Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Desperate man at the end of his tether!


  • Please log in to reply
7 replies to this topic

#1 Neilthebeard

Neilthebeard

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yorkshire, England
  • Local time:03:16 AM

Posted 11 September 2013 - 02:28 PM

Please can anyone help! I seem to have picked something up on my computer that diverts me to a website everytime I try to download from a file sharing website.

I have tried all sorts of things to remove this and am now running out of ideas.

The page comes up with a banner at the top saying "sharesuper". Further down the page it goes on to say "Ezdownloaderpro is a smart way to" etc...

I downloaded Malwarebytes Anti-malware from bleeping computer which stops the page from starting up.

When this page is blocked the bottom left corner of the screen displays "waiting for lp.ncdownloader.com".

I have googled Ezdownloaderpro, Sharesuper and lp.ncdownloader and have had no joy.

I have right clicked the screen when this page appears and clicked to "view page info" from this I found IP addresses but don't know if this would help.

I have run AVG FREE which found nothing.

I have downloaded, paid for and registered Reg Cure which has not solved this.

I have used Auslogics boost speed 6 and all the tools included all to no avail.

I have tried ccleaner, Adwcleaner and Rkill and various other programmes and none have stopped this.

I have even clean installed Windows XP 4 times including formatting C:/ and still the problem persists.

PLEASE, PLEASE, PLEASE can someone offer some advice?



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:16 PM

Posted 16 September 2013 - 10:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

Download DDS by sUBs from one of the following links, if you no longer have it available. Save it to your desktop.

1: DDS.scr (Not recommended if you use Chrome to download this .scr file. Use the other options.)
2: DDS.pif
3: DDS.COM

Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

dds_scr.gif

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 Neilthebeard

Neilthebeard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yorkshire, England
  • Local time:03:16 AM

Posted 18 September 2013 - 02:27 PM

Thank you very much for your time, effort and help with this Nasdaq.

Below are the logs as requested.

 

RogueKiller pre delete:

 

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Neil [Admin rights]
Mode : Scan -- Date : 09/18/2013 19:47:18
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - HITACHI HUA721010KLA330 +++++
--- User ---
[MBR] db2a65bdbd0cff7d3af246c0f2a862a9
[BSP] 3e2206860096b8287f5ef2ddacd5b726 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_09182013_194718.txt >>
 
 
 
 

RogueKiller post delete:

 

RogueKiller V8.6.12 [Sep 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Neil [Admin rights]
Mode : Remove -- Date : 09/18/2013 19:47:31
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 1 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - HITACHI HUA721010KLA330 +++++
--- User ---
[MBR] db2a65bdbd0cff7d3af246c0f2a862a9
[BSP] 3e2206860096b8287f5ef2ddacd5b726 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_09182013_194731.txt >>
RKreport[0]_S_09182013_194718.txt
 
 
 

AdwCleaner:

 

# AdwCleaner v3.004 - Report created 18/09/2013 at 19:49:16
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Neil - NEIL-B37EE685B8
# Running from : C:\Documents and Settings\Neil\My Documents\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [799 octets] - [18/09/2013 19:49:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [858 octets] ##########
 

AdwCleaner after cleaning:

 

# AdwCleaner v3.004 - Report created 18/09/2013 at 19:51:11
# Updated 15/09/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Neil - NEIL-B37EE685B8
# Running from : C:\Documents and Settings\Neil\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Documents and Settings\Neil\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [937 octets] - [18/09/2013 19:49:16]
AdwCleaner[S0].txt - [861 octets] - [18/09/2013 19:51:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [920 octets] ##########
 

Junkware removal tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Microsoft Windows XP x86
Ran by Neil on 18/09/2013 at 19:56:37.62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18/09/2013 at 20:01:18.89
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

DDS logs:

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Neil at 20:02:49 on 2013-09-18
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.2021.1330 [GMT 1:00]
.
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled* 
.
============== Running Processes ================
.
C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\AVG\AVG2014\avgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG2014\avgfws.exe
C:\Program Files\AVG\AVG2014\avgwdsvc.exe
C:\WINDOWS\system32\IProsetMonitor.exe
C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wpabaln.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASC.exe
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - c:\program files\secure speed dial\ie\SpeedDial.dll
BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare 6\browerprotect\ASCPlugin_Protection.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [EPSON SX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiede.exe /fu "c:\windows\temp\E_SC1.tmp" /EF "HKCU"
mRun: [AVG_UI] "c:\program files\avg\avg2014\avgui.exe" /TRAYONLY
mRun: [IObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{B27DDA2D-6970-427B-968F-2A4E366F7102} : DHCPNameServer = 192.168.0.1
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\29.0.1547.66\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2013-8-22 146232]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2013-8-22 223032]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2013-8-20 102200]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2013-8-1 26936]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-9-14 14776]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [2013-8-1 120120]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2013-8-22 209208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2013-8-22 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2013-8-1 193848]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare 6\ASCService.exe [2013-9-14 574272]
R2 avgfws;AVG Firewall;c:\program files\avg\avg2014\avgfws.exe [2013-8-26 1358432]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2014\avgwdsvc.exe [2013-8-20 300640]
R2 IMFservice;IMF Service;c:\program files\iobit\iobit malware fighter\IMFsrv.exe [2013-9-14 335168]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [2013-4-5 121600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2013-9-14 247968]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-23 44800]
R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2013-9-14 31520]
R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2013-9-14 17360]
S0 cerc6;cerc6; [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2013-8-1 22840]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2014\avgidsagent.exe [2013-8-27 3534896]
S2 SecureUpdateSvc;SecureUpdate;c:\program files\secure speed dial\ie\SecureUpdate.exe [2013-9-14 2298704]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2012-1-12 30944]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-9-14 48728]
.
=============== Created Last 30 ================
.
2013-09-18 18:56:36 -------- d-----w- c:\windows\ERUNT
2013-09-18 18:48:49 -------- d-----w- C:\AdwCleaner
2013-09-17 19:55:23 -------- d-----w- c:\documents and settings\neil\local settings\application data\Adobe
2013-09-17 19:41:28 80024 ----a-w- c:\windows\system32\PICSDK.dll
2013-09-17 19:41:28 71840 ----a-w- c:\windows\system32\EPPicMgr.dll
2013-09-17 19:41:28 501912 ----a-w- c:\windows\system32\PICSDK2.dll
2013-09-17 19:41:28 120992 ----a-w- c:\windows\system32\EpPicPrt.dll
2013-09-17 19:41:28 108704 ----a-w- c:\windows\system32\PICEntry.dll
2013-09-17 19:40:12 8192 ----a-w- c:\windows\system32\E_DCINST.DLL
2013-09-17 19:40:11 86528 ----a-w- c:\windows\system32\E_FLBEDE.DLL
2013-09-17 19:40:11 78848 ----a-w- c:\windows\system32\E_FD4BEDE.DLL
2013-09-17 19:38:48 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2013-09-17 19:38:48 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2013-09-17 19:37:21 -------- d-----w- c:\documents and settings\all users\application data\EPSON
2013-09-17 19:35:03 -------- d-sh--w- c:\documents and settings\neil\PrivacIE
2013-09-17 19:33:36 -------- d-----w- c:\documents and settings\neil\local settings\application data\DriverTuner
2013-09-15 17:59:30 265728 -c----w- c:\windows\system32\dllcache\http.sys
2013-09-15 17:50:56 -------- d-sh--w- c:\documents and settings\neil\IETldCache
2013-09-15 08:56:46 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2013-09-15 08:56:08 6144 -c----w- c:\windows\system32\dllcache\iecompat.dll
2013-09-15 08:55:49 -------- d-----w- c:\windows\ie8updates
2013-09-15 08:55:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2013-09-15 08:55:44 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2013-09-15 08:55:44 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-09-15 08:55:44 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-09-15 08:55:44 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2013-09-15 08:55:44 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-09-15 08:55:44 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
2013-09-15 08:54:47 -------- dc-h--w- c:\windows\ie8
2013-09-15 07:22:00 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2013-09-15 07:22:00 272128 ------w- c:\windows\system32\drivers\bthport.sys
2013-09-15 07:20:41 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2013-09-15 07:15:01 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-09-15 07:13:42 293376 ------w- c:\windows\system32\browserchoice.exe
2013-09-15 07:12:23 2149888 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2013-09-15 07:12:22 2193536 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2013-09-15 07:12:20 2028544 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2013-09-15 07:12:19 2070144 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2013-09-15 07:12:16 6144 ----a-w- c:\windows\system32\xpsp4res.dll
2013-09-15 07:11:44 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-09-15 07:11:44 3072 ------w- c:\windows\system32\iacenc.dll
2013-09-14 20:34:23 -------- d-----w- c:\documents and settings\neil\local settings\application data\Identities
2013-09-14 20:28:10 23360 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2013-09-14 17:43:41 -------- d-----w- c:\windows\system32\PreInstall
2013-09-14 17:43:40 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2013-09-14 17:43:39 -------- d--h--w- c:\windows\$hf_mig$
2013-09-14 17:26:13 -------- d-----w- c:\windows\system32\appmgmt
2013-09-14 17:17:14 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2013-09-14 16:58:56 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-09-14 16:56:13 -------- d-----w- c:\windows\system32\SoftwareDistribution
2013-09-14 16:45:06 48728 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
==================== Find3M  ====================
.
2013-08-22 22:37:18 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-08-22 21:56:56 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-08-22 21:56:16 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-22 21:56:16 146232 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-08-15 16:31:14 268968 ----a-w- c:\windows\system32\sqlite3.dll
2013-08-09 01:56:45 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05:59 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05:59 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05:59 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05:58 18944 ------w- c:\windows\system32\corpol.dll
2013-08-08 01:27:48 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02:34 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30:32 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-01 15:08:52 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 15:06:40 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-08-01 15:06:14 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-08-01 15:05:58 26936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-31 14:11:22 810496 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-10 10:37:53 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 20:08:36.93 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 14/09/2013 12:48:56
System Uptime: 18/09/2013 19:52:01 (1 hours ago)
.
Motherboard: Hewlett-Packard |  | 2820h
Processor: Intel Pentium III Xeon processor | XU1 PROCESSOR | 2660/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 924.487 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_29D2&SUBSYS_281E103C&REV_02\3&B1BFB68&0&10
Manufacturer: 
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_29D2&SUBSYS_281E103C&REV_02\3&B1BFB68&0&10
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_8086&DEV_29D4&SUBSYS_281E103C&REV_02\3&B1BFB68&0&18
Manufacturer: 
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_8086&DEV_29D4&SUBSYS_281E103C&REV_02\3&B1BFB68&0&18
Service: 
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1884&SUBSYS_103C281E&REV_1001\4&2D9F5967&0&0001
Manufacturer: 
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1884&SUBSYS_103C281E&REV_1001\4&2D9F5967&0&0001
Service: 
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&1E368A7A&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&1E368A7A&0
Service: i8042prt
.
Class GUID: {4D36E96B-E325-11CE-BFC1-08002BE10318}
Description: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
Device ID: ACPI\PNP0303\4&1E368A7A&0
Manufacturer: (Standard keyboards)
Name: Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&1E368A7A&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1: 14/09/2013 17:59:08 - System Checkpoint
RP2: 14/09/2013 18:16:56 - Installed Sophos Virus Removal Tool.
RP3: 14/09/2013 18:25:53 - Removed Sophos Virus Removal Tool.
RP4: 14/09/2013 18:43:38 - Software Distribution Service 3.0
RP5: 14/09/2013 21:44:27 - Software Distribution Service 3.0
RP6: 15/09/2013 09:44:57 - Software Distribution Service 3.0
RP7: 15/09/2013 18:55:36 - Installed Windows XP KB892130.
RP8: 15/09/2013 18:57:57 - Installed Windows XP WgaNotify.
RP9: 15/09/2013 18:59:19 - Installed %1 %2.
RP10: 15/09/2013 18:59:48 - Installed Windows XP KB970430.
RP11: 15/09/2013 19:00:15 - Installed Windows XP KB2345886.
RP12: 15/09/2013 19:00:40 - Installed Windows XP KB2510531.
RP13: 15/09/2013 19:01:07 - Installed Windows XP KB2492386.
RP14: 15/09/2013 19:01:49 - Installed Windows XP KB2632503.
RP15: 15/09/2013 19:02:15 - Installed Windows XP KB2808679.
RP16: 17/09/2013 20:14:30 - System Checkpoint
RP17: 17/09/2013 20:40:08 - Unsigned printer driver EPSON SX100 Series installed.
.
==== Installed Programs ======================
.
AccelerateTab
Advanced SystemCare 6
AVG 2014
Embedded Security for HP ProtectTools Driver
EPSON SX100 Series Printer Uninstall
Google Chrome
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Intel® Network Connections 18.3.62.0
IObit Malware Fighter
Microsoft Base Smart Card Cryptographic Service Provider Package
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2870699)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876315)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Smart Defrag 2
SUPERAntiSpyware
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2808679)
Update for Windows XP (KB2863058)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VC_CRT_x86
Visual Studio 2012 x86 Redistributables
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
.
==== Event Viewer Messages From Past Week ========
.
17/09/2013 20:57:46, error: Service Control Manager [7000]  - The AVGIDSShim service failed to start due to the following error:  The specified driver is invalid.
15/09/2013 09:00:05, error: Service Control Manager [7034]  - The SecureUpdate service terminated unexpectedly.  It has done this 1 time(s).
15/09/2013 08:59:03, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AVGIDSShim i8042prt
15/09/2013 08:06:55, error: Service Control Manager [7000]  - The SASKUTIL service failed to start due to the following error:  The specified driver is invalid.
15/09/2013 08:06:42, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AVGIDSShim i8042prt SASKUTIL
14/09/2013 17:58:44, error: Service Control Manager [7034]  - The AdvancedSystemCareAntivirus service terminated unexpectedly.  It has done this 1 time(s).
14/09/2013 17:55:12, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt
14/09/2013 12:59:51, error: Service Control Manager [7024]  - The AVG Firewall service terminated with service-specific error 3758162007 (0xE0010057).
.
==== End Of File ===========================
 

Security Check log:

 

 Results of screen317's Security Check version 0.99.73  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Please wait while WMIC is being installed.d 
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
ECHO is off.
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 0% 
````````````````````End of Log`````````````````````` 
 

The issue seems to be solved! I will try again later and let you know.

Again, thank you so much for your help with this matter.

 

P.S. Sorry the post is so long.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:16 PM

Posted 19 September 2013 - 09:43 AM

Lets continue.

Did you installed this Secure Speed Dial?
BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - c:\program files\secure speed dial\ie\SpeedDial.dll
S2 SecureUpdateSvc;SecureUpdate;c:\program files\secure speed dial\ie\SecureUpdate.exe


Read this and let me know if you want to keep it.
http://www.systemlookup.com/CLSID/78737-SpeedDial_dll_SPEEDD_1_DLL.html

===

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#5 Neilthebeard

Neilthebeard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yorkshire, England
  • Local time:03:16 AM

Posted 21 September 2013 - 09:10 AM

Hi again Nasdaq,

 

Contrary to what I posted last time the problem does still exist.

The sharesuper/Ezdownloaderpro window no longer opens but "installer for summersoft" still downloads.

As far as I'm aware I have not installed:

BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - c:\program files\secure speed dial\ie\SpeedDial.dll
S2 SecureUpdateSvc;SecureUpdate;c:\program files\secure speed dial\ie\SecureUpdate.exe

 

After reading the link you posted I would like to remove this.

 

Below are the logs as requested.

 

Combofix:

ComboFix 13-09-19.01 - Neil 21/09/2013  14:43:08.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.2021.1484 [GMT 1:00]
Running from: c:\documents and settings\Neil\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Neil\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-21 to 2013-09-21  )))))))))))))))))))))))))))))))
.
.
2013-09-18 18:48 . 2013-09-18 18:51 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 21:54 . 2013-08-20 21:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-09 01:56 . 2008-04-14 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-14 12:00 18944 ------w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-14 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-14 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-01 15:08 . 2013-08-01 15:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 15:06 . 2013-08-01 15:06 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-08-01 15:06 . 2013-08-01 15:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-08-01 15:05 . 2013-08-01 15:05 26936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-31 14:11 . 2008-04-14 12:00 810496 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-10 10:37 . 2008-04-14 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2013-08-16 1549120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [22/08/2013 22:56 146232]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [22/08/2013 22:56 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [01/08/2013 16:05 26936]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [14/09/2013 13:43 14776]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 16:06 120120]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/08/2013 22:56 209208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/08/2013 23:37 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [01/08/2013 16:08 193848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23/05/2013 21:11 119056]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [14/09/2013 17:58 574272]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [26/08/2013 17:30 1358432]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [20/08/2013 23:42 300640]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [14/09/2013 13:30 335168]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [05/04/2013 03:53 121600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 19:52 30944]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/07/2008 11:31 44800]
R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [14/09/2013 13:30 31520]
R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [14/09/2013 13:30 17360]
S0 cerc6;cerc6; [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [01/08/2013 16:06 22840]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [27/08/2013 07:56 3534896]
S2 SecureUpdateSvc;SecureUpdate;c:\program files\Secure Speed Dial\IE\SecureUpdate.exe [14/09/2013 13:31 2298704]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 19:52 30944]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [14/09/2013 17:45 48728]
S4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [14/09/2013 13:30 247968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-14 12:10 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-14 12:09]
.
2013-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-14 12:09]
.
2013-09-21 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-09-14 17:49]
.
2013-09-21 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-14 09:31]
.
2013-09-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 54b83a4c-d08e-4755-aae7-bbe33da1f1ca.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-09-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f9be7d65-e85b-420d-b3e1-83c3465f149e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-21 14:44
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2013-09-21  14:45:49
ComboFix-quarantined-files.txt  2013-09-21 13:45
.
Pre-Run: 992,529,829,888 bytes free
Post-Run: 992,499,765,248 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 084B586BEAA10BEEA248B0EBA3828481
8F558EB6672622401DA993E1E865C861
 

Security Check:

 Results of screen317's Security Check version 0.99.73  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
AVG Internet Security 2014   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 SUPERAntiSpyware     
 Google Chrome 29.0.1547.66  
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
 AVG avgrsx.exe 
 AVG avgnsx.exe 
 AVG avgemc.exe 
 IObit IObit Malware Fighter IMFsrv.exe  
 IObit IObit Malware Fighter IMF.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 0% 
````````````````````End of Log`````````````````````` 
 

Thanks.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:16 PM

Posted 21 September 2013 - 10:27 AM



Open notepad and copy/paste the text in the quote box below into it:

DDS::
BHO: AccelerateTab: {48A789BF-F6D6-4930-9C8B-77855A63EDE1} - c:\program files\secure speed dial\ie\SpeedDial.dll

Folder::
c:\program files\Secure Speed Dial

Driver::
SecureUpdateSvc

ClearJavaCache::
Save this as CFScript.txt on your desktop.

CFScriptB-4.gif

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
===

If still being prompted to install summersoft execute this.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    summersoft
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.[/*
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.




#7 Neilthebeard

Neilthebeard
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Yorkshire, England
  • Local time:03:16 AM

Posted 22 September 2013 - 05:25 AM

Hi again,

 

The problem still exists after the above steps.

Out of curiosity I tried the same download on my laptop and the same happens on that.

I am now thinking is it possible that something could have been linked to my I.P. address or router as the laptop is a wireless connection.

 

Below are the logs requested.

 

Combofix:

ComboFix 13-09-19.01 - Neil 22/09/2013  11:06:15.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.2021.1375 [GMT 1:00]
Running from: c:\documents and settings\Neil\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Neil\Desktop\CFScript.txt
AV: AVG Internet Security 2014 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Internet Security 2014 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Neil\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
c:\program files\Secure Speed Dial
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ar\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\bg\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\bn\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ca\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\cs\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\da\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\de\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\el\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\en-US\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\en\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\en_GB\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\es\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\es_419\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\et\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\fa\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\fi\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\fil\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\fr\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\gu\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\he\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\hi\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\hr\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\hu\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\id\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\it\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ja\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\kn\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ko\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\lt\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\lv\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ms\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\nl\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\no\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\pl\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\pt_BR\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\pt_PT\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ro\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ru\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sk\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sl\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sr\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sv\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\sw\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\ta\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\te\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\th\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\tr\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\uk\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\vi\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\zh_CN\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\_locales\zh_TW\messages.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\background.html
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\background\attribution.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\background\background.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\cache\amazon.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\cache\webstore.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\cache\welcome.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\CHANGLOG
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\css\style.css
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\dll\NPIdentityGen.dll
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\dll\sqlite3.dll
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\icon128.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\icon16.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\icon48.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\app.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\arr.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\arr_right.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_a.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_add.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_b.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_c.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_d.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_e.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_f.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_g.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\bg\bg_h.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\dlogo.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\fav.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\favf.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\folder.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\gsearch.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\ico_bing.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\ico_yahoo.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\noise.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\redline.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\setting.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\images\sharpdown.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\index.html
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\background.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\config.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\config_deploy.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\config_internal.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\content_append.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\global.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\include.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\jquery-ui-1.10.3.custom.min.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\jquery.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\md5.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\mustcache.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\stat.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\js\topsite.js
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\logo.png
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\1.2.8_0\manifest.json
c:\program files\Secure Speed Dial\Chrome\glmfgahfleepmdfffonfckpmkondpdkg\config.ini
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\amazon.js
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\bootstrap.js
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\build.xml
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\chrome.manifest
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\defaults\preferences\speeddial.js
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\icon.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\icon64.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\amazon.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\arr.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_a.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_add.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_b.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_c.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_d.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_e.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_f.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_g.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\bg\bg_h.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\gsearch.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\ico_bing.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\ico_yahoo.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\redline.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\images\setting.png
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\install.rdf
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\ar\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\bg\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\bn\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\ca\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\cs\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\da\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\de\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\el\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\en-GB\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\en-US\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\en\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\es - 419\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\es\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\et\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\fa\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\fi\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\fil\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\fr\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\gu\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\he\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\hi\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\hr\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\hu\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\id\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\it\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\ja\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\kn\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\ko\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\lt\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\lv\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\mr\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\ms\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\nl\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\no\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\pl\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\pt_BR\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\pt_PT\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\ro\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\ru\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\sk\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\sl\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\sr\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\sv\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\sw\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\ta\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\te\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\th\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\tr\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\uk\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\vi\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\zh-CN\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\locale\zh-TW\options.dtd
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\newTab-20.xul
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\newTab.css
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\newTab.js
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\newTab.xul
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\newTabFF.js
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\NPIdentityGen.dll
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\observe.js
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\observe.xul
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\speeddial.css
c:\program files\Secure Speed Dial\Firefox\speeddial@instair.net\statsreq.js
c:\program files\Secure Speed Dial\IE\LiveUpdateSrvUpt.log
c:\program files\Secure Speed Dial\IE\Preferences
c:\program files\Secure Speed Dial\IE\SecureUpdate.exe
c:\program files\Secure Speed Dial\IE\SecureUpdate.log
c:\program files\secure speed dial\ie\SpeedDial.dll
c:\program files\Secure Speed Dial\IE\sqlite3.dll
c:\program files\Secure Speed Dial\IE\system.ini
c:\program files\Secure Speed Dial\IE\update\update.spt
c:\program files\Secure Speed Dial\Source\Firefox\speeddial@instair.net\NPIdentityGen.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SECUREUPDATESVC
-------\Service_SecureUpdateSvc
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-22 to 2013-09-22  )))))))))))))))))))))))))))))))
.
.
2013-09-18 18:48 . 2013-09-18 18:51 -------- d-----w- C:\AdwCleaner
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-22 22:37 . 2013-08-22 22:37 176952 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2013-08-22 21:56 . 2013-08-22 21:56 209208 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2013-08-22 21:56 . 2013-08-22 21:56 223032 ----a-w- c:\windows\system32\drivers\avglogx.sys
2013-08-22 21:56 . 2013-08-22 21:56 146232 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2013-08-20 21:54 . 2013-08-20 21:54 102200 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2013-08-09 01:56 . 2008-04-14 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-08 06:05 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-08-08 06:05 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-08-08 06:05 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-08-08 06:05 . 2008-04-14 12:00 18944 ------w- c:\windows\system32\corpol.dll
2013-08-08 01:27 . 2008-04-14 12:00 1877760 ----a-w- c:\windows\system32\win32k.sys
2013-08-08 00:02 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-08-05 13:30 . 2008-04-14 12:00 1289728 ----a-w- c:\windows\system32\ole32.dll
2013-08-01 15:08 . 2013-08-01 15:08 193848 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2013-08-01 15:06 . 2013-08-01 15:06 22840 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2013-08-01 15:06 . 2013-08-01 15:06 120120 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2013-08-01 15:05 . 2013-08-01 15:05 26936 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2013-07-31 14:11 . 2008-04-14 12:00 810496 ----a-w- c:\windows\system32\wmvdmod.dll
2013-07-10 10:37 . 2008-04-14 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2008-04-14 12:00 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2008-04-14 00:01 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-08-15 5703920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2013-08-26 4851248]
"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2013-08-16 1549120]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2014\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [22/08/2013 22:56 146232]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [22/08/2013 22:56 223032]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [01/08/2013 16:05 26936]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [14/09/2013 13:43 14776]
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\drivers\avgdiskx.sys [01/08/2013 16:06 120120]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [22/08/2013 22:56 209208]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/08/2013 23:37 176952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [01/08/2013 16:08 193848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [23/05/2013 21:11 119056]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [14/09/2013 17:58 574272]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [26/08/2013 17:30 1358432]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [27/08/2013 07:56 3534896]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [20/08/2013 23:42 300640]
R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [14/09/2013 13:30 335168]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IPROSetMonitor.exe [05/04/2013 03:53 121600]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 19:52 30944]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [23/07/2008 11:31 44800]
S0 cerc6;cerc6; [x]
S1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [01/08/2013 16:06 22840]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/01/2012 19:52 30944]
S3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [14/09/2013 13:30 247968]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [14/09/2013 17:45 48728]
S3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [14/09/2013 13:30 31520]
S3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [14/09/2013 13:30 17360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-21 19:14 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-14 12:09]
.
2013-09-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-09-14 12:09]
.
2013-09-22 c:\windows\Tasks\SmartDefragUpdate.job
- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-09-14 17:49]
.
2013-09-22 c:\windows\Tasks\SmartDefrag_Startup.job
- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-09-14 09:31]
.
2013-09-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 54b83a4c-d08e-4755-aae7-bbe33da1f1ca.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
2013-09-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f9be7d65-e85b-420d-b3e1-83c3465f149e.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-23 20:21]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-22 11:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3548)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WgaTray.exe
c:\program files\AVG\AVG2014\avgnsx.exe
c:\program files\AVG\AVG2014\avgemcx.exe
c:\program files\AVG\AVG2014\avgrsx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
c:\program files\AVG\AVG2014\avgcsrvx.exe
.
**************************************************************************
.
Completion time: 2013-09-22  11:11:10 - machine was rebooted
ComboFix-quarantined-files.txt  2013-09-22 10:11
ComboFix2.txt  2013-09-21 13:45
.
Pre-Run: 992,202,203,136 bytes free
Post-Run: 992,152,395,776 bytes free
.
- - End Of File - - 58FD9A79E69539245F3838EA48914E53
8F558EB6672622401DA993E1E865C861
 

SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 11:17 on 22/09/2013 by Neil
Administrator - Elevation successful
 
========== regfind ==========
 
Searching for "summersoft"
No data found.
 
-= EOF =-

 

Thanks again for your time and patience.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,237 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:16 PM

Posted 22 September 2013 - 09:20 AM

Execute this.

Open the StartBtn.gif > run box and type cmd and hit OK
type
ipconfig /flushdns <-- (The space between g and / is needed) press the Enter key.

repeat with
ipconfig /renew

Then type Exit, hit the Enter key
*/*

If the problem persists reset you router.

How to Reset a Router Back to the Factory Default Settings
http://www.ehow.com/how_2110924_reset-back-factory-default-settings.html

Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)

http://www.routerpasswords.com/
http://www.phenoelit-us.org/dpl/dpl.html
===

Reset for Linksys, Netgear, D-Link and Belkin Routers
http://www.techsupportforum.com/2763-reset-for-linksys-netgear-d-link-and-belkin-routers/

How to Secure Your Wireless Router
http://www.ehow.com/how_2253625_secure-wireless-router.html

===




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users