Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Twunk_32.exe infection


  • This topic is locked This topic is locked
67 replies to this topic

#1 selectrick

selectrick

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 14 January 2014 - 06:10 PM

Hello, I'm certain I've been infected by this virus/malware and would appreciate some help removing it. I discovered it when a window opened when shutting down that said something like "Twunk_32.exe is not responding blah, bla, bla". Also I have read through the forum procedure for preparation for asking for help. Any help you can provide will be greatly appreciated. Thank you very much!

 

P.S. I'm going to shut down this computer and monitor this post from a second computer until I get a reply.


Edited by selectrick, 14 January 2014 - 06:39 PM.


BC AdBot (Login to Remove)

 


#2 selectrick

selectrick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 14 January 2014 - 06:34 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by owner at 18:19:52 on 2014-01-14
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.767.197 [GMT -5:00]
.
AV: Anti-Virus - Rogers Yahoo! Online Protection *Disabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thestar.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
dURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - <orphaned>
BHO: Merriam-Webster Online BHO: {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - c:\windows\_MWOLTB.0.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Merriam-Webster Online: {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - c:\windows\_MWOLTB.0.DLL
TB: Merriam-Webster Online: {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - c:\windows\_MWOLTB.0.DLL
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_9_900_170_ActiveX.exe -update activex
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\smiled~1.lnk - c:\program files\webshots\smile desktop\Smile.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} - hxxp://download.howudodat.com/chatterbox/download/ccdl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} - hxxp://www.merriam-webster.com/downloads/toolbar/webinstall.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229578318062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229578207468
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} - hxxps://streaming.endeavors.com/microsoft/encarta_rl/clientdownloads/OTAI.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5CDD990D-CCFF-495A-A285-504002FB9ABB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AF2D17F3-D5C8-4E9C-9ADD-866B649652F5} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: awtrRKby - <no file>
Notify: WgaLogon - <no file>
SEH: HookRC Class - {a5780613-492e-4a2a-a7fd-549610edf6cc} - c:\program files\vcom\recovery commander\RCHOOK.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 214696]
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2013-3-18 102728]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-25 108816]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-23 37664]
R1 MpKsl2bf153da;MpKsl2bf153da;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4e0ca6-8b01-4425-9aa6-46dd267103ef}\MpKsl2bf153da.sys [2014-1-14 40392]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-11-12 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-25 157264]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-25 230448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67664]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\Vet-Filt.sys [2005-11-21 21031]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\Vet-Rec.sys [2005-11-21 15478]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2005-11-21 590190]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VetFDDNT.sys [2005-11-21 15735]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-2-27 26099]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-4 116608]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-5-7 19016]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2005-11-21 102398]
RUnknown MpKslef1697b0;MpKslef1697b0; [x]
S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\aliehci.sys --> c:\windows\system32\drivers\ALIEHCI.sys [?]
S2 CAISafe;CAISafe; [x]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2013-5-19 45824]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-7-26 30464]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-4-1 11520]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-01-14 21:25:57 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4e0ca6-8b01-4425-9aa6-46dd267103ef}\MpKsl2bf153da.sys
2014-01-14 08:15:17 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4e0ca6-8b01-4425-9aa6-46dd267103ef}\offreg.dll
2014-01-14 08:14:36 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4e0ca6-8b01-4425-9aa6-46dd267103ef}\MpKslef1697b0.sys
2014-01-14 07:51:30 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{bc4e0ca6-8b01-4425-9aa6-46dd267103ef}\mpengine.dll
2014-01-13 08:11:45 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-12-21 06:04:22 225656 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-12-11 16:18:21 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 16:18:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec
2013-10-25 07:34:18 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2012-04-13 20:33:28 22259528 -c--a-w- c:\program files\vlc-2.0.1-win32.exe
.
============= FINISH: 18:23:21.40 ===============
 



#3 selectrick

selectrick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 14 January 2014 - 06:36 PM

attach file (sorry about multiple posts}

Attached Files



#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 19 January 2014 - 06:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520860 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 selectrick

selectrick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 19 January 2014 - 09:07 PM

In response to above post from Helpbot I do still need help. Since my first run of DDS I have run Malwarebytes but I guess that won't matter since I am now going to run DDS again. The problem with my machine is mostly slow response but what drew my attention to this virus is what I said in my original post: " I discovered it when a window opened when shutting down that said something like "Twunk_32.exe is not responding blah, bla, bla". Also, I do not have the windows CD/DVD. Thank you very much, will now rerun DDS and post results below.

 

P.S. When I ran MBytes all it detected was one PUP type infection and supposedly dealt with it. Thanks.


Edited by selectrick, 19 January 2014 - 09:31 PM.


#6 selectrick

selectrick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 19 January 2014 - 09:17 PM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by owner at 21:08:51 on 2014-01-19
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.767.270 [GMT -5:00]
.
AV: Anti-Virus - Rogers Yahoo! Online Protection *Disabled/Outdated* {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.thestar.com/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
dURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - <orphaned>
BHO: Merriam-Webster Online BHO: {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - c:\windows\_MWOLTB.0.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Merriam-Webster Online: {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - c:\windows\_MWOLTB.0.DLL
TB: Merriam-Webster Online: {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - c:\windows\_MWOLTB.0.DLL
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
mRun: [LXCFCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCFtime.dll,_RunDLLEntry@16
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\docume~1\owner\startm~1\programs\startup\smiled~1.lnk - c:\program files\webshots\smile desktop\Smile.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\VetRedir.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -

hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} - hxxp://download.howudodat.com/chatterbox/download/ccdl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-

A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} - hxxp://www.merriam-webster.com/downloads/toolbar/webinstall.cab
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229578318062
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229578207468
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} - hxxps://streaming.endeavors.com/microsoft/encarta_rl/clientdownloads/OTAI.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://driveragent.com/files/driveragent.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{5CDD990D-CCFF-495A-A285-504002FB9ABB} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{AF2D17F3-D5C8-4E9C-9ADD-866B649652F5} : DHCPNameServer = 192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned>
Notify: awtrRKby - <no file>
Notify: WgaLogon - <no file>
SEH: HookRC Class - {a5780613-492e-4a2a-a7fd-549610edf6cc} - c:\program files\vcom\recovery commander\RCHOOK.DLL
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-6-18 214696]
R0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [2013-3-18 102728]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2013-10-25 108816]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-23 37664]
R1 MpKsl2b106bac;MpKsl2b106bac;c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{d4fcc260-a52d-4841-8ee1-c06d72697a51}\MpKsl2b106bac.sys [2014-1-17 40392]
R1 RapportCerberus_59849;RapportCerberus_59849;c:\documents and settings\all users\application

data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_59849.sys [2013-11-12 340432]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2013-10-25 157264]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2013-10-25 230448]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-3-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 67664]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\Vet-Filt.sys [2005-11-21 21031]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\Vet-Rec.sys [2005-11-21 15478]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\VetEFile.sys [2005-11-21 590190]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\VetFDDNT.sys [2005-11-21 15735]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2006-2-27 26099]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-4 116608]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2013-10-25

1444120]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2009-7-15 144696]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2008-7-28

169992]
R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.3.0

\ToolbarUpdater.exe [2013-6-28 1598128]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-5-7 19016]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\VetEBoot.sys [2005-11-21 102398]
RUnknown MpKslcf6e0858;MpKslcf6e0858; [x]
S2 ALIEHCD;ULi PCI to USB Enhanced Host Controller;c:\windows\system32\drivers\aliehci.sys --> c:\windows\system32

\drivers\ALIEHCI.sys [?]
S2 CAISafe;CAISafe; [x]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [2013-5-19 45824]
S2 VETMSGNT;VET Message Service; [x]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-7-26 30464]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 12872]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2012-4-1 11520]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
FileExt: .txt: txtfile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: FRONTPG.EXE: edit=c:\progra~1\micros~2\office\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2014-01-18 00:26:13 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{d4fcc260-a52d-4841-8ee1-c06d72697a51}\MpKsl2b106bac.sys
2014-01-16 00:41:52 40392 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{d4fcc260-a52d-4841-8ee1-c06d72697a51}\MpKslcf6e0858.sys
2014-01-15 10:38:19 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\{d4fcc260-a52d-4841-8ee1-c06d72697a51}\mpengine.dll
2014-01-14 07:51:30 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft

antimalware\definition updates\backup\mpengine.dll
2013-12-21 06:04:22 225656 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2014-01-15 06:03:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-01-15 06:03:00 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-27 20:21:06 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-29 07:57:34 920064 ----a-w- c:\windows\system32\wininet.dll
2013-10-29 07:57:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-10-29 07:57:33 18944 ----a-w- c:\windows\system32\corpol.dll
2013-10-29 07:57:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-10-29 00:45:02 385024 ------w- c:\windows\system32\html.iec
2013-10-25 07:34:18 108816 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2012-04-13 20:33:28 22259528 -c--a-w- c:\program files\vlc-2.0.1-win32.exe
.
============= FINISH: 21:12:14.53 ===============



#7 selectrick

selectrick
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 19 January 2014 - 09:24 PM

Attach file included.............I hope I have done all that is required, if not I'm sure you'll let me know ...lol, Thanks again.

Attached Files


Edited by selectrick, 19 January 2014 - 09:27 PM.


#8 Bud_91

Bud_91

  • Malware Response Team
  • 438 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 PM

Posted 21 January 2014 - 09:47 AM

Hello and welcome to Bleeping Computer. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.
 
Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.
 

Please download Farbar Recovery Scan Tool and save it to your desktop.
 
Note: You need to run the 32-bit version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #9 selectrick

    selectrick
    • Topic Starter

    • Members
    • 48 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:39 PM

    Posted 21 January 2014 - 12:49 PM

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014
    Ran by owner (administrator) on AMD-C7MGGZWNUBV on 21-01-2014 12:40:30
    Running from C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\8KJ6ZOUZ
    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) ===================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
    (Rogers Cable Communications) C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
    (Rogers Cable Communications) C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
    (AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Farbar) C:\Documents and Settings\owner\Local Settings\Temporary Internet Files\Content.IE5\8KJ6ZOUZ\FRST[1].exe

    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [LXCFCATS] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll [73728 2005-07-20] ()
    HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKLM\...\Policies\Explorer: [NoComputersNearMe] 0
    HKCU\...\Run: [SUPERAntiSpyware] - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [5625624 2014-01-15] (SUPERAntiSpyware)
    HKCU\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2122824 2014-01-04] (PeerBlock, LLC)
    HKCU\...\Policies\Explorer: [NoControlPanel] 0
    HKCU\...\Policies\Explorer: [NoNetHood] 0
    HKCU\...\Policies\Explorer: [NoComputersNearMe] 0
    MountPoints2: F - F:\LaunchU3.exe -a
    MountPoints2: {d25792f8-1019-11de-80fc-001921854a80} - F:\LaunchU3.exe -a
    HKU\Administrator\...\Run: [ROC_JAN2013_TB] - "C:\Program Files\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB
    HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
    HKU\Administrator\...\Run: [AVG-Secure-Search-Update_JUNE2013_HP] - "C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_HP.exe"  /PROMPT /CMPID=JUNE2013_HP
    Startup: C:\Documents and Settings\owner\Start Menu\Programs\Startup\Smile Desktop.lnk
    ShortcutTarget: Smile Desktop.lnk -> C:\Program Files\Webshots\Smile Desktop\Smile.exe (Webshots)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thestar.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?rd=1&ucc=CA&dcc=CA&opt=0&ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5619D634BD89CE01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
    SearchScopes: HKLM - DefaultScope value is missing.
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: Merriam-Webster Online BHO - {5ADA9CAC-04F9-4DD2-ABFD-74D673BE8624} - C:\WINDOWS\_MWOLTB.0.DLL ()
    BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.0.DLL ()
    Toolbar: HKLM - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
    Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\Windows\System32\browseui.dll (Microsoft Corporation)
    Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\Windows\system32\SHELL32.dll (Microsoft Corporation)
    Toolbar: HKCU - Merriam-Webster Online - {B7B76DD6-B6F0-4443-AF81-6A3ECF12A57D} - C:\WINDOWS\_MWOLTB.0.DLL ()
    Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
    Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {10C9072D-2FF3-4AF8-882E-7974B1BF2729} http://download.howudodat.com/chatterbox/download/ccdl.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    DPF: {3CF32649-D1C0-4F42-AB44-ED284748920B} http://www.merriam-webster.com/downloads/toolbar/webinstall.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229578318062
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229578207468
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {AF087E66-838E-4A97-8A0B-0DDDA5DEA239} https://streaming.endeavors.com/microsoft/encarta_rl/clientdownloads/OTAI.CAB
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
    ShellExecuteHooks: HookRC Class - {a5780613-492e-4a2a-a7fd-549610edf6cc} - C:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL [102400 2003-07-08] ()
    ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-08-05] (SuperAdBlocker.com)
    Winsock: Catalog9 01 C:\WINDOWS\system32\VetRedir.dll [74864] (Computer Associates International, Inc.)
    Winsock: Catalog9 02 C:\WINDOWS\system32\VetRedir.dll [74864] (Computer Associates International, Inc.)
    Winsock: Catalog9 03 C:\WINDOWS\system32\VetRedir.dll [74864] (Computer Associates International, Inc.)
    Winsock: Catalog9 09 C:\WINDOWS\system32\VetRedir.dll [74864] (Computer Associates International, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

    Chrome:
    =======
    CHR HomePage: hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=8441001921854A80&affID=121133&tsp=4954
    CHR RestoreOnStartup: "hxxp://mixidj.delta-search.com/?babsrc=HP_ss&mntrId=8441001921854A80&affID=121133&tsp=4954"
    CHR DefaultSearchURL: http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\Application\28.0.1500.72\pdf.dll No File
    CHR Plugin: (AVG Internet Security) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
    CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
    CHR Plugin: (Microsoft DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
    CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
    CHR Plugin: (RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll No File
    CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll No File
    CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - c:\program files\real\realplayer\Netscape6\nppl3260.dll No File
    CHR Plugin: (RealPlayer Version Plugin) - c:\program files\real\realplayer\Netscape6\nprpjplug.dll No File
    CHR Plugin: (Google Update) - C:\Documents and Settings\owner\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
    CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
    CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files\TVUPlayer\npTVUAx.dll No File
    CHR Plugin: (Veetle TV Player) - C:\Program Files\Veetle\Player\npvlc.dll No File
    CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
    CHR Plugin: (Veetle TV Core) - C:\Program Files\Veetle\plugins\npVeetle.dll No File
    CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    CHR Plugin: (RealJukebox NS Plugin) - c:\program files\real\realplayer\Netscape6\nprjplug.dll No File

    ========================== Services (Whitelisted) =================

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-09-07] (SUPERAntiSpyware.com)
    R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2012-09-02] (Oracle Corporation)
    S3 lxcf_device; C:\WINDOWS\system32\lxcfcoms.exe [491520 2005-07-25] ( )
    R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
    R2 RogersSelfHelpService; C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe [144696 2009-07-15] (Rogers Cable Communications)
    R2 RogersUpdateManager; C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe [169992 2008-07-28] (Rogers Cable Communications)
    R2 vToolbarUpdater15.3.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [1598128 2013-06-28] (AVG Secure Search)
    S2 CAISafe;
    S3 getPlus® Helper;
    S2 VETMSGNT;

    ==================== Drivers (Whitelisted) ====================

    R3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [3965056 2006-05-19] (Realtek Semiconductor Corp.)
    R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-06-28] (AVG Technologies)
    S3 CO_Mon; C:\WINDOWS\system32\Drivers\CO_Mon.sys [28672 2006-08-30] ()
    R3 FETND5BV; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc.              )
    S3 FETNDIS; C:\Windows\System32\DRIVERS\FETN62.sys [49304 2009-08-20] (VIA Technologies, Inc.              )
    S3 FETNDISB; C:\Windows\System32\DRIVERS\fetnd5b.sys [40960 2002-10-29] (VIA Technologies, Inc.              )
    S3 giveio; C:\WINDOWS\system32\giveio.sys [5248 2005-03-29] ()
    S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30464 2013-07-26] ()
    R0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [28464 2011-12-29] (COMPAL ELECTRONIC INC.)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
    R1 MpKsleda144a0; C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1AE9F19A-1ED1-4D33-8097-1154F7E30FE2}\MpKsleda144a0.sys [40392 2014-01-21] (Microsoft Corporation)
    R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
    S2 ousbehci; C:\Windows\System32\Drivers\ousbehci.sys [45824 2005-09-29] (OrangeWare Corporation)
    R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [19016 2014-01-04] ()
    R1 RapportCerberus_59849; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_59849.sys [340432 2013-11-12] ()
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-08-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-22] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [67664 2011-08-05] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
    S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2007-04-15] (EnTech Taiwan)
    R1 VET-FILT; C:\Windows\System32\Drivers\VET-FILT.sys [21031 2005-11-21] (Computer Associates International, Inc.)
    R1 VET-REC; C:\Windows\System32\Drivers\VET-REC.sys [15478 2005-11-21] (Computer Associates International, Inc.)
    R3 VETEBOOT; C:\Windows\System32\Drivers\VETEBOOT.sys [102398 2006-02-02] (Computer Associates International, Inc.)
    R1 VETEFILE; C:\Windows\System32\Drivers\VETEFILE.sys [590190 2006-02-02] (Computer Associates International, Inc.)
    R1 VETFDDNT; C:\Windows\System32\Drivers\VETFDDNT.sys [15735 2005-11-21] (Computer Associates International, Inc.)
    R1 VETMONNT; C:\Windows\System32\Drivers\VETMONNT.sys [26099 2006-02-27] (Computer Associates International, Inc.)
    R0 viaagp1; C:\Windows\System32\DRIVERS\viaagp1.sys [27904 2003-07-01] (VIA Technologies, Inc.)
    S2 ALIEHCD; System32\Drivers\ALIEHCI.sys [x]
    S3 cmuda; system32\drivers\cmuda.sys [x]
    S4 IntelIde; No ImagePath
    U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    U3 mbr; \??\C:\DOCUME~1\owner\LOCALS~1\Temp\mbr.sys [x]

    ==================== NetSvcs (Whitelisted) ===================

    ==================== One Month Created Files and Folders ========

    2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\FRST
    2014-01-19 21:12 - 2014-01-19 21:12 - 00019077 _____ C:\Documents and Settings\owner\Desktop\attach.txt
    2014-01-19 21:12 - 2014-01-19 21:12 - 00011214 _____ C:\Documents and Settings\owner\Desktop\dds.txt
    2014-01-15 03:13 - 2014-01-15 03:13 - 00002821 _____ C:\WINDOWS\tsoc.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00001844 _____ C:\WINDOWS\msmqinst.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00001374 _____ C:\WINDOWS\imsins.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00001238 _____ C:\WINDOWS\ntdtcsetup.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00001083 _____ C:\WINDOWS\netfxocm.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00000425 _____ C:\WINDOWS\MedCtrOC.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00000342 _____ C:\WINDOWS\ocmsn.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00000311 _____ C:\WINDOWS\tabletoc.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00000303 _____ C:\WINDOWS\msgsocm.log
    2014-01-15 03:12 - 2014-01-15 03:13 - 00006640 _____ C:\WINDOWS\iis6.log
    2014-01-15 03:12 - 2014-01-15 03:13 - 00006184 _____ C:\WINDOWS\FaxSetup.log
    2014-01-15 03:12 - 2014-01-15 03:13 - 00002956 _____ C:\WINDOWS\ocgen.log
    2014-01-15 03:12 - 2014-01-15 03:13 - 00002044 _____ C:\WINDOWS\comsetup.log
    2014-01-15 03:12 - 2014-01-15 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
    2014-01-15 03:03 - 2014-01-15 03:13 - 00006303 _____ C:\WINDOWS\KB2914368.log
    2014-01-14 16:55 - 2014-01-14 16:55 - 01037068 _____ (Thisisu) C:\Documents and Settings\owner\Desktop\JRT.exe
    2014-01-14 16:53 - 2014-01-14 16:54 - 01236282 _____ C:\Documents and Settings\owner\Desktop\AdwCleaner.exe
    2014-01-14 16:46 - 2014-01-14 16:46 - 00688992 ____R (Swearware) C:\Documents and Settings\owner\Desktop\dds.scr
    2014-01-12 20:25 - 2014-01-14 15:27 - 00000120 _____ C:\WINDOWS\setupact.log
    2014-01-12 20:25 - 2014-01-12 20:25 - 00000000 _____ C:\WINDOWS\setuperr.log
    2014-01-09 14:02 - 2014-01-09 14:02 - 00000978 _____ C:\Documents and Settings\owner\My Documents\cc_20140109_140155.reg

    ==================== One Month Modified Files and Folders =======

    2014-01-21 12:41 - 2013-08-02 08:02 - 01285262 _____ C:\WINDOWS\pfirewall.log
    2014-01-21 12:40 - 2014-01-21 12:40 - 00000000 ____D C:\FRST
    2014-01-21 12:40 - 2011-03-11 02:55 - 00000422 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{FE370DF0-BB0C-4C57-BB88-F8CFBDD3F200}.job
    2014-01-21 12:32 - 2011-01-14 12:50 - 00000000 ____D C:\Documents and Settings\owner\Application Data\vlc
    2014-01-21 12:17 - 2012-07-15 16:38 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-01-21 12:00 - 2013-07-28 00:33 - 00000626 _____ C:\WINDOWS\Tasks\FixCleaner Scan.job
    2014-01-21 11:50 - 2004-10-19 23:34 - 00032006 _____ C:\WINDOWS\SchedLgU.Txt
    2014-01-21 03:26 - 2004-10-20 12:42 - 01952509 _____ C:\WINDOWS\WindowsUpdate.log
    2014-01-20 15:24 - 2004-12-16 14:41 - 00001744 _____ C:\WINDOWS\system32\d3d9caps.dat
    2014-01-20 12:43 - 2010-09-27 22:20 - 00000286 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1292428093-1383384898-725345543-1003.job
    2014-01-20 03:07 - 2010-05-07 17:30 - 00000000 ____D C:\Program Files\PeerBlock
    2014-01-19 21:39 - 2008-03-03 17:29 - 00000000 ____D C:\Documents and Settings\owner\My Documents\Brianna's Folder
    2014-01-19 21:12 - 2014-01-19 21:12 - 00019077 _____ C:\Documents and Settings\owner\Desktop\attach.txt
    2014-01-19 21:12 - 2014-01-19 21:12 - 00011214 _____ C:\Documents and Settings\owner\Desktop\dds.txt
    2014-01-19 19:26 - 2010-12-28 13:29 - 00002506 _____ C:\Documents and Settings\All Users\Application Data\updateinfo.txt
    2014-01-19 02:32 - 2013-08-02 08:21 - 00231584 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2014-01-18 08:44 - 2010-02-05 17:09 - 00000000 ____D C:\Documents and Settings\owner\Application Data\uTorrent
    2014-01-17 19:24 - 2012-10-04 05:24 - 00000000 ____D C:\Documents and Settings\owner\My Documents\Smile
    2014-01-17 19:23 - 2008-02-04 11:37 - 00000000 ____D C:\Program Files\Lx_cats
    2014-01-17 19:23 - 2004-04-29 19:23 - 00000159 _____ C:\WINDOWS\wiadebug.log
    2014-01-17 19:22 - 2013-06-08 07:00 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
    2014-01-17 19:22 - 2013-06-03 01:58 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
    2014-01-17 19:22 - 2013-01-24 01:18 - 00000342 _____ C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
    2014-01-17 19:22 - 2012-08-19 09:19 - 00000278 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1292428093-1383384898-725345543-1003.job
    2014-01-17 19:22 - 2004-10-19 23:30 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2014-01-17 19:22 - 2004-04-29 19:23 - 00000049 _____ C:\WINDOWS\wiaservc.log
    2014-01-17 19:22 - 2001-08-22 22:00 - 00002262 _____ C:\WINDOWS\system32\wpa.dbl
    2014-01-17 19:19 - 2012-09-05 00:33 - 00028009 _____ C:\lxcf.log
    2014-01-17 19:19 - 2004-10-19 23:36 - 00000178 ___SH C:\Documents and Settings\owner\ntuser.ini
    2014-01-15 11:51 - 2012-01-12 03:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2598479$
    2014-01-15 05:28 - 2009-04-24 17:54 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2014-01-15 03:35 - 2013-08-14 22:28 - 00000000 ____D C:\WINDOWS\system32\MRT
    2014-01-15 03:16 - 2005-05-11 03:00 - 83425928 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-01-15 03:13 - 2014-01-15 03:13 - 00002821 _____ C:\WINDOWS\tsoc.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00001844 _____ C:\WINDOWS\msmqinst.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00001374 _____ C:\WINDOWS\imsins.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00001238 _____ C:\WINDOWS\ntdtcsetup.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00001083 _____ C:\WINDOWS\netfxocm.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00000425 _____ C:\WINDOWS\MedCtrOC.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00000342 _____ C:\WINDOWS\ocmsn.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00000311 _____ C:\WINDOWS\tabletoc.log
    2014-01-15 03:13 - 2014-01-15 03:13 - 00000303 _____ C:\WINDOWS\msgsocm.log
    2014-01-15 03:13 - 2014-01-15 03:12 - 00006640 _____ C:\WINDOWS\iis6.log
    2014-01-15 03:13 - 2014-01-15 03:12 - 00006184 _____ C:\WINDOWS\FaxSetup.log
    2014-01-15 03:13 - 2014-01-15 03:12 - 00002956 _____ C:\WINDOWS\ocgen.log
    2014-01-15 03:13 - 2014-01-15 03:12 - 00002044 _____ C:\WINDOWS\comsetup.log
    2014-01-15 03:13 - 2014-01-15 03:03 - 00006303 _____ C:\WINDOWS\KB2914368.log
    2014-01-15 03:12 - 2014-01-15 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2914368$
    2014-01-15 01:03 - 2012-04-10 16:19 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-01-15 01:03 - 2011-05-20 12:02 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-01-15 01:03 - 2004-11-07 15:56 - 00000000 ____D C:\Documents and Settings\owner\Local Settings\Application Data\Adobe
    2014-01-14 18:15 - 2005-11-21 17:07 - 00000000 ____D C:\WINDOWS\system32\NtmsData
    2014-01-14 16:55 - 2014-01-14 16:55 - 01037068 _____ (Thisisu) C:\Documents and Settings\owner\Desktop\JRT.exe
    2014-01-14 16:54 - 2014-01-14 16:53 - 01236282 _____ C:\Documents and Settings\owner\Desktop\AdwCleaner.exe
    2014-01-14 16:46 - 2014-01-14 16:46 - 00688992 ____R (Swearware) C:\Documents and Settings\owner\Desktop\dds.scr
    2014-01-14 16:38 - 2013-02-12 23:24 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
    2014-01-14 15:27 - 2014-01-12 20:25 - 00000120 _____ C:\WINDOWS\setupact.log
    2014-01-14 14:56 - 2013-08-02 08:02 - 04131674 _____ C:\WINDOWS\pfirewall.log.old
    2014-01-13 12:41 - 2004-12-09 17:12 - 00049152 ____C C:\Documents and Settings\owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-01-12 20:25 - 2014-01-12 20:25 - 00000000 _____ C:\WINDOWS\setuperr.log
    2014-01-09 14:02 - 2014-01-09 14:02 - 00000978 _____ C:\Documents and Settings\owner\My Documents\cc_20140109_140155.reg
    2014-01-09 13:56 - 2004-10-19 22:36 - 00000000 ____D C:\Documents and Settings\owner
    2014-01-07 14:07 - 2004-04-29 19:15 - 00000000 ____D C:\WINDOWS\Help
    2014-01-07 12:49 - 2010-05-07 17:30 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\PeerBlock

    Files to move or delete:
    ====================
    C:\Documents and Settings\owner\Application Data\dm.ini
    C:\Documents and Settings\owner\eSClean.vbs

    ==================== Bamital & volsnap Check =================

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================



    #10 selectrick

    selectrick
    • Topic Starter

    • Members
    • 48 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:39 PM

    Posted 21 January 2014 - 12:57 PM

    Since you did not say to hit the fix button in Farbar, I did not do so. All I did was as directed and scan and post logs. Hope that was correct. Once again Thank You Very Much, you're a true gentleman.

     

    P.S. sorry for the multple posts as I was having some difficulty finding the "attach files" function in the forum here but apparently persistence has paid off, lol. After all I'm approaching 60 yrs. of age and not the most computer savy guy in the world, but I seem to manage eventually. ; ) 


    Edited by selectrick, 21 January 2014 - 01:11 PM.


    #11 selectrick

    selectrick
    • Topic Starter

    • Members
    • 48 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:39 PM

    Posted 21 January 2014 - 12:58 PM

    Sorry Addition here:

    Attached Files



    #12 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:39 PM

    Posted 21 January 2014 - 02:45 PM

    Hi,

     

    No need to click the "Fix" button yet. It won't do anything without a script to run.

     

    You appear to have remnants of several anti-virus programs on your computer and also appear to have two active anti-viruses. Can you tell me which anti-virus you would like to keep? We need to get rid of the rest as this can cause your computer to slow down and will actually reduce its security.

     

    Let's start with this:

     

    Download CKScanner from here:http://downloads.mal...m/CKScanner.exe
    Important - Save it to your desktop.
    Doubleclick CKScanner.exe (Right click and "Run as administrator" in Vista/Win7).
    Give permission if necessary, and click Search For Files.
    After a very short time, when the cursor hourglass disappears, click Save List To File.
    A message box will verify the file saved. Please run the program once only.
    Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #13 selectrick

    selectrick
    • Topic Starter

    • Members
    • 48 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:39 PM

    Posted 21 January 2014 - 07:30 PM

    Prefer to keep Microsoft Security Essentials, thanks.

     

    CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
    c:\documents and settings\owner\favorites\computer stuff\virus removal help\avg pc tuneup pro 2013 12.0.4000.108  full free serial key, crack, keygen & patch - serial key.url
    c:\documents and settings\owner\favorites\diy\cracking combination locks - google search.url
    c:\documents and settings\owner\favorites\file sharing\crack find.url
    c:\documents and settings\owner\favorites\file sharing\cracks am - filesharing talk.url
    c:\documents and settings\owner\favorites\file sharing\welcome to cracks.am software security site!.url
    c:\documents and settings\owner\favorites\hack 'n crack\. phrack magazine ..url
    c:\documents and settings\owner\favorites\hack 'n crack\. the hacker's choice - thc ..url
    c:\documents and settings\owner\favorites\hack 'n crack\a beginner's guide to fake id.url
    c:\documents and settings\owner\favorites\hack 'n crack\access restrictions, security restrictions to restrict access to pc.url
    c:\documents and settings\owner\favorites\hack 'n crack\ads by google.url
    c:\documents and settings\owner\favorites\hack 'n crack\all hacks.url
    c:\documents and settings\owner\favorites\hack 'n crack\batch file commands.url
    c:\documents and settings\owner\favorites\hack 'n crack\bayw.org  index.url
    c:\documents and settings\owner\favorites\hack 'n crack\become a googlebot, get a free pass ~ @ classic tutorials.url
    c:\documents and settings\owner\favorites\hack 'n crack\bombshock forums.url
    c:\documents and settings\owner\favorites\hack 'n crack\computer technology forum - hacking with windows xp.url
    c:\documents and settings\owner\favorites\hack 'n crack\computer technology forum - warez monsters 4 step spyware removal guide.url
    c:\documents and settings\owner\favorites\hack 'n crack\danworld network - the download planet.url
    c:\documents and settings\owner\favorites\hack 'n crack\fake id cards created through theidshop, novelty id and false identification..url
    c:\documents and settings\owner\favorites\hack 'n crack\fake id online  fake ids, fake id template, fake id card, photo identification, how to make fake ids, make fake id, create a f.url
    c:\documents and settings\owner\favorites\hack 'n crack\faq et rfc non maintenus.url
    c:\documents and settings\owner\favorites\hack 'n crack\freesoft.org.url
    c:\documents and settings\owner\favorites\hack 'n crack\freeware4u.com a site dedicated to freeware.url
    c:\documents and settings\owner\favorites\hack 'n crack\hack canada - it don't mean jack if it ain't got that hack..url
    c:\documents and settings\owner\favorites\hack 'n crack\how to make a fake id - wikihow.url
    c:\documents and settings\owner\favorites\hack 'n crack\how to make a fake id,” - google search.url
    c:\documents and settings\owner\favorites\hack 'n crack\howto bypass internet censorship, a tutorial on getting around filters and blocked ports.url
    c:\documents and settings\owner\favorites\hack 'n crack\http--www.neotrace.com-.url
    c:\documents and settings\owner\favorites\hack 'n crack\i-hacked.com taking advantage of technology - video making a beer can shim.url
    c:\documents and settings\owner\favorites\hack 'n crack\insecure.org - nmap free security scanner, tools & hacking resources.url
    c:\documents and settings\owner\favorites\hack 'n crack\internet rfc-fyi-std-bcp archives.url
    c:\documents and settings\owner\favorites\hack 'n crack\internic  the internet's network information center.url
    c:\documents and settings\owner\favorites\hack 'n crack\johnny.ihackstuff.com - home.url
    c:\documents and settings\owner\favorites\hack 'n crack\lock picking 101 guide to lock picks locksmithing lockpick sets lockpicking.url
    c:\documents and settings\owner\favorites\hack 'n crack\marc and angel » turn google into napster 2000.url
    c:\documents and settings\owner\favorites\hack 'n crack\microsoft office individual install - w5awarez.com.url
    c:\documents and settings\owner\favorites\hack 'n crack\microsoft technet windows sysinternals.url
    c:\documents and settings\owner\favorites\hack 'n crack\northwest performance software, inc..url
    c:\documents and settings\owner\favorites\hack 'n crack\ntbugtraq - ntbugtraq home.url
    c:\documents and settings\owner\favorites\hack 'n crack\phone number 5195133698.url
    c:\documents and settings\owner\favorites\hack 'n crack\ppctech.info.url
    c:\documents and settings\owner\favorites\hack 'n crack\rainbow series.url
    c:\documents and settings\owner\favorites\hack 'n crack\registry cleaner reviews - regcure, error killer, xoftspy.url
    c:\documents and settings\owner\favorites\hack 'n crack\request for comments.url
    c:\documents and settings\owner\favorites\hack 'n crack\securityfocus.url
    c:\documents and settings\owner\favorites\hack 'n crack\silitoad.org.url
    c:\documents and settings\owner\favorites\hack 'n crack\simtel free download of computer software, games, tools and utilities - freeware, shareware, demos and trial versions.url
    c:\documents and settings\owner\favorites\hack 'n crack\skeptic tank text archive file.url
    c:\documents and settings\owner\favorites\hack 'n crack\skitzu security.url
    c:\documents and settings\owner\favorites\hack 'n crack\society of competitive intelligence professionals (scip).url
    c:\documents and settings\owner\favorites\hack 'n crack\softwarefor.org home of software for starving students.url
    c:\documents and settings\owner\favorites\hack 'n crack\sony computer science laboratories, inc..url
    c:\documents and settings\owner\favorites\hack 'n crack\spyware warrior rogue-suspect anti-spyware products & web sites.url
    c:\documents and settings\owner\favorites\hack 'n crack\system downloads  dll archive --- analogx.url
    c:\documents and settings\owner\favorites\hack 'n crack\telephone number location information.url
    c:\documents and settings\owner\favorites\hack 'n crack\the 46 best-ever freeware utilities.url
    c:\documents and settings\owner\favorites\hack 'n crack\the happy hacker -- self-defense against computer crime.url
    c:\documents and settings\owner\favorites\hack 'n crack\totse.com  about.url
    c:\documents and settings\owner\favorites\hack 'n crack\true anarchy.url
    c:\documents and settings\owner\favorites\hack 'n crack\tucows downloads - download freeware and shareware software.url
    c:\documents and settings\owner\favorites\hack 'n crack\university of texas department of computer sciences.url
    c:\documents and settings\owner\favorites\hack 'n crack\w5awarez.com.url
    c:\documents and settings\owner\favorites\hack 'n crack\warez download community  wareznet.net.url
    c:\documents and settings\owner\favorites\hack 'n crack\ways to crack and disable wga validation tool and wga notifications plus download and install bypassing genuine windows validat.url
    c:\documents and settings\owner\favorites\hack 'n crack\who calls from 416-932-4500 3-3.url
    c:\documents and settings\owner\favorites\hack 'n crack\» 20 things the average person doesn’t know about windows xp » blog archive   alice hill’s real tech news - independent tech.url
    c:\documents and settings\owner\favorites\hack 'n crack\cable modem mods\hacking cable modems (higher speeds, free internet) - suprbay forum.url
    c:\documents and settings\owner\favorites\hack 'n crack\cable modem mods\home  theoryshare - the broadband experts.url
    c:\documents and settings\owner\favorites\hack 'n crack\cable modem mods\surfboardhacker forums.url
    c:\documents and settings\owner\favorites\hack 'n crack\cable modem mods\techwatch tech news satellite tv, cable tv, digital tv, home media and hardware.url
    c:\documents and settings\owner\favorites\hack 'n crack\cell phone\free cellular phone unlock codes - google search.url
    c:\documents and settings\owner\favorites\hack 'n crack\cell phone\how to unlock a cell phone for free - google search.url
    c:\documents and settings\owner\favorites\hack 'n crack\cell phone\how to unlock your cell phone for free  ehow.com.url
    c:\documents and settings\owner\favorites\hack 'n crack\cell phone\mobileunlockguide.com  guides and instructions to unlock samsung m510 mobile phones.url
    c:\documents and settings\owner\favorites\hack 'n crack\cell phone\motorola krzr k1 imei unlocking  krzr k1 subsidy codes.url
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\avsvideoconverter4.exe
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\tracked_by_h33t_com.txt
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\crack\avsvideoconverter4.exe
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\crack\capturewizard.exe
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\crack\licence.reg
    c:\documents and settings\owner\my documents\books\locks, picks, safes, alarms and more\cracking 1988-1990 master locks.doc
    c:\documents and settings\owner\my documents\books\locks, picks, safes, alarms and more\safecracking for the computer scientist.pdf
    c:\documents and settings\owner\my documents\books\locks, picks, safes, alarms and more\techniques of safecracking - wayne yeager - loompanics.pdf
    c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno.swf
    c:\program files\partygaming\partycasino\language\en_us\images\flashlobby\lobby\safecrackerkeno_popup.swf
    scanner sequence 3.ZZ.11.QSNAQZ
     ----- EOF -----

     

    All of the above can be trashed as it was only kept as interesting reading but interest in it has waned. Can I just delete the whole folder from faves or is it something you need to handle? Thanks Bud.
     


    Edited by selectrick, 22 January 2014 - 06:52 PM.


    #14 Bud_91

    Bud_91

    • Malware Response Team
    • 438 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:39 PM

    Posted 23 January 2014 - 10:08 AM

    At Bleeping Computer, we don't support piracy, cracks, or keygens. As well as being illegal, these items will keep your computer from ever being truly secure and clean. If you are willing to remove these things as you mentioned, then I will be willing to continue helping you.

     

    The .urls and documents are up to you whether to keep or delete, but these need to go:

     

     

     

    c:\documents and settings\owner\favorites\computer stuff\virus removal help\avg pc tuneup pro 2013 12.0.4000.108  full free serial key, crack, keygen & patch - serial key.url
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\avsvideoconverter4.exe
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\tracked_by_h33t_com.txt
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\crack\avsvideoconverter4.exe
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\crack\capturewizard.exe
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]\crack\licence.reg
    c:\documents and settings\owner\my documents\avs video converter v4.3.1.371 + crack [h33t][thecliffhanger]

     

    You can delete them yourself or I can script them out. Let me know what you decide.


    If I have not responded to your log in 36 hours, feel free to send me a PM.

    If you would like to make a thank-you donation, please click here: btn_donate_SM.png

     

    A.K.A. Buddierdl @ GeeksToGo.com


    #15 selectrick

    selectrick
    • Topic Starter

    • Members
    • 48 posts
    • OFFLINE
    •  
    • Gender:Male
    • Local time:10:39 PM

    Posted 23 January 2014 - 03:32 PM

    Please delete all of it as you see fit as I probably wouldn't be able to locate them all anyway. Thank you very much. This stuff is mostly very old and I have come to learn that they can be the source of some problems so I will be sure to avoid any such stuff in future. I'm going to delete the faves folder but as for the stuff in documents , I tried to delete folder: AVS video.....   and was unable, said it was being used by another program. Thanks again Bud.

     

    P.S. Took a stab at it and removed some stuff but not sure if all is gone. Deleted the individual parts of above mentioned folder and it seemed to work..There is a backup file on E drive so I'm not sure how that plays out. Thanks again.


    Edited by selectrick, 24 January 2014 - 12:00 AM.





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users