Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Woes - Disabled Router


  • This topic is locked This topic is locked
17 replies to this topic

#1 Brett998866

Brett998866

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 07 August 2013 - 10:01 PM

Greetings all.  Having virus troubles. Lost of symptoms, but mostly of the redirect type.  This one actually disabled my router requiring me to hit the reset button on the back of it and restore the settings.  It is back up and running, but I know I have virus issues still.  Follows are my DDS and Attach logs.  Many thanks in advance.

 

Brett

 

DDS LOG:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.25.2
Run by HP_Owner at 22:54:17 on 2013-08-07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3006.2224 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Seagate_Media\Sync\MediaAggreService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Seagate\Seagate_Media\Sync\MediaSync.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MAPSGA~2\bar\2.bin\39brmon.exe
C:\Program Files\GorillaPrice\GorillaPrice.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://m.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {71c1d63a-c944-428a-a5bd-ba513190e5d2} - No File
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [GorillaPrice] "c:\program files\gorillaprice\GorillaPrice.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe"  -osboot
mRun: [GorillaPrice] "c:\program files\gorillaprice\GorillaPrice.exe"
mRun: [MapsGalaxy_39 Browser Plugin Loader] c:\progra~1\mapsga~2\bar\2.bin\39brmon.exe
mRun: [MapsGalaxy Search Scope Monitor] "c:\progra~1\mapsga~2\bar\2.bin\39srchmn.exe" /m=2 /w /h
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342049118609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1342390427375
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{570E448B-2E37-41F3-A83B-0C076AA62518} : DhcpNameServer = 10.0.0.1
TCP: Interfaces\{80443072-5384-4D29-A197-604ECE8884D8} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 195296]
R1 MpKsldccd6a01;MpKsldccd6a01;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c85ffe76-5679-44c9-b9d2-7115677b78d6}\MpKsldccd6a01.sys [2013-8-7 29904]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-6-15 24328]
R2 FreeAgentTheater Service;Seagate Media;c:\program files\seagate\seagate_media\sync\MediaAggreService.exe [2012-12-20 237248]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-17 1262400]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2013-2-23 45288]
S0 ruek;ruek;c:\windows\system32\drivers\pxvqk.sys --> c:\windows\system32\drivers\pxvqk.sys [?]
S1 agxihlko;agxihlko;\??\c:\windows\system32\drivers\agxihlko.sys --> c:\windows\system32\drivers\agxihlko.sys [?]
S1 hyrqqqkn;hyrqqqkn;\??\c:\windows\system32\drivers\hyrqqqkn.sys --> c:\windows\system32\drivers\hyrqqqkn.sys [?]
S1 kzyvokcb;kzyvokcb;\??\c:\windows\system32\drivers\kzyvokcb.sys --> c:\windows\system32\drivers\kzyvokcb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-29 136176]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\mapsga~2\bar\2.bin\39barsvc.exe [2013-8-6 42504]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\documents and settings\hp_owner\desktop\aida64extreme250\kerneld.x32 --> c:\documents and settings\hp_owner\desktop\aida64extreme250\kerneld.x32 [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-29 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-5-16 27064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-28 256904]
S4 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.1.121\McCHSvc.exe [2010-9-3 227232]
.
=============== Created Last 30 ================
.
2013-08-08 02:11:15 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c85ffe76-5679-44c9-b9d2-7115677b78d6}\offreg.dll
2013-08-08 02:11:15 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c85ffe76-5679-44c9-b9d2-7115677b78d6}\MpKsldccd6a01.sys
2013-08-08 01:54:55 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c85ffe76-5679-44c9-b9d2-7115677b78d6}\mpengine.dll
2013-08-08 01:33:56 98816 ----a-w- c:\windows\sed.exe
2013-08-08 01:33:56 518144 ----a-w- c:\windows\SWREG.exe
2013-08-08 01:33:56 256000 ----a-w- c:\windows\PEV.exe
2013-08-08 01:33:56 208896 ----a-w- c:\windows\MBR.exe
2013-08-06 23:35:16 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2013-08-06 23:35:09 -------- d-----w- c:\program files\McAfee Security Scan
2013-08-06 23:24:21 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\IAC
2013-08-06 23:24:17 -------- d-----w- c:\documents and settings\hp_owner\application data\MapsGalaxy_39
2013-08-06 23:23:04 -------- d-----w- c:\program files\MapsGalaxy_39
2013-08-06 23:13:49 -------- d-----w- c:\documents and settings\hp_owner\application data\Open Download Manager
2013-08-06 23:12:19 -------- d-----w- c:\documents and settings\all users\application data\GorillaPrice
2013-08-06 23:12:18 -------- d-----w- c:\program files\GorillaPrice
2013-08-06 23:12:01 -------- d-----w- c:\documents and settings\hp_owner\application data\Web Cake
2013-08-06 23:11:31 -------- d-----w- c:\windows\system32\Extensions
2013-08-06 23:11:29 -------- d-----w- c:\windows\system32\searchplugins
2013-08-06 23:11:28 -------- d-----w- c:\program files\Delta
2013-08-06 23:11:15 -------- d-----w- c:\documents and settings\all users\application data\BrowserDefender
2013-08-06 23:10:34 -------- d-----w- c:\documents and settings\all users\application data\Babylon
2013-08-06 12:01:14 7143960 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-07-10 23:13:17 -------- d-----w- c:\documents and settings\hp_owner\local settings\application data\PCHealth
.
==================== Find3M  ====================
.
2013-06-28 14:20:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-28 14:20:41 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-28 14:20:40 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 14:20:40 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 03:55:44 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-21 23:59:01 13566 ----a-w- C:\FixitRegBackup.reg
2013-05-19 22:29:06 150392 ----a-w- C:\junction.exe
2013-05-13 21:28:58 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 21:28:58 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 22:55:17.26 ===============
 

 

Attach LOG:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2012 5:36:07 PM
System Uptime: 8/7/2013 9:42:28 PM (1 hours ago)
.
Motherboard: ASUSTek Computer INC. |  | NODUSM3
Processor: AMD Athlon™ 64 Processor 3500+ | Socket AM2  | 2204/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 142 GiB total, 67.7 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.517 GiB free.
E: is CDROM (CDFS)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 369.686 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP330: 5/10/2013 4:49:09 PM - Software Distribution Service 3.0
RP331: 5/11/2013 4:49:22 PM - Software Distribution Service 3.0
RP332: 5/12/2013 5:01:26 PM - System Checkpoint
RP333: 5/13/2013 9:48:08 AM - Software Distribution Service 3.0
RP334: 5/14/2013 9:08:13 PM - Installed Microsoft Fix it 50535
RP335: 5/15/2013 6:00:16 PM - Software Distribution Service 3.0
RP336: 5/16/2013 6:00:16 PM - Software Distribution Service 3.0
RP337: 5/16/2013 8:03:43 PM - Revo Uninstaller Pro's restore point - Java 7 Update 17
RP338: 5/16/2013 8:03:56 PM - Removed Java 7 Update 17
RP339: 5/18/2013 4:38:29 AM - Software Distribution Service 3.0
RP340: 5/18/2013 8:55:33 AM - Installed Java 7 Update 21
RP341: 5/19/2013 4:38:31 AM - Software Distribution Service 3.0
RP342: 5/19/2013 6:00:20 PM - Software Distribution Service 3.0
RP343: 5/20/2013 6:00:15 PM - Software Distribution Service 3.0
RP344: 5/21/2013 6:00:16 PM - Software Distribution Service 3.0
RP345: 5/21/2013 7:49:03 PM - Restore Point before Corrupt Patch Registry keys
RP346: 5/21/2013 7:52:34 PM - Installed Microsoft Fix it 50535
RP347: 5/21/2013 7:58:55 PM - Installed Microsoft Fix it 50535
RP348: 5/22/2013 7:13:55 AM - Software Distribution Service 3.0
RP349: 5/22/2013 6:00:15 PM - Software Distribution Service 3.0
RP350: 5/23/2013 10:14:06 AM - Software Distribution Service 3.0
RP351: 5/23/2013 6:00:19 PM - Software Distribution Service 3.0
RP352: 5/24/2013 10:03:57 AM - Software Distribution Service 3.0
RP353: 5/24/2013 6:00:36 PM - Software Distribution Service 3.0
RP354: 5/25/2013 8:22:16 AM - Installed QuickTime
RP355: 5/25/2013 11:37:48 AM - Software Distribution Service 3.0
RP356: 5/25/2013 6:00:15 PM - Software Distribution Service 3.0
RP357: 5/26/2013 2:46:45 PM - Software Distribution Service 3.0
RP358: 5/26/2013 6:00:16 PM - Software Distribution Service 3.0
RP359: 5/27/2013 6:00:15 PM - Software Distribution Service 3.0
RP360: 5/27/2013 9:45:09 PM - Software Distribution Service 3.0
RP361: 5/28/2013 6:00:22 PM - Software Distribution Service 3.0
RP362: 5/29/2013 12:02:31 PM - Software Distribution Service 3.0
RP363: 5/29/2013 6:00:15 PM - Software Distribution Service 3.0
RP364: 5/30/2013 12:26:09 PM - Software Distribution Service 3.0
RP365: 5/30/2013 6:00:16 PM - Software Distribution Service 3.0
RP366: 5/31/2013 12:16:12 PM - Software Distribution Service 3.0
RP367: 5/31/2013 6:00:16 PM - Software Distribution Service 3.0
RP368: 6/1/2013 12:16:29 PM - Software Distribution Service 3.0
RP369: 6/1/2013 6:00:15 PM - Software Distribution Service 3.0
RP370: 6/2/2013 2:03:32 AM - Software Distribution Service 3.0
RP371: 6/2/2013 12:16:17 PM - Software Distribution Service 3.0
RP372: 6/2/2013 6:00:15 PM - Software Distribution Service 3.0
RP373: 6/3/2013 6:00:22 PM - Software Distribution Service 3.0
RP374: 6/4/2013 10:41:26 AM - Software Distribution Service 3.0
RP375: 6/4/2013 6:00:24 PM - Software Distribution Service 3.0
RP376: 6/5/2013 10:41:23 AM - Software Distribution Service 3.0
RP377: 6/5/2013 6:00:15 PM - Software Distribution Service 3.0
RP378: 6/6/2013 10:44:07 AM - Software Distribution Service 3.0
RP379: 6/6/2013 6:00:15 PM - Software Distribution Service 3.0
RP380: 6/7/2013 11:35:04 AM - Software Distribution Service 3.0
RP381: 6/7/2013 6:00:15 PM - Software Distribution Service 3.0
RP382: 6/8/2013 11:25:16 AM - Software Distribution Service 3.0
RP383: 6/8/2013 6:00:17 PM - Software Distribution Service 3.0
RP384: 6/9/2013 2:07:51 AM - Software Distribution Service 3.0
RP385: 6/9/2013 11:25:23 AM - Software Distribution Service 3.0
RP386: 6/9/2013 6:00:36 PM - Software Distribution Service 3.0
RP387: 6/10/2013 4:45:17 PM - Software Distribution Service 3.0
RP388: 6/10/2013 6:00:17 PM - Software Distribution Service 3.0
RP389: 6/11/2013 4:45:49 PM - Software Distribution Service 3.0
RP390: 6/11/2013 6:00:15 PM - Software Distribution Service 3.0
RP391: 6/12/2013 4:46:27 PM - Software Distribution Service 3.0
RP392: 6/12/2013 6:00:15 PM - Software Distribution Service 3.0
RP393: 6/13/2013 6:00:19 PM - Software Distribution Service 3.0
RP394: 6/13/2013 6:35:56 PM - Software Distribution Service 3.0
RP395: 6/14/2013 6:00:16 PM - Software Distribution Service 3.0
RP396: 6/14/2013 6:35:48 PM - Software Distribution Service 3.0
RP397: 6/15/2013 6:00:15 PM - Software Distribution Service 3.0
RP398: 6/15/2013 6:36:02 PM - Software Distribution Service 3.0
RP399: 6/16/2013 6:00:15 PM - Software Distribution Service 3.0
RP400: 6/17/2013 8:25:33 AM - Software Distribution Service 3.0
RP401: 6/17/2013 6:00:15 PM - Software Distribution Service 3.0
RP402: 6/18/2013 8:16:49 AM - Software Distribution Service 3.0
RP403: 6/18/2013 6:00:19 PM - Software Distribution Service 3.0
RP404: 6/19/2013 8:15:20 AM - Software Distribution Service 3.0
RP405: 6/19/2013 6:00:15 PM - Software Distribution Service 3.0
RP406: 6/20/2013 3:39:10 PM - Software Distribution Service 3.0
RP407: 6/20/2013 6:00:15 PM - Software Distribution Service 3.0
RP408: 6/21/2013 3:31:11 PM - Software Distribution Service 3.0
RP409: 6/21/2013 6:00:15 PM - Software Distribution Service 3.0
RP410: 6/22/2013 3:29:36 PM - Software Distribution Service 3.0
RP411: 6/22/2013 6:00:19 PM - Software Distribution Service 3.0
RP412: 6/23/2013 1:47:35 AM - Software Distribution Service 3.0
RP413: 6/23/2013 3:29:18 PM - Software Distribution Service 3.0
RP414: 6/23/2013 6:00:15 PM - Software Distribution Service 3.0
RP415: 6/24/2013 3:29:15 PM - Software Distribution Service 3.0
RP416: 6/24/2013 6:00:18 PM - Software Distribution Service 3.0
RP417: 6/25/2013 3:30:05 PM - Software Distribution Service 3.0
RP418: 6/25/2013 6:00:15 PM - Software Distribution Service 3.0
RP419: 6/26/2013 3:29:30 PM - Software Distribution Service 3.0
RP420: 6/26/2013 6:00:16 PM - Software Distribution Service 3.0
RP421: 6/27/2013 3:29:37 PM - Software Distribution Service 3.0
RP422: 6/27/2013 6:00:16 PM - Software Distribution Service 3.0
RP423: 6/28/2013 9:11:50 AM - Removed Java 7 Update 21
RP424: 6/28/2013 9:15:21 AM - Software Distribution Service 3.0
RP425: 6/28/2013 9:24:46 AM - Software Distribution Service 3.0
RP426: 6/28/2013 10:20:07 AM - Removed Java 7 Update 21
RP427: 6/28/2013 6:00:16 PM - Software Distribution Service 3.0
RP428: 6/29/2013 10:33:39 AM - Software Distribution Service 3.0
RP429: 6/29/2013 6:00:15 PM - Software Distribution Service 3.0
RP430: 6/30/2013 2:13:09 AM - Software Distribution Service 3.0
RP431: 6/30/2013 10:33:18 AM - Software Distribution Service 3.0
RP432: 6/30/2013 6:00:15 PM - Software Distribution Service 3.0
RP433: 7/1/2013 10:33:26 AM - Software Distribution Service 3.0
RP434: 7/1/2013 6:00:15 PM - Software Distribution Service 3.0
RP435: 7/2/2013 10:34:53 AM - Software Distribution Service 3.0
RP436: 7/2/2013 6:00:20 PM - Software Distribution Service 3.0
RP437: 7/3/2013 6:00:20 PM - Software Distribution Service 3.0
RP438: 7/4/2013 9:43:26 AM - Software Distribution Service 3.0
RP439: 7/4/2013 6:00:17 PM - Software Distribution Service 3.0
RP440: 7/5/2013 1:21:57 PM - Software Distribution Service 3.0
RP441: 7/5/2013 6:01:14 PM - Software Distribution Service 3.0
RP442: 7/6/2013 1:58:21 PM - Software Distribution Service 3.0
RP443: 7/6/2013 3:32:41 PM - Software Distribution Service 3.0
RP444: 7/6/2013 6:00:15 PM - Software Distribution Service 3.0
RP445: 7/7/2013 2:26:04 AM - Software Distribution Service 3.0
RP446: 7/7/2013 4:56:17 PM - Software Distribution Service 3.0
RP447: 7/7/2013 6:00:15 PM - Software Distribution Service 3.0
RP448: 7/8/2013 4:56:23 PM - Software Distribution Service 3.0
RP449: 7/8/2013 6:00:15 PM - Software Distribution Service 3.0
RP450: 7/9/2013 4:56:55 PM - Software Distribution Service 3.0
RP451: 7/9/2013 6:00:35 PM - Software Distribution Service 3.0
RP452: 7/10/2013 6:00:31 PM - Software Distribution Service 3.0
RP453: 7/10/2013 7:20:38 PM - Software Distribution Service 3.0
RP454: 7/11/2013 6:00:16 PM - Software Distribution Service 3.0
RP455: 7/11/2013 7:20:14 PM - Software Distribution Service 3.0
RP456: 7/12/2013 6:00:20 PM - Software Distribution Service 3.0
RP457: 7/13/2013 7:31:58 AM - Software Distribution Service 3.0
RP458: 7/13/2013 6:00:17 PM - Software Distribution Service 3.0
RP459: 7/14/2013 2:27:37 AM - Software Distribution Service 3.0
RP460: 7/14/2013 7:31:40 AM - Software Distribution Service 3.0
RP461: 7/14/2013 6:00:15 PM - Software Distribution Service 3.0
RP462: 7/15/2013 8:49:18 AM - Software Distribution Service 3.0
RP463: 7/15/2013 6:00:20 PM - Software Distribution Service 3.0
RP464: 7/16/2013 8:50:00 AM - Software Distribution Service 3.0
RP465: 7/16/2013 6:00:16 PM - Software Distribution Service 3.0
RP466: 7/17/2013 3:43:25 PM - Software Distribution Service 3.0
RP467: 7/17/2013 6:00:16 PM - Software Distribution Service 3.0
RP468: 7/18/2013 6:00:55 PM - Software Distribution Service 3.0
RP469: 7/19/2013 9:57:33 AM - Software Distribution Service 3.0
RP470: 7/19/2013 6:02:17 PM - Software Distribution Service 3.0
RP471: 7/19/2013 6:14:49 PM - Software Distribution Service 3.0
RP472: 7/20/2013 6:00:21 PM - Software Distribution Service 3.0
RP473: 7/20/2013 6:12:49 PM - Software Distribution Service 3.0
RP474: 7/21/2013 2:27:03 AM - Software Distribution Service 3.0
RP475: 7/21/2013 6:00:18 PM - Software Distribution Service 3.0
RP476: 7/21/2013 6:13:43 PM - Software Distribution Service 3.0
RP477: 7/22/2013 6:00:15 PM - Software Distribution Service 3.0
RP478: 7/23/2013 2:59:35 PM - Software Distribution Service 3.0
RP479: 7/23/2013 6:00:17 PM - Software Distribution Service 3.0
RP480: 7/24/2013 3:01:55 PM - Software Distribution Service 3.0
RP481: 7/24/2013 6:00:19 PM - Software Distribution Service 3.0
RP482: 7/25/2013 6:00:20 PM - Software Distribution Service 3.0
RP483: 7/26/2013 12:30:50 PM - Software Distribution Service 3.0
RP484: 7/26/2013 6:00:14 PM - Software Distribution Service 3.0
RP485: 7/27/2013 3:01:48 PM - Software Distribution Service 3.0
RP486: 7/27/2013 6:00:15 PM - Software Distribution Service 3.0
RP487: 7/28/2013 2:11:44 AM - Software Distribution Service 3.0
RP488: 7/28/2013 6:33:19 PM - Software Distribution Service 3.0
RP489: 7/29/2013 5:45:05 PM - Software Distribution Service 3.0
RP490: 7/29/2013 5:55:46 PM - Software Distribution Service 3.0
RP491: 7/29/2013 6:00:20 PM - Software Distribution Service 3.0
RP492: 7/29/2013 9:27:17 PM - Software Distribution Service 3.0
RP493: 7/30/2013 6:00:16 PM - Software Distribution Service 3.0
RP494: 7/30/2013 9:39:06 PM - Software Distribution Service 3.0
RP495: 7/31/2013 6:00:15 PM - Software Distribution Service 3.0
RP496: 8/1/2013 12:38:18 PM - Software Distribution Service 3.0
RP497: 8/1/2013 6:00:18 PM - Software Distribution Service 3.0
RP498: 8/2/2013 4:38:32 PM - Software Distribution Service 3.0
RP499: 8/2/2013 6:00:35 PM - Software Distribution Service 3.0
RP500: 8/3/2013 6:00:31 PM - Software Distribution Service 3.0
RP501: 8/3/2013 10:16:29 PM - Software Distribution Service 3.0
RP502: 8/4/2013 6:00:15 PM - Software Distribution Service 3.0
RP503: 8/4/2013 10:28:17 PM - Software Distribution Service 3.0
RP504: 8/5/2013 6:00:17 PM - Software Distribution Service 3.0
RP505: 8/6/2013 8:00:58 AM - Software Distribution Service 3.0
RP506: 8/6/2013 6:00:15 PM - Software Distribution Service 3.0
RP507: 8/6/2013 7:33:32 PM - Installed Java 7 Update 6
RP508: 8/7/2013 6:00:16 PM - Software Distribution Service 3.0
RP509: 8/7/2013 9:54:37 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Adobe Acrobat 6.0 Standard
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
Ask Toolbar Updater
BroadJump Client Foundation
BufferChm
CCleaner
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
CueTour
Customer Experience Enhancement
CustomerResearchQFolder
Data Fax SoftModem with SmartCP
Destinations
Diablo II
Diablo III
Easy Internet Sign-up
eSupportQFolder
F300
F300_Help
Fax_CDA
FileHippo.com Update Checker
Free Download Manager 3.9.2
FullDPAppQFolder
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
GorillaPrice
GPL MPEG-1/2 DirectShow Decoder Filter
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Boot Optimizer
HP Customer Participation Program 7.0
HP DVD Play 2.1
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Assistant
HP Solution Center 7.0
HP Support Overview
HP Update
HP Web Helper
HPPhotoSmartExpress
HPProductAssistant
HpSdpAppCoreApp
InstantShareAlert
InstantShareDevices
InstantShareDevicesMFC
iTunes
Java 7 Update 25
Java 7 Update 6
Java Auto Updater
K-Lite Codec Pack 9.9.0 (Full)
Malwarebytes Anti-Malware version 1.75.0.1300
MapsGalaxy Firefox Toolbar
MapsGalaxy Internet Explorer Toolbar
MapsGalaxy Toolbar
MarketResearch
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Money 2006
Microsoft Office 97, Professional Edition
Microsoft Security Client
Microsoft Security Essentials
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My HP Games
Netscape Browser (remove only)
NewCopy_CDA
NVIDIA Control Panel 301.42
NVIDIA Drivers
NVIDIA Install Application
NVIDIA nView 136.27
NVIDIA Update 1.8.15
NVIDIA Update Components
OptionalContentQFolder
PDFCreator
PhotoGallery
Picture Package Music Transfer
Plants vs. Zombies™
ProductContextNPI
Python 2.2 pywin32 extensions (build 203)
Python 2.2.3
Quicken 2006
QuickTime
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.5
Rhapsody
ROBLOX Player for HP_Owner
ROBLOX Studio 2013 for HP_Owner
Scan
ScannerCopy
Seagate Media Software
SeaTools for Windows
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
SkinsHP1
SlideShow
SlideShowMusic
SolutionCenter
Sonic Express Labeler
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Sonic_PrimoSDK
Sony Picture Utility
SpywareBlaster 4.6
Status
Toolbox
TrayApp
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Installer for WildTangent Games App
Updates from HP (remove only)
VideoConverter
WebFldrs XP
WebReg
WildTangent Games App (HP Games)
WildTangent Web Driver
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell™ 1.0
Windows XP Service Pack 3
Wizard101
WOT for Internet Explorer
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
Yahoo! Toolbar for Internet Explorer
.
==== Event Viewer Messages From Past Week ========
.
8/7/2013 9:14:56 PM, error: Dhcp [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address 001A924093F1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/7/2013 9:06:29 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/7/2013 9:03:06 PM, error: Dhcp [1002]  - The IP address lease 10.0.0.2 for the Network Card with network address 001A924093F1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/7/2013 9:01:36 PM, error: Tcpip [4199]  - The system detected an address conflict for IP address 10.0.0.2 with the system having network hardware address 70:56:81:06:7A:E3. Network operations on this system may be disrupted as a result.
8/7/2013 8:39:08 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.155.1620.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: Default URL  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9700.0  Error code: 0x80040154  Error description: Class not registered
8/7/2013 8:34:05 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
8/7/2013 8:30:13 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AmdK8 Fips MpFilter
8/7/2013 8:29:27 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/7/2013 8:21:29 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.155.1620.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: http://www.microsoft.com  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9700.0  Error code: 0x80072f76  Error description: The requested header was not found
8/7/2013 8:06:51 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  IntelIde ViaIde
8/7/2013 8:00:31 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.155.1620.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: http://www.microsoft.com  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9700.0  Error code: 0x8024402c  Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/7/2013 7:31:20 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.155.1620.0  Update Source: Microsoft Update Server  Update Stage: Search  Source Path: http://www.microsoft.com  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9700.0  Error code: 0x8024402c  Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
8/7/2013 7:12:29 PM, error: Dhcp [1002]  - The IP address lease 10.0.0.6 for the Network Card with network address 001A924093F1 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
8/7/2013 6:01:34 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2804577).
8/7/2013 6:01:13 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2833940).
8/7/2013 6:00:51 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 2.0 SP2 on Windows Server 2003 and Windows XP x86 (KB2844285).
8/7/2013 2:54:16 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.155.1620.0  Update Source: Microsoft Update Server  Update Stage: Download  Source Path: http://www.microsoft.com  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9700.0  Error code: 0x80240022  Error description: The program can't check for definition updates.
8/7/2013 2:54:16 PM, error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.  New Signature Version:   Previous Signature Version: 1.155.1620.0  Update Source: Microsoft Update Server  Update Stage: Download  Source Path: http://www.microsoft.com  Signature Type: AntiVirus  Update Type: Full  User: NT AUTHORITY\SYSTEM  Current Engine Version:   Previous Engine Version: 1.1.9700.0  Error code: 0x80240022  Error description: The program can't check for definition updates.
8/7/2013 2:43:30 PM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the BITS service to connect.
8/7/2013 2:43:30 PM, error: Service Control Manager [7000]  - The BITS service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/7/2013 2:43:29 PM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
8/4/2013 6:03:57 PM, error: Windows Update Agent [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).
8/4/2013 4:17:35 AM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the WZCSVC service.
.
==== End Of File ===========================
 

 

 

 

 

 

 

 



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 08 August 2013 - 12:53 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 08 August 2013 - 05:24 PM

Marius,

 

Thank you for the help.  The log you requested is below.

 

Brett

 

GMER log:

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-08 18:18:53
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 ST3160812AS rev.3.AHL 149.05GB
Running: 2hgei48b.exe; Driver: C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\kwlcrpob.sys

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\Fastfat \Fat  fltmgr.sys

---- EOF - GMER 2.1 ----



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 09 August 2013 - 01:48 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 09 August 2013 - 06:46 AM

Marius,

 

Below is the ComboFix log, as you requested.

 

Brett

 

ComboFix Log:

ComboFix 13-08-07.01 - HP_Owner 08/09/2013   7:31.9.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3006.2651 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
J:\autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-09 to 2013-08-09  )))))))))))))))))))))))))))))))
.
.
2013-08-08 02:11 . 2013-08-08 02:11 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\offreg.dll
2013-08-08 02:11 . 2013-08-08 02:11 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\MpKsldccd6a01.sys
2013-08-08 01:54 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\mpengine.dll
2013-08-06 23:11 . 2013-08-06 23:11 -------- d-----w- c:\windows\system32\Extensions
2013-08-06 23:11 . 2013-08-06 23:11 -------- d-----w- c:\windows\system32\searchplugins
2013-08-06 23:11 . 2013-08-06 23:11 -------- d-----w- c:\program files\Delta
2013-08-06 23:11 . 2013-08-08 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BrowserDefender
2013-08-06 23:10 . 2013-08-06 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2013-08-06 12:01 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-10 23:13 . 2013-07-10 23:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\PCHealth
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 14:20 . 2013-06-28 14:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-28 14:20 . 2013-06-28 14:21 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-28 14:20 . 2012-07-15 17:55 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 14:20 . 2012-01-23 04:22 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 03:55 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 11:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 11:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 11:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-21 23:59 . 2013-05-15 01:08 13566 ----a-w- C:\FixitRegBackup.reg
2013-05-19 22:29 . 2010-09-07 19:39 150392 ----a-w- C:\junction.exe
2013-05-13 21:28 . 2012-05-28 14:54 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-13 21:28 . 2012-03-03 22:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-03-31 1520776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-29 39408]
"GorillaPrice"="c:\program files\GorillaPrice\GorillaPrice.exe" [2013-07-14 805888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-03-31 1646216]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-27 180269]
"GorillaPrice"="c:\program files\GorillaPrice\GorillaPrice.exe" [2013-07-14 805888]
"MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\2.bin\39brmon.exe" [2013-08-06 30096]
"MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\2.bin\39srchmn.exe" [2013-08-06 44784]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2/23/2013 10:20 PM 45288]
S0 ruek;ruek;c:\windows\system32\drivers\pxvqk.sys --> c:\windows\system32\drivers\pxvqk.sys [?]
S1 agxihlko;agxihlko;\??\c:\windows\system32\drivers\agxihlko.sys --> c:\windows\system32\drivers\agxihlko.sys [?]
S1 hyrqqqkn;hyrqqqkn;\??\c:\windows\system32\drivers\hyrqqqkn.sys --> c:\windows\system32\drivers\hyrqqqkn.sys [?]
S1 kzyvokcb;kzyvokcb;\??\c:\windows\system32\drivers\kzyvokcb.sys --> c:\windows\system32\drivers\kzyvokcb.sys [?]
S1 MpKsldccd6a01;MpKsldccd6a01;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\MpKsldccd6a01.sys [8/7/2013 10:11 PM 29904]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [6/15/2012 9:59 PM 24328]
S2 FreeAgentTheater Service;Seagate Media;c:\program files\Seagate\Seagate_Media\Sync\MediaAggreService.exe [12/20/2012 4:13 PM 237248]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2012 11:15 AM 136176]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\2.bin\39barsvc.exe [8/6/2013 7:23 PM 42504]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 --> c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2012 11:15 AM 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/16/2013 8:02 PM 27064]
S4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 1:59 PM 206072]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [9/3/2010 2:45 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MDMXSDK
*Deregistered* - kwlcrpob
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 22:07 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 21:28]
.
2013-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:14]
.
2013-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:14]
.
2013-08-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-08-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2013-03-31 18:57]
.
2013-08-08 c:\windows\Tasks\User_Feed_Synchronization-{C133C753-E9D3-4FD9-A743-3F3603EC1EC1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 10.0.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-09 07:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-08-09  07:42:32
ComboFix-quarantined-files.txt  2013-08-09 11:42
ComboFix2.txt  2013-08-08 01:49
ComboFix3.txt  2013-05-15 03:44
ComboFix4.txt  2013-05-15 03:07
ComboFix5.txt  2013-08-09 11:29
.
Pre-Run: 75,939,950,592 bytes free
Post-Run: 75,936,141,312 bytes free
.
- - End Of File - - C0A09389E5E1F3D832767D06A09248C9
8F558EB6672622401DA993E1E865C861
 



#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 09 August 2013 - 07:46 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 10 August 2013 - 08:06 AM

Marius,

 

I ran both Combofix and MB per your instructions above.  Many threats were found with the MB scan and I removed them per your instructions.  Still seeing odd behavior on the pc, so I don't believe I am out of the woods yet. The combo fix and MB logs are listed below.

 

Brett

 

Combofix Log:

ComboFix 13-08-09.02 - HP_Owner 08/09/2013  17:58:16.10.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.3006.2607 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
FILE ::
"c:\windows\Tasks\Scheduled Update for Ask Toolbar.job"
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Babylon
c:\documents and settings\All Users\Application Data\BrowserDefender
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\precache.exe
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\Updater\config.xml
c:\program files\Ask.com\Updater\Updater.exe
c:\program files\Ask.com\UpdateTask.exe
c:\program files\Delta
c:\program files\GorillaPrice
c:\program files\GorillaPrice\{a131ab52-77f3-4bd7-acc7-e2dfdfd298f0}.xpi
c:\program files\GorillaPrice\config.dat
c:\program files\GorillaPrice\GorillaPrice.exe
c:\program files\GorillaPrice\GPHelper.dll
c:\program files\GorillaPrice\uninstall.exe
c:\windows\system32\Extensions
c:\windows\system32\searchplugins
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_agxihlko
-------\Service_hyrqqqkn
-------\Service_kzyvokcb
-------\Service_ruek
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-09 to 2013-08-09  )))))))))))))))))))))))))))))))
.
.
2013-08-09 22:07 . 2013-08-09 22:07 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\MpKsl728eab36.sys
2013-08-08 02:11 . 2013-08-08 02:11 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\offreg.dll
2013-08-08 02:11 . 2013-08-08 02:11 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\MpKsldccd6a01.sys
2013-08-08 01:54 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\mpengine.dll
2013-08-06 23:35 . 2013-08-06 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
2013-08-06 23:35 . 2013-08-06 23:35 -------- d-----w- c:\program files\McAfee Security Scan
2013-08-06 23:24 . 2013-08-06 23:24 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\IAC
2013-08-06 23:24 . 2013-08-06 23:25 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\MapsGalaxy_39
2013-08-06 23:23 . 2013-08-06 23:23 -------- d-----w- c:\program files\MapsGalaxy_39
2013-08-06 23:13 . 2013-08-07 23:17 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Open Download Manager
2013-08-06 23:12 . 2013-08-06 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\GorillaPrice
2013-08-06 23:12 . 2013-08-08 00:05 -------- d-----w- c:\documents and settings\HP_Owner\Application Data\Web Cake
2013-08-06 12:01 . 2013-07-02 06:54 7143960 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-10 23:13 . 2013-07-10 23:13 -------- d-----w- c:\documents and settings\HP_Owner\Local Settings\Application Data\PCHealth
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 14:20 . 2013-06-28 14:20 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-28 14:20 . 2013-06-28 14:21 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-06-28 14:20 . 2012-07-15 17:55 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 14:20 . 2012-01-23 04:22 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-08 03:55 . 2004-08-04 11:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2004-08-04 11:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2004-08-04 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2004-08-04 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2004-08-04 11:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 11:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-21 23:59 . 2013-05-15 01:08 13566 ----a-w- C:\FixitRegBackup.reg
2013-05-19 22:29 . 2010-09-07 19:39 150392 ----a-w- C:\junction.exe
2013-05-13 21:28 . 2012-05-28 14:54 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-13 21:28 . 2012-03-03 22:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-29 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2012-07-13 384232]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-01-27 180269]
"MapsGalaxy_39 Browser Plugin Loader"="c:\progra~1\MAPSGA~2\bar\2.bin\39brmon.exe" [2013-08-06 30096]
"MapsGalaxy Search Scope Monitor"="c:\progra~1\MAPSGA~2\bar\2.bin\39srchmn.exe" [2013-08-06 44784]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
.
R1 MpKsl728eab36;MpKsl728eab36;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C85FFE76-5679-44C9-B9D2-7115677B78D6}\MpKsl728eab36.sys [8/9/2013 6:07 PM 29904]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [6/15/2012 9:59 PM 24328]
R2 FreeAgentTheater Service;Seagate Media;c:\program files\Seagate\Seagate_Media\Sync\MediaAggreService.exe [12/20/2012 4:13 PM 237248]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys [2/23/2013 10:20 PM 45288]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2012 11:15 AM 136176]
S2 MapsGalaxy_39Service;MapsGalaxyService;c:\progra~1\MAPSGA~2\bar\2.bin\39barsvc.exe [8/6/2013 7:23 PM 42504]
S3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 --> c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32 [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2012 11:15 AM 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [5/16/2013 8:02 PM 27064]
S4 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [10/12/2010 1:59 PM 206072]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.1.121\McCHSvc.exe [9/3/2010 2:45 AM 227232]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL728EAB36
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 22:07 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-28 21:28]
.
2013-08-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:14]
.
2013-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-01-29 15:14]
.
2013-08-09 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 16:11]
.
2013-08-09 c:\windows\Tasks\User_Feed_Synchronization-{C133C753-E9D3-4FD9-A743-3F3603EC1EC1}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://m.yahoo.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PAVILION&pf=desktop
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
TCP: DhcpNameServer = 10.0.0.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
AddRemove-GorillaPrice - c:\program files\GorillaPrice\uninstall.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files\Ask.com\Updater\Updater.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-09 18:07
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AIDA64Driver]
"ImagePath"="\??\c:\documents and settings\HP_Owner\Desktop\aida64extreme250\kerneld.x32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(568)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\MAPSGA~2\bar\2.bin\39brstub.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Seagate\Seagate_Media\Sync\MediaSync.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\msiexec.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2013-08-09  18:19:19 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-09 22:19
ComboFix2.txt  2013-08-09 11:42
ComboFix3.txt  2013-08-08 01:49
ComboFix4.txt  2013-05-15 03:44
ComboFix5.txt  2013-08-09 21:56
.
Pre-Run: 75,940,098,048 bytes free
Post-Run: 72,726,839,296 bytes free
.
- - End Of File - - B52CCEB5486083ABB91AD5C77D10DE76
8F558EB6672622401DA993E1E865C861
 

Malware Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.07.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Owner :: YOUNGSPC [administrator]

8/9/2013 6:31:23 PM
mbam-log-2013-08-09 (18-31-23).txt

Scan type: Full scan (C:\|D:\|J:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 511051
Time elapsed: 5 hour(s), 40 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 25
C:\Qoobox\Quarantine\C\Program Files\GetLyrics\GetLyricsUPD.exe.vir (PUP.LyricsAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP333\A0060018.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP333\A0060019.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP333\A0060083.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP333\A0060084.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP333\A0060132.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP333\A0060133.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP333\A0060168.msi (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP334\A0060646.exe (PUP.LyricsAd) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068146.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068147.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068158.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068159.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068160.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068161.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068163.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069209.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069212.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069213.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069214.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069215.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069217.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069216.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069359.dll (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP508\A0069360.exe (PUP.Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

(end)



#8 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 12 August 2013 - 03:35 AM

Looks good! :)

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#9 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 12 August 2013 - 06:41 AM

Marius,

It appears that the ESET scanner is being blocked, somehow. I received the Unexpected Error 2002 as it was downloading the signature database. I am not able to proceed with this scanner.

Brett

#10 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 12 August 2013 - 07:39 AM

Please try it on another browser.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#11 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 12 August 2013 - 07:41 AM

Ok, I will, but will not be able to until this evening.   

 

Also, in terms of symptoms, I am seeing this Delta Search page come up whenever I click to open a new tab.  Just FYI.  I will post the results(hopefully) this evening.

 

Brett



#12 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 12 August 2013 - 07:26 PM

I was able to get ESET to run and the log is below. Many threats were found. Note, I did NOT remove them via ESET as you requested. Thanks.

Brett

C:\Program Files\MapsGalaxy_39\bar\2.bin\39datact.dll a variant of Win32/Toolbar.MyWebSearch.A application
C:\Program Files\MapsGalaxy_39\bar\2.bin\39htmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application
C:\Program Files\MapsGalaxy_39\bar\2.bin\39ieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files\MapsGalaxy_39\bar\2.bin\39Plugin.dll probably a variant of Win32/Toolbar.MyWebSearch application
C:\Program Files\MapsGalaxy_39\bar\2.bin\39skin.dll a variant of Win32/Toolbar.MyWebSearch.P application
C:\Program Files\MapsGalaxy_39\bar\2.bin\NP39Stub.dll Win32/Toolbar.MyWebSearch.T application
C:\Program Files\MapsGalaxy_39\bar\2.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application
C:\Qoobox\Quarantine\C\Program Files\GetLyrics\FF\chrome\content\main.js.vir Win32/Adware.AddLyrics.F application
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP341\A0061303.exe Win32/DownloadAdmin.G application
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP341\A0061304.exe a variant of Win32/Toolbar.CrossRider.C application
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068148.exe a variant of Win32/Toolbar.MyWebSearch.O application
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068150.dll Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068151.dll probably a variant of Win32/Toolbar.MyWebSearch.Q application
C:\System Volume Information\_restore{00EFF98B-5705-4D9A-BA78-7681A60AFB54}\RP507\A0068152.dll Win32/Toolbar.MyWebSearch application
Operating memory probably a variant of Win32/Toolbar.MyWebSearch.P application

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 13 August 2013 - 04:04 AM

Those "findings" will be removed during our cleanup.

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe.
  • Hit delete.
  • When the run is finished, it will open up a text file.
  • Please post its contents within your next reply.
  • You´ll find the log file at C:\AdwCleaner[S1].txt also.


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Brett998866

Brett998866
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Local time:07:12 PM

Posted 13 August 2013 - 06:34 AM

Thanks. Here are the logs for Security Check and ADW. Brett

Security Check Log:
Results of screen317's Security Check version 0.99.72
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee Security Scan Plus
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Java 7 Update 6
Java 7 Update 25
Adobe Flash Player 11.7.700.169
Adobe Reader XI
Mozilla Firefox (Toolbar.)
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````


ADW LOG:
# AdwCleaner v2.306 - Logfile created 08/13/2013 at 07:23:28
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Owner - YOUNGSPC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\T004YP7T\adwcleaner[1].exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fdkednngfjmpnljkolbapdednncafhen
Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn
Deleted on reboot : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kimdndlhnimhdcchmglaendkednpejjn
File Deleted : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\bprotectorpreferences
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\HP_Owner\Application Data\mapsgalaxy_39
Folder Deleted : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\iac
Folder Deleted : C:\Documents and Settings\HP_Owner\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Program Files\mapsgalaxy_39
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\52ed8dfe239ec12
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKCU\Software\Google\Chrome\Extensions\kimdndlhnimhdcchmglaendkednpejjn
Key Deleted : HKCU\Software\MapsGalaxy_39
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\52ed8dfe239ec12
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7169BBB3-3289-4696-B35D-4A88BCF6FB12}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF0118D4-63FF-4138-9327-F3028FB1A578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdkednngfjmpnljkolbapdednncafhen
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kimdndlhnimhdcchmglaendkednpejjn
Key Deleted : HKLM\Software\MapsGalaxy_39
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta Chrome Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [MapsGalaxy Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=9866001A924093F1&affID=123485&tt=080613_wc1&tsp=4966 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - bProtectTabs] = hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=9866001A924093F1&affID=123485&tt=080613_wc1&tsp=4966 --> hxxp://www.google.com

-\\ Google Chrome v28.0.1500.95

File : C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.21] : icon_url = "hxxp://www.delta-search.com/favicon.ico",
Deleted [l.24] : keyword = "delta-search.com",
Deleted [l.28] : search_url = "hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=9866001A92409[...]
Deleted [l.401] : homepage = "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=9866001A924093F1&affID=123485&tt=0[...]
Deleted [l.617] : urls_to_restore_on_startup = [ "hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=9866001A924[...]

*************************

AdwCleaner[R1].txt - [21345 octets] - [13/05/2013 23:57:45]
AdwCleaner[S1].txt - [21736 octets] - [13/05/2013 23:58:01]
AdwCleaner[S2].txt - [1734 octets] - [14/05/2013 22:24:57]
AdwCleaner[S3].txt - [14508 octets] - [13/08/2013 07:23:28]

########## EOF - C:\AdwCleaner[S3].txt - [14569 octets] ##########

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:12 AM

Posted 13 August 2013 - 10:27 AM

Then your system is clean!

 

Please uninstall Java 7 Update 6.

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.

 

 

 

How to protect yourself

  • System Updates
    Beeing up to date is very important. Please be sure to activate automatic updates in your control panel.
    Windows XP | Windows Vista |
    Windows 7 | windows 8
  • Protection
    What you need is one (not more) good virus scanner with backgroud protection. Additionally I recommend a special malwarescanner that you run from time to time.
    Personally I am using the avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer you good protection for free use. But please remember: You get only the full protection if you use the payed versions of your security software.
  • Up to date Software
    Stay up to date with all the programs you use. Some of those really have to have an eye on are: your browser(s) including add-ons and plug-ins, Java, Flash Player, your virus scanner, and basically every software you use often. These link may help you to check:
  • Backups
    There are chances for an emergency every day. So be prepared. Back up your data on a regular basis. If you burn it to DVDs from time to time, use a cloud-drive or a professional network backup system is your choice.
  • Brains
    It's no joke! You really need one of those things. :) It is very important not just to click anywhere it is colored or flashing while you surfing on the web. Do not click an OK button on any popping window without reading what it says. While installing software always choose the custom mode, read what those windows says and uncheck adware that will be installed along the software you want.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users