155.501.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: http://www.microsoft.com  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9700.0  Error code: 0x8024402c  Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
7/24/2013 1:42:25 PM, error: Service Control Manager [7001]  - The Universal Plug and Play Device Host service depends on the SSDP Discovery Service service which failed to start because of the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/24/2013 1:41:55 PM, error: Dhcp [1002]  - The IP address lease 10.1.10.52 for the Network Card with network address 00150025241C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
7/24/2013 1:17:52 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.123 for the Network Card with network address 00150025241C has been denied by the DHCP server 10.1.10.1 (The DHCP Server sent a DHCPNACK message).
7/23/2013 1:42:24 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
7/21/2013 3:14:00 AM, error: Schedule [7901]  - The At1.job command failed to start due to the following error:  %%2147942402
7/21/2013 1:09:18 AM, error: Dhcp [1002]  - The IP address lease 192.168.1.123 for the Network Card with network address 00150025241C has been denied by the DHCP server 10.254.232.1 (The DHCP Server sent a DHCPNACK message).
7/20/2013 4:14:58 AM, error: Dhcp [1002]  - The IP address lease 10.254.234.239 for the Network Card with network address 00150025241C has been denied by the DHCP server 10.254.220.1 (The DHCP Server sent a DHCPNACK message).
7/20/2013 3:40:51 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  eabfiltr
7/20/2013 3:40:51 PM, error: Service Control Manager [7022]  - The Windows Image Acquisition (WIA) service hung on starting.
7/20/2013 3:40:51 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
7/20/2013 3:39:24 PM, error: Service Control Manager [7000]  - The Advanced SystemCare Service 5 service failed to start due to the following error:  The system cannot find the path specified.
.
==== End Of File ===========================

Mod Edit: Topic moved from Windows XP forum.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 29 July 2013 - 09:23 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 dgreear

dgreear
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 31 July 2013 - 06:59 AM

Did a search and there was no AdWare, PUP on my computer.  Here are the logs.  Do I have any virus?  Internet is extremely slow.  I think I still have them..

 

# AdwCleaner v2.306 - Logfile created 07/31/2013 at 03:48:41
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Deb - DEB-B3602D2CDA2
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Deb\Desktop\AdwCleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\user.js
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users.WINDOWS\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\Deb\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Deb\Application Data\DSite
Folder Deleted : C:\Documents and Settings\Deb\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Deb\Local Settings\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Deb\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Deb\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\Deb\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Deb\Local Settings\Application Data\Wajam
Folder Deleted : C:\Documents and Settings\Deb\Local Settings\Application Data\Wondershare
Folder Deleted : C:\Documents and Settings\Deb\Local Settings\Application Data\Zoom_Downloader
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\Speedbit
Folder Deleted : C:\Program Files\Common Files\Wondershare
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\fbphotozoom
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\SweetIM

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92A9ACF4-9333-43AE-9698-DB283326F87F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\SBConvert
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\SPEEDbitVideoConverter
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [searchpredict@speedbit.com]
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Deb\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [9442 octets] - [31/07/2013 03:48:22]
AdwCleaner[S1].txt - [9417 octets] - [31/07/2013 03:48:41]

########## EOF - C:\AdwCleaner[S1].txt - [9477 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.9 (07.30.2013:1)
OS: Microsoft Windows XP x86
Ran by Deb on Wed 07/31/2013 at  4:01:30.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\crossriderplugin
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow\\*.crossrider.com
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A8007894-80D8-4685-BEA3-C27A51920670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}

 

~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll

 

~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\codeccheck"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Deb\Application Data\speedypc software"
Successfully deleted: [Folder] "C:\Documents and Settings\Deb\Local Settings\Application Data\updater21804"
Successfully deleted: [Folder] "C:\Documents and Settings\Deb\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\crossriderwebapps"
Successfully deleted: [Folder] "C:\Program Files\productivity_3.1"
Successfully deleted: [Folder] "C:\ai_recyclebin"

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/31/2013 at  4:04:41.48
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

ComboFix 13-07-31.02 - Deb 07/31/2013   4:19.4.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2038.1576 [GMT -7:00]
Running from: c:\documents and settings\Deb\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2013-06-28 to 2013-07-31  )))))))))))))))))))))))))))))))
.
.
2013-07-31 11:01 . 2013-07-31 11:01 -------- d-----w- c:\windows\ERUNT
2013-07-31 10:44 . 2013-07-31 10:44 -------- d-----w- c:\documents and settings\Deb\Application Data\Mipony
2013-07-31 10:43 . 2013-07-31 10:43 -------- d-----w- c:\program files\OpenIt
2013-07-31 10:43 . 2013-07-31 10:43 -------- d-----w- c:\documents and settings\Deb\Application Data\DigitalSite
2013-07-31 10:43 . 2013-07-31 10:43 60872 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DBDB56A-AE15-40AD-81D8-7E2B6F697B33}\offreg.dll
2013-07-31 10:41 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3DBDB56A-AE15-40AD-81D8-7E2B6F697B33}\mpengine.dll
2013-07-31 10:40 . 2013-07-31 10:40 -------- d-----w- c:\program files\MiPony
2013-07-30 02:12 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-28 15:40 . 2013-07-28 15:46 -------- d-----w- c:\program files\Vivitar Experience Image Manager
2013-07-23 02:20 . 2013-07-23 02:20 -------- d-----w- c:\program files\Common Files\Bitdefender
2013-07-22 21:42 . 2013-07-23 08:50 -------- d-----w- c:\documents and settings\Deb\Local Settings\Application Data\LogMeIn Rescue Applet
2013-07-13 09:22 . 2013-07-13 09:26 -------- d-----w- c:\windows\system32\MRT
2013-07-03 05:08 . 2013-07-03 05:08 -------- d-----w- c:\documents and settings\Deb\Application Data\Leadertech
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-25 01:44 . 2013-06-25 01:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-25 01:44 . 2013-06-25 01:44 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-25 01:37 . 2013-06-25 01:37 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 01:37 . 2013-05-26 15:37 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-25 01:37 . 2012-06-18 01:10 867240 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-06-25 01:37 . 2011-07-29 19:49 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-19 04:50 . 2012-08-31 05:03 211560 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-06-08 06:55 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2011-09-10 11:01 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-22 15:21 . 2013-05-22 15:21 4325376 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\ReadOnlyInstaller.msi
2013-05-09 07:28 . 2009-01-31 03:35 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-05-03 01:26 . 2011-09-10 11:01 2193536 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38 . 2011-09-10 11:01 2070144 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 15:28 . 2011-07-28 09:18 238872 ------w- c:\windows\system32\MpSigStub.exe
2004-07-09 11:08 . 2004-07-09 11:08 472576 ----a-w- c:\program files\dxsetup.exe
2004-07-09 11:08 . 2004-07-09 11:08 2242560 ----a-w- c:\program files\dsetup32.dll
2004-07-09 10:03 . 2004-07-09 10:03 62976 ----a-w- c:\program files\DSETUP.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-12-13 155648]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"HP Update 4200C"="c:\sj655\hpupdate.exe" [2002-02-14 32768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-12-13 126976]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-06-21 995176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Deb\Start Menu\Programs\Startup\
OneNote Table Of Contents.onetoc2 [2011-11-22 3656]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe -h [2004-4-27 635019]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\Deb\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:*:Disabled:Peer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [10/26/2012 11:07 AM 465216]
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 5:00 AM 14336]
S0 dmwvad;dmwvad;c:\windows\system32\drivers\qbwng.sys --> c:\windows\system32\drivers\qbwng.sys [?]
S0 xsyiwve;xsyiwve;c:\windows\system32\drivers\fvwljjb.sys --> c:\windows\system32\drivers\fvwljjb.sys [?]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; [x]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2012 10:51 AM 136176]
S3 Aldebaran;Aldebaran - Storage Filter Drivers; [x]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [11/8/2012 10:51 AM 136176]
S3 hp4200c;%usbscan.SvcDesc%;c:\windows\system32\drivers\HP4200C.SYS [8/19/2012 4:27 AM 9312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ    p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-25 01:44]
.
2013-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-07-31 c:\windows\Tasks\ASC6_AutoClean.job
- c:\program files\IObit\Advanced SystemCare 6\AutoSweep.exe [2012-10-26 02:47]
.
2013-07-31 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2012-10-26 02:47]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-08 17:50]
.
2013-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-08 17:50]
.
2013-07-31 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-06-21 01:05]
.
2013-07-31 c:\windows\Tasks\User_Feed_Synchronization-{36620BCB-26EC-4106-B3D4-52941955A79C}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
TCP: DhcpNameServer = 68.87.76.178 68.87.78.130
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-CrossRiderPlugin - c:\program files\CrossriderWebApps\Crossrider.exe
AddRemove-DSite - c:\docume~1\Deb\APPLIC~1\DSite\UpdateProc\UpdateTask.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-31 04:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????n??|?????? ???B?????????????hLC? ??????
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-07-31  04:29:31
ComboFix-quarantined-files.txt  2013-07-31 11:29
ComboFix2.txt  2013-07-25 23:37
.
Pre-Run: 44,935,520,256 bytes free
Post-Run: 45,017,333,760 bytes free
.
- - End Of File - - EBEAC4D12FDDB5FB026282A61D93F400
8F558EB6672622401DA993E1E865C861
 

 

 

 Results of screen317's Security Check version 0.99.71 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
 Microsoft Security Essentials   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100 
 Out of date Malwarebytes Anti-Malware installed!
 Java 7 Update 25 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````
 


Edited by Queen-Evie, 31 July 2013 - 08:28 AM.
post originally in XP. merged with this one. Please post all requested logs in this topic.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 31 July 2013 - 09:39 AM

Looking better, any remaining issues?

#5 dgreear

dgreear
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:38 AM

Posted 04 August 2013 - 04:47 PM

Hi Nasdaq,

 

Thanks for helping.  I think everything is ok, Yahoo runs slow, but that could be Yahoo!  I have a new question.  I'll try to keep it brief...I work overnights at a private golf course.  During the night I take out the ethernet cable from one of their computers and download movies to my computer.  I've been using 2 different movie download sites for about 4 years with no problems.  When I got to work Friday night there was an email from our general manager that one of the computers at the front desk was so infected that even their IT guy declared it toast.  He was not happy.  I use that ethernet cable just so wifi doesn't crap out on me for some reason (we are up in the mountains).  Now I know (I think) that it's not like putting someone else's tongue depressor in your mouth, but I hope I didn't cause their computer to be infected.  But, did it cause my computer to get infected.  My original problem was that I was getting emails from myself that I wasn't sending.  Tons of people use that computer and as long as I've been there people have been using it to surf the web.  Not exactly an employers dream, but they do get slow sometimes and well, it's something to do.  After looking at my logs you said I looked pretty good.  Do I possibly have something sitting in there waiting to toast my computer too?  Thanks, Hope your having a good weekend!

 

deb



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,544 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:38 AM

Posted 05 August 2013 - 07:51 AM



Did a search and there was no AdWare, PUP on my computer.


All that was removed from your computer were Adware and PUP (Potentially Unwanted Program).
Look at the AdwCleaner and Junk removal tool logs.

I did not see any Worm that could have infected the computers.

Just to make sure run this Scan.

Please scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users