Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

cascading new windows opening virus? [Solved]


  • This topic is locked This topic is locked

#1
Gmr

Gmr

    Member

  • Member
  • PipPip
  • 94 posts
In windows I get new pages opening. they say things like Instant Checkmate, Congratulations, Survey. They have web addresses like: nym1.ib.adnxs.com
These new pages cascade across the top of my computer relentlessly. please help. and thank you.!
Below is the OTL copy and paste:


OTL logfile created on: 9/30/2013 2:47:01 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Gary\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.58% Memory free
3.84 Gb Paging File | 3.27 Gb Available in Paging File | 85.01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 235.62 Gb Total Space | 179.16 Gb Free Space | 76.04% Space Free | Partition Type: NTFS

Computer Name: GARY-0587134ADE | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/30 14:46:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Gary\My Documents\Downloads\OTL.scr
PRC - [2013/09/17 16:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) -- C:\Program Files\webmakerplus\webmakerplus.exe
PRC - [2013/09/03 17:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Documents and Settings\Gary\Application Data\Search Protection\SearchProtection.exe
PRC - [2013/08/28 06:39:45 | 000,164,816 | ---- | M] (APN LLC.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2013/08/28 06:39:37 | 001,601,488 | ---- | M] (APN) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/18 00:00:01 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/01/17 11:07:58 | 000,505,736 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/19 13:17:24 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008/08/21 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/08/21 08:00:00 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
PRC - [2001/03/02 22:26:26 | 000,007,680 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/30 13:34:50 | 000,065,536 | ---- | M] () -- C:\Program Files\webmakerplus\wmpl.dll
MOD - [2013/09/14 14:37:52 | 016,177,544 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/08/30 07:11:26 | 000,455,168 | ---- | M] () -- C:\Program Files\webmakerplus\sqlite3.dll
MOD - [2012/05/30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/03/18 00:00:00 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/07/13 17:37:04 | 000,152,112 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MOD - [2009/07/13 17:37:04 | 000,098,304 | ---- | M] () -- C:\Program Files\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll
MOD - [2001/03/02 22:26:26 | 000,007,680 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2013/09/17 16:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) [On_Demand | Running] -- C:\Program Files\webmakerplus\webmakerplus.exe -- (webmakerplus)
SRV - [2013/09/14 14:37:53 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/08/28 06:39:45 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2012/06/14 11:37:10 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2002/09/20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\02.tmp -- (yywpfqv)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Gary\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,025,392 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/07/25 01:18:32 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/06/06 09:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\${ChromeSearchCLSID}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://search.yahoo....q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=714647&p="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\All Users\Application DataMozilla\Extensions\[email protected] [2011/06/03 16:57:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007\install.rdf
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/27 20:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/09/14 09:08:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007

[2010/10/15 06:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions
[2010/10/15 06:35:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Extensions\[email protected]
[2013/09/29 13:40:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions
[2011/05/02 20:28:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/09/29 13:40:02 | 000,000,000 | ---D | M] (ShoppingChip) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\[email protected]
[2012/06/16 07:42:40 | 000,000,000 | ---D | M] (Yahoo! Axis for Firefox) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\jid1-vfCLiWMJHrGCNw@jetpack
[2013/09/16 18:32:55 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\searchplugins\yahoo.xml
[2012/01/08 17:55:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/18 00:00:02 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/20 11:57:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/20 11:57:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/05/21 22:43:09 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\Winampa.exe ()
O4 - HKCU..\Run: [SearchProtection] C:\Documents and Settings\Gary\Application Data\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O4 - Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)
O15 - HKCU\..Trusted Domains: amstock.com ([www] https in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1337646977968 (MUWebControl Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CE833D9-371C-4C19-B7D7-EDCA2B107FCE}: DhcpNameServer = 172.27.35.1
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gary\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/10/09 16:12:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/30 14:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\MyTurboPC.com
[2013/09/30 14:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\DriverCure
[2013/09/30 14:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MyTurboPC.com
[2013/09/29 12:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ShoppingChip
[2013/09/29 12:58:03 | 000,364,544 | ---- | C] (Sweesh LTD) -- C:\WINDOWS\System32\webmakerplus.dll
[2013/09/29 12:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\webmakerplus
[2013/09/29 12:56:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\Video Media Download
[2013/09/29 12:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Application Data\52485ba8160ba0b57000bfbd
[2013/09/20 21:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2013/09/20 21:31:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Local Settings\Application Data\EZ CD Audio Converter
[2013/09/20 21:31:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EZ CD Audio Converter
[2013/09/20 21:31:07 | 000,000,000 | ---D | C] -- C:\Program Files\EZ CD Audio Converter
[2013/09/20 21:31:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EZ CD Audio Converter
[2013/09/14 19:20:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gary\Desktop\Doors
[2013/09/14 09:14:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Hewlett-Packard
[2013/03/29 20:07:46 | 000,882,520 | ---- | C] (BitTorrent Inc.) -- C:\Program Files\BitTorrent.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/30 14:50:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/09/30 14:28:37 | 000,506,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/09/30 14:28:37 | 000,090,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/09/30 14:25:06 | 000,007,168 | ---- | M] () -- C:\msg.db
[2013/09/30 14:24:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/30 14:24:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/30 14:00:01 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/09/30 13:55:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/29 17:13:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/09/29 10:07:42 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2013/09/27 08:09:46 | 000,260,995 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\d2 tablet reciept.jpg
[2013/09/20 21:31:12 | 000,001,633 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EZ CD Audio Converter.lnk
[2013/09/20 20:40:00 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/09/17 16:41:42 | 000,364,544 | ---- | M] (Sweesh LTD) -- C:\WINDOWS\System32\webmakerplus.dll
[2013/09/16 17:36:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/09/14 19:19:40 | 000,186,608 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/14 16:57:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/14 14:37:53 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/14 14:37:53 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/08 17:37:20 | 004,320,054 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Book media today matt.bmp
[2013/09/07 10:10:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/09/07 10:09:27 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Gary\Desktop\Microsoft Word.lnk
[2013/09/02 17:25:21 | 000,001,861 | ---- | M] () -- C:\Documents and Settings\Gary\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/30 07:27:50 | 000,007,168 | ---- | C] () -- C:\msg.db
[2013/09/27 08:02:25 | 000,260,995 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\d2 tablet reciept.jpg
[2013/09/20 21:31:12 | 000,001,639 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\EZ CD Audio Converter.lnk
[2013/09/20 21:31:12 | 000,001,633 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EZ CD Audio Converter.lnk
[2013/09/08 17:34:35 | 004,320,054 | ---- | C] () -- C:\Documents and Settings\Gary\Desktop\Book media today matt.bmp
[2013/07/31 00:22:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/17 20:15:48 | 000,153,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-725345543-57989841-1644491937-1004-0.dat
[2013/07/16 23:13:01 | 000,153,398 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/06/01 17:10:09 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2013/05/15 19:23:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2013/03/31 13:07:46 | 000,000,143 | ---- | C] () -- C:\Documents and Settings\Gary\default.pls
[2013/02/09 00:38:18 | 000,000,237 | ---- | C] () -- C:\Documents and Settings\Gary\Application Data\mbam.context.scan
[2012/10/25 17:55:24 | 000,008,832 | ---- | C] () -- C:\WINDOWS\System32\bidmoNd.dat
[2012/09/11 18:17:24 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2012/08/12 19:17:35 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/20 13:37:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/17 21:01:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\is2w0jpe.default.dat
[2012/05/13 09:22:50 | 003,407,872 | ---- | C] () -- C:\Documents and Settings\Gary\ntuser.bak
[2012/03/26 21:57:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\v6bq9mwd.default.dat
[2011/07/07 20:37:17 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2011/04/23 11:34:48 | 000,031,744 | ---- | C] () -- C:\Documents and Settings\Gary\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/14 19:52:59 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

========== ZeroAccess Check ==========

[2011/01/31 21:05:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013/08/01 00:17:51 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/08/21 08:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7908F7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6971CCC5

< End of report >
  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am going over your logs and should have a fix soon. Did you install/use something called WebMaker Plus?
  • 0

#3
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Thank you for helping me! I did not install WebMaker Plus.
  • 0

#4
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi gmr,


Please note that a keylogger has been found on your PC. If you use it for online baking, you should change your passwords to those websites as well as any others that have sensitive information.

You have the following Peer-to-Peer program(s) installed:

uTorrent

GeeksToGo does not recommend using such programs, but you should read the description of Peer-to-Peer programs below before deciding for yourself.

Description of Peer-to-Peer (P2P) software.
P2P(Peer-to-Peer) may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. The program(s) may be safe, but there's no way to tell if the file being shared is infected. P2P programs, more often than not, install adware and/or spyware and worse still, some worms spread via P2P networks, infecting you as well.
Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.We advise removing any P2P programs you have now and avoiding this type of software application. Whether you remove them or not is your decision. But if you decide to keep and use Peer-to-Peer programs I can guarantee that you will be coming back to this forum or another malware forum. If you do choose to keep the program(s), please do not use it / them until the computer is clean and I give the all clear.

Let's get started.

Step 1: Run OTL fix.

Please be aware that this fix will delete your temporary files. If the virus has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    MOD - [2013/09/30 13:34:50 | 000,065,536 | ---- | M] () -- C:\Program Files\webmakerplus\wmpl.dll
    MOD - [2013/08/30 07:11:26 | 000,455,168 | ---- | M] () -- C:\Program Files\webmakerplus\sqlite3.dll
    
    SRV - [2013/09/17 16:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) [On_Demand | Running] -- C:\Program Files\webmakerplus\webmakerplus.exe -- (webmakerplus)
    SRV - [2013/08/28 06:39:45 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
    
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\02.tmp -- (yywpfqv)
    
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007\install.rdf
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007
    [2013/09/29 13:40:02 | 000,000,000 | ---D | M] (ShoppingChip) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\[email protected]
    
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    
    O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [NWEReboot] File not found
    O4 - HKCU..\Run: [SearchProtection] C:\Documents and Settings\Gary\Application Data\Search Protection\SearchProtection.EXE (Spigot, Inc.)
    
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)
    
    [2013/09/29 12:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ShoppingChip
    [2013/09/29 12:58:03 | 000,364,544 | ---- | C] (Sweesh LTD) -- C:\WINDOWS\System32\webmakerplus.dll
    [2013/09/29 12:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\webmakerplus
    [2013/09/17 16:41:42 | 000,364,544 | ---- | M] (Sweesh LTD) -- C:\WINDOWS\System32\webmakerplus.dll
    
    @Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7908F7
    @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6971CCC5
    
    :Files
    C:\WINDOWS\system32\11007
    C:\WINDOWS\tasks\At*.job
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply.

Step 2: Run JRT.


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • OTL fix log
  • JRT log
  • aswMBR log
  • How is your computer running now?

  • 0

#5
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
OTL

========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret <MOD - [2013/09/30 13:34:50 | 000,065,536 | ---- | M] () -- C:\Program Files\webmakerplus\wmpl.dll> in the current context!
Error: Unable to interpret <MOD - [2013/08/30 07:11:26 | 000,455,168 | ---- | M] () -- C:\Program Files\webmakerplus\sqlite3.dll> in the current context!
Error: Unable to interpret <SRV - [2013/09/17 16:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) [On_Demand | Running] -- C:\Program Files\webmakerplus\webmakerplus.exe -- (webmakerplus)> in the current context!
Error: Unable to interpret <SRV - [2013/08/28 06:39:45 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)> in the current context!
Error: Unable to interpret <DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\02.tmp -- (yywpfqv)> in the current context!
Error: Unable to interpret <FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007\install.rdf> in the current context!
Error: Unable to interpret <FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007> in the current context!
Error: Unable to interpret <[2013/09/29 13:40:02 | 000,000,000 | ---D | M] (ShoppingChip) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\[email protected]> in the current context!
Error: Unable to interpret <O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NWEReboot] File not found> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [SearchProtection] C:\Documents and Settings\Gary\Application Data\Search Protection\SearchProtection.EXE (Spigot, Inc.)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)> in the current context!
Error: Unable to interpret <O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)> in the current context!
Error: Unable to interpret <[2013/09/29 12:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ShoppingChip> in the current context!
Error: Unable to interpret <[2013/09/29 12:58:03 | 000,364,544 | ---- | C] (Sweesh LTD) -- C:\WINDOWS\System32\webmakerplus.dll> in the current context!
Error: Unable to interpret <[2013/09/29 12:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\webmakerplus> in the current context!
Error: Unable to interpret <[2013/09/17 16:41:42 | 000,364,544 | ---- | M] (Sweesh LTD) -- C:\WINDOWS\System32\webmakerplus.dll> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7908F7> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6971CCC5> in the current context!
========== FILES ==========
File\Folder C:\WINDOWS\system32\11007 not found.
File\Folder C:\WINDOWS\tasks\At*.job not found.

OTL by OldTimer - Version 3.2.69.0 log created on 09302013_204750




JRT


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.3 (09.27.2013:1)
OS: Microsoft Windows XP x86
Ran by Gary on Mon 09/30/2013 at 20:37:13.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] APNMCP
Successfully deleted: [Service] APNMCP



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\searchprotection
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\askpartnernetwork"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"



~~~ Files

Successfully deleted: [File] "C:\WINDOWS\system32\roboot.exe"
Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\apn"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\freerip"
Successfully deleted: [Folder] "C:\Documents and Settings\Gary\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Gary\Application Data\search protection"
Successfully deleted: [Folder] "C:\Documents and Settings\Gary\Application Data\superfish"
Successfully deleted: [Folder] "C:\Documents and Settings\Gary\Application Data\systweak"
Successfully deleted: [Folder] "C:\Program Files\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Program Files\freerip3"
Successfully deleted: [Folder] "C:\Program Files\superfish"
Successfully deleted: [Folder] "C:\Program Files\ask.com"
Successfully deleted: [Folder] "C:\Program Files\askpartnernetwork"
Successfully deleted: [Folder] "C:\Documents and Settings\Gary\local settings\application data\asktoolbar"
Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Gary\Application Data\mozilla\firefox\profiles\v6bq9mwd.default\invalidprefs.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184aa5e6-741d-464a-820e-94b3abc2f3b4}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{184aa5e6-741d-464a-820e-94b3abc2f3b4}
Emptied folder: C:\Documents and Settings\Gary\Application Data\mozilla\firefox\profiles\v6bq9mwd.default\minidumps [2 files]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/30/2013 at 20:42:35.93
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


aswMBR



aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-30 20:52:13
-----------------------------
20:52:13.484 OS Version: Windows 5.1.2600 Service Pack 3
20:52:13.484 Number of processors: 2 586 0x403
20:52:13.484 ComputerName: GARY-0587134ADE UserName: Gary
20:52:13.984 Initialize success
20:52:31.546 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
20:52:31.546 Disk 0 Vendor: ST3500820AS SD1A Size: 476940MB BusType: 3
20:52:31.625 Disk 0 MBR read successfully
20:52:31.625 Disk 0 MBR scan
20:52:31.625 Disk 0 unknown MBR code
20:52:31.640 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 241272 MB offset 63
20:52:31.640 Disk 0 Partition - 00 05 Extended 235667 MB offset 494127102
20:52:31.656 Disk 0 Partition 2 00 83 Linux 229793 MB offset 494127104
20:52:31.656 Disk 0 Partition - 00 05 Extended 5874 MB offset 964743168
20:52:31.671 Disk 0 scanning sectors +976773120
20:52:31.734 Disk 0 scanning C:\WINDOWS\system32\drivers
20:52:36.062 Service scanning
20:52:43.578 Modules scanning
20:52:47.406 Disk 0 trace - called modules:
20:52:47.421 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
20:52:47.421 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a695ab8]
20:52:47.421 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\0000005f[0x8a703510]
20:52:47.421 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8a66d940]
20:52:47.421 Scan finished successfully
20:52:55.515 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Gary\Desktop\MBR.dat"
20:52:55.515 The log file has been saved successfully to "C:\Documents and Settings\Gary\Desktop\aswMBR.txt"
  • 0

#6
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I made a little mistake in my fix. Could you please run this new fix with OTL? Also, do you have a dual-boot Linux OS on your computer?

:Commands
[createrestorepoint]


:OTL
MOD - [2013/09/30 13:34:50 | 000,065,536 | ---- | M] () -- C:\Program Files\webmakerplus\wmpl.dll
MOD - [2013/08/30 07:11:26 | 000,455,168 | ---- | M] () -- C:\Program Files\webmakerplus\sqlite3.dll

SRV - [2013/09/17 16:29:24 | 004,153,344 | ---- | M] (webmakerplus LTD) [On_Demand | Running] -- C:\Program Files\webmakerplus\webmakerplus.exe -- (webmakerplus)
SRV - [2013/08/28 06:39:45 | 000,164,816 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\02.tmp -- (yywpfqv)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007\install.rdf
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\WINDOWS\system32\11007
[2013/09/29 13:40:02 | 000,000,000 | ---D | M] (ShoppingChip) -- C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\[email protected]

O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKCU..\Run: [SearchProtection] C:\Documents and Settings\Gary\Application Data\Search Protection\SearchProtection.EXE (Spigot, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\webmakerplus.dll (Sweesh LTD)

[2013/09/29 12:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ShoppingChip
[2013/09/29 12:58:03 | 000,364,544 | ---- | C] (Sweesh LTD) -- C:\WINDOWS\System32\webmakerplus.dll
[2013/09/29 12:58:00 | 000,000,000 | ---D | C] -- C:\Program Files\webmakerplus
[2013/09/17 16:41:42 | 000,364,544 | ---- | M] (Sweesh LTD) -- C:\WINDOWS\System32\webmakerplus.dll

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7908F7
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6971CCC5

:Files
C:\WINDOWS\system32\11007
C:\WINDOWS\tasks\At*.job

  • 0

#7
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Yes I do have a dual boot OS for Linux.

Here is the results from the new instruction for OTL. As per previous instructions I did not run the 'Fix'.


========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Releasing module C:\Program Files\webmakerplus\wmpl.dll
C:\Program Files\webmakerplus\wmpl.dll moved successfully.
Releasing module C:\Program Files\webmakerplus\sqlite3.dll
C:\Program Files\webmakerplus\sqlite3.dll moved successfully.
Service webmakerplus stopped successfully!
Service webmakerplus deleted successfully!
C:\Program Files\webmakerplus\webmakerplus.exe moved successfully.
Error: No service named APNMCP was found to stop!
Service\Driver key APNMCP not found.
File C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe not found.
Service yywpfqv stopped successfully!
Service yywpfqv deleted successfully!
File C:\WINDOWS\system32\02.tmp not found.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found.
File C:\WINDOWS\system32\11007\install.rdf not found.
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}\ not found.
File C:\WINDOWS\system32\11007 not found.
C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\[email protected]\content folder moved successfully.
C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\[email protected] folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon not found.
File C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection not found.
File C:\Documents and Settings\Gary\Application Data\Search Protection\SearchProtection.EXE not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
C:\WINDOWS\system32\webmakerplus.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
File C:\WINDOWS\System32\webmakerplus.dll not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016\ deleted successfully.
File C:\WINDOWS\System32\webmakerplus.dll not found.
C:\Documents and Settings\All Users\Application Data\ShoppingChip folder moved successfully.
File C:\WINDOWS\System32\webmakerplus.dll not found.
C:\Program Files\webmakerplus folder moved successfully.
File C:\WINDOWS\System32\webmakerplus.dll not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:3E7908F7 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:6971CCC5 deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\11007 not found.
File\Folder C:\WINDOWS\tasks\At*.job not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.69.0 log created on 10012013_171510
  • 0

#8
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay. I need to look at another scan.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#9
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
i am here! i did not go away. worked late 2 days in a row. too tired to run this now. almost 11:30pm. been working since 6am...
i will run it tomorrow...
  • 0

#10
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Below are the results of the Farbar scan 32bit. {Frst & Addition}

Earlier you mentioned that there was a keylogger installed on my computer. is it gone now?
I have begun changing logon ino... Thanks for alerting me to that!



Frst.txt


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-10-2013
Ran by Gary (administrator) on GARY-0587134ADE on 04-10-2013 05:48:45
Running from C:\Documents and Settings\Gary\My Documents\Downloads
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
() C:\Program Files\Winamp\Winampa.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Cisco Systems, Inc.) C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
(Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe
(Sony Corporation) C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [WinampAgent] - C:\Program Files\Winamp\Winampa.exe [7680 2001-03-02] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [nmctxth] - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe [647216 2009-07-07] (Cisco Systems, Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Run: [Conime] - C:\Windows\system32\conime.exe [27648 2008-08-21] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 0
HKU\Alice\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
HKU\Matt\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
HKU\Matt\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation)
HKU\Matt\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2006-06-01] (Nero AG)
HKU\Matt\...\Run: [DW7] - C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe [ 2013-07-16] (The Weather Channel)
HKU\Nick\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [ 2013-05-01] (Apple Inc.)
HKU\Nick\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [ 2006-06-01] (Nero AG)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()
Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\Event Reminder.lnk
ShortcutTarget: Event Reminder.lnk -> C:\pmw\PMREMIND.EXE ()
Startup: C:\Documents and Settings\Gary\Start Menu\Programs\Startup\PMB Media Check Tool.lnk
ShortcutTarget: PMB Media Check Tool.lnk -> C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
Startup: C:\Documents and Settings\Nick\Start Menu\Programs\Startup\FrostWire On Startup.lnk
ShortcutTarget: FrostWire On Startup.lnk -> C:\Program Files\FrostWire\FrostWire.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL =
SearchScopes: HKCU - ${ChromeSearchCLSID} URL = http://search.yahoo....q={searchTerms}
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.27.35.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: www.yahoo.com
FF Keyword.URL: hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Yahoo! Axis for Firefox - C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\Extensions\jid1-vfCLiWMJHrGCNw@jetpack
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

========================== Services (Whitelisted) =================

R2 nmservice; C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe [647216 2009-07-07] (Cisco Systems, Inc.)
S2 nywuko; C:\Windows\system32\svchost.exe [14336 2008-08-21] (Microsoft Corporation)
R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-20] (Analog Devices, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R1 ASPI32; C:\Windows\System32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [176640 2008-07-25] (Broadcom Corporation)
S3 Blfp; C:\Windows\System32\DRIVERS\baspxp32.sys [98816 2008-06-06] (Broadcom Corporation)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R2 pnarp; C:\Windows\System32\DRIVERS\pnarp.sys [25392 2009-07-07] (Cisco Systems, Inc.)
R2 purendis; C:\Windows\System32\DRIVERS\purendis.sys [26672 2009-07-07] (Cisco Systems, Inc.)
S3 catchme; \??\C:\DOCUME~1\Gary\LOCALS~1\Temp\catchme.sys [x]
U5 P3; C:\Windows\System32\Drivers\P3.sys [42752 2008-08-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

NETSVC: nywuko -> No Registry Path.

==================== One Month Created Files and Folders ========

2013-10-04 05:48 - 2013-10-04 05:48 - 00000000 ____D C:\FRST
2013-10-01 17:20 - 2013-10-01 17:21 - 00000000 ____D C:\Documents and Settings\Gary\Desktop\OTL saved
2013-09-30 20:52 - 2013-09-30 20:52 - 00001867 _____ C:\Documents and Settings\Gary\Desktop\aswMBR.txt
2013-09-30 20:51 - 2013-09-30 20:51 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Gary\Desktop\aswmbr.exe
2013-09-30 20:47 - 2013-09-30 20:47 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Gary\Desktop\OTL(2).scr
2013-09-30 20:42 - 2013-09-30 20:42 - 00006204 _____ C:\Documents and Settings\Gary\Desktop\JRT.txt
2013-09-30 20:37 - 2013-09-30 20:37 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-30 20:36 - 2013-09-30 20:36 - 01030305 _____ (Thisisu) C:\Documents and Settings\Gary\Desktop\JRT.exe
2013-09-30 20:19 - 2013-09-30 20:19 - 00000000 _____ C:\WINDOWS\system32\updD.tmp
2013-09-30 15:37 - 2013-09-30 15:37 - 00000000 _____ C:\WINDOWS\system32\updF.tmp
2013-09-30 15:37 - 2013-09-30 15:37 - 00000000 _____ C:\WINDOWS\system32\updE.tmp
2013-09-30 15:36 - 2013-09-30 15:36 - 00000000 _____ C:\WINDOWS\system32\updC.tmp
2013-09-30 14:37 - 2013-09-30 14:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MyTurboPC.com
2013-09-30 14:37 - 2013-09-30 14:37 - 00000000 ____D C:\Documents and Settings\Gary\Application Data\MyTurboPC.com
2013-09-30 13:34 - 2013-09-30 13:34 - 00000000 _____ C:\WINDOWS\system32\upd4.tmp
2013-09-30 12:18 - 2013-09-30 12:18 - 00000000 _____ C:\WINDOWS\system32\updB.tmp
2013-09-30 12:18 - 2013-09-30 12:18 - 00000000 _____ C:\WINDOWS\system32\updA.tmp
2013-09-30 12:17 - 2013-09-30 12:17 - 00000000 _____ C:\WINDOWS\system32\upd9.tmp
2013-09-30 07:27 - 2013-10-01 17:10 - 00009216 _____ C:\msg.db
2013-09-30 07:27 - 2013-09-30 07:27 - 00000000 _____ C:\WINDOWS\system32\upd8.tmp
2013-09-29 19:43 - 2013-09-29 19:43 - 00000000 _____ C:\WINDOWS\system32\upd3.tmp
2013-09-29 12:58 - 2013-09-29 12:58 - 00000000 _____ C:\WINDOWS\system32\upd145.tmp
2013-09-29 12:58 - 2013-09-29 12:58 - 00000000 _____ C:\WINDOWS\system32\upd144.tmp
2013-09-29 12:56 - 2013-09-30 12:32 - 00000000 ____D C:\Documents and Settings\Gary\Application Data\52485ba8160ba0b57000bfbd
2013-09-29 12:56 - 2013-09-29 12:56 - 00000000 ____D C:\Documents and Settings\Gary\Application Data\Video Media Download
2013-09-28 23:14 - 2013-09-28 23:14 - 00000000 ____D C:\Documents and Settings\Nick\Application Data\HpUpdate
2013-09-22 11:53 - 2013-09-22 11:55 - 00000000 ____D C:\Documents and Settings\Nick\Desktop\NWTS
2013-09-20 21:31 - 2013-09-20 21:39 - 00000000 ____D C:\Documents and Settings\Gary\Local Settings\Application Data\EZ CD Audio Converter
2013-09-20 21:31 - 2013-09-20 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2870699$
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-14 09:35 - 2013-09-14 16:57 - 00013947 _____ C:\WINDOWS\KB2870699.log
2013-09-14 09:35 - 2013-09-14 16:57 - 00010423 _____ C:\WINDOWS\KB2876315.log
2013-09-14 09:35 - 2013-09-14 16:57 - 00009790 _____ C:\WINDOWS\KB2876217.log
2013-09-14 09:35 - 2013-09-14 16:57 - 00008847 _____ C:\WINDOWS\KB2864063.log
2013-09-14 09:14 - 2013-09-14 09:14 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2013-09-08 17:34 - 2013-09-08 17:37 - 04320054 _____ C:\Documents and Settings\Gary\Desktop\Book media today matt.bmp

==================== One Month Modified Files and Folders =======

2013-10-04 05:48 - 2013-10-04 05:48 - 00000000 ____D C:\FRST
2013-10-04 05:45 - 2010-10-09 16:10 - 01716007 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-04 05:45 - 2010-10-09 12:00 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-04 05:45 - 2008-08-21 08:00 - 00013646 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-04 05:44 - 2010-10-09 16:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-04 05:44 - 2010-10-09 12:00 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-10-03 23:31 - 2010-10-09 16:29 - 00000178 ___SH C:\Documents and Settings\Gary\ntuser.ini
2013-10-03 23:31 - 2010-10-09 16:22 - 00032584 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-03 23:17 - 2010-10-09 11:58 - 00607962 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-02 01:42 - 2010-10-09 18:24 - 00000178 ___SH C:\Documents and Settings\Nick\ntuser.ini
2013-10-02 00:55 - 2012-04-18 21:19 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-01 17:21 - 2013-10-01 17:20 - 00000000 ____D C:\Documents and Settings\Gary\Desktop\OTL saved
2013-10-01 17:10 - 2013-09-30 07:27 - 00009216 _____ C:\msg.db
2013-09-30 20:54 - 2013-03-31 13:07 - 00000096 _____ C:\Documents and Settings\Gary\default.pls
2013-09-30 20:54 - 2012-08-12 19:17 - 00000116 _____ C:\WINDOWS\NeroDigital.ini
2013-09-30 20:54 - 2010-10-09 16:29 - 00000000 ____D C:\Documents and Settings\Gary
2013-09-30 20:52 - 2013-09-30 20:52 - 00001867 _____ C:\Documents and Settings\Gary\Desktop\aswMBR.txt
2013-09-30 20:51 - 2013-09-30 20:51 - 04745728 _____ (AVAST Software) C:\Documents and Settings\Gary\Desktop\aswmbr.exe
2013-09-30 20:47 - 2013-09-30 20:47 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Gary\Desktop\OTL(2).scr
2013-09-30 20:42 - 2013-09-30 20:42 - 00006204 _____ C:\Documents and Settings\Gary\Desktop\JRT.txt
2013-09-30 20:37 - 2013-09-30 20:37 - 00000000 ____D C:\WINDOWS\ERUNT
2013-09-30 20:36 - 2013-09-30 20:36 - 01030305 _____ (Thisisu) C:\Documents and Settings\Gary\Desktop\JRT.exe
2013-09-30 20:19 - 2013-09-30 20:19 - 00000000 _____ C:\WINDOWS\system32\updD.tmp
2013-09-30 15:37 - 2013-09-30 15:37 - 00000000 _____ C:\WINDOWS\system32\updF.tmp
2013-09-30 15:37 - 2013-09-30 15:37 - 00000000 _____ C:\WINDOWS\system32\updE.tmp
2013-09-30 15:36 - 2013-09-30 15:36 - 00000000 _____ C:\WINDOWS\system32\updC.tmp
2013-09-30 14:44 - 2013-09-30 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MyTurboPC.com
2013-09-30 14:40 - 2010-10-10 19:22 - 00001599 _____ C:\Documents and Settings\Matt\Start Menu\Programs\Remote Assistance.lnk
2013-09-30 14:40 - 2010-10-09 18:24 - 00001599 _____ C:\Documents and Settings\Nick\Start Menu\Programs\Remote Assistance.lnk
2013-09-30 14:39 - 2011-03-12 19:22 - 00000889 _____ C:\Documents and Settings\Matt\Desktop\Shortcut to Best_Day_Ever-(DatPiff.com).lnk
2013-09-30 14:38 - 2010-10-09 16:29 - 00001599 _____ C:\Documents and Settings\Gary\Start Menu\Programs\Remote Assistance.lnk
2013-09-30 14:37 - 2013-09-30 14:37 - 00000000 ____D C:\Documents and Settings\Gary\Application Data\MyTurboPC.com
2013-09-30 14:37 - 2010-10-21 10:24 - 00001599 _____ C:\Documents and Settings\Alice\Start Menu\Programs\Remote Assistance.lnk
2013-09-30 14:37 - 2010-10-09 16:12 - 00001607 _____ C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2013-09-30 14:37 - 2010-10-09 16:12 - 00001599 _____ C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2013-09-30 14:24 - 2010-12-11 17:59 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB981957$
2013-09-30 13:34 - 2013-09-30 13:34 - 00000000 _____ C:\WINDOWS\system32\upd4.tmp
2013-09-30 12:33 - 2010-10-09 11:51 - 00000000 ____D C:\WINDOWS\security
2013-09-30 12:32 - 2013-09-29 12:56 - 00000000 ____D C:\Documents and Settings\Gary\Application Data\52485ba8160ba0b57000bfbd
2013-09-30 12:18 - 2013-09-30 12:18 - 00000000 _____ C:\WINDOWS\system32\updB.tmp
2013-09-30 12:18 - 2013-09-30 12:18 - 00000000 _____ C:\WINDOWS\system32\updA.tmp
2013-09-30 12:17 - 2013-09-30 12:17 - 00000000 _____ C:\WINDOWS\system32\upd9.tmp
2013-09-30 07:27 - 2013-09-30 07:27 - 00000000 _____ C:\WINDOWS\system32\upd8.tmp
2013-09-29 19:43 - 2013-09-29 19:43 - 00000000 _____ C:\WINDOWS\system32\upd3.tmp
2013-09-29 12:58 - 2013-09-29 12:58 - 00000000 _____ C:\WINDOWS\system32\upd145.tmp
2013-09-29 12:58 - 2013-09-29 12:58 - 00000000 _____ C:\WINDOWS\system32\upd144.tmp
2013-09-29 12:56 - 2013-09-29 12:56 - 00000000 ____D C:\Documents and Settings\Gary\Application Data\Video Media Download
2013-09-29 12:56 - 2010-10-13 19:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-09-29 10:07 - 2011-07-11 11:35 - 00000095 _____ C:\WINDOWS\winamp.ini
2013-09-28 23:14 - 2013-09-28 23:14 - 00000000 ____D C:\Documents and Settings\Nick\Application Data\HpUpdate
2013-09-22 16:03 - 2010-10-13 20:20 - 00000000 ___RD C:\Documents and Settings\Gary\Desktop\gr stuff
2013-09-22 12:16 - 2013-02-26 16:08 - 00000000 ____D C:\Documents and Settings\Nick\Application Data\BitTorrent
2013-09-22 11:55 - 2013-09-22 11:53 - 00000000 ____D C:\Documents and Settings\Nick\Desktop\NWTS
2013-09-21 22:34 - 2013-06-01 17:13 - 00000000 ____D C:\Documents and Settings\Gary\Application Data\HpUpdate
2013-09-20 21:39 - 2013-09-20 21:31 - 00000000 ____D C:\Documents and Settings\Gary\Local Settings\Application Data\EZ CD Audio Converter
2013-09-20 21:31 - 2013-09-20 21:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Licenses
2013-09-20 20:16 - 2012-09-23 07:03 - 00000000 ____D C:\Documents and Settings\Gary\Application Data\vlc
2013-09-15 18:17 - 2012-05-19 12:48 - 00138789 _____ C:\WINDOWS\setupapi.log
2013-09-14 19:19 - 2010-10-09 11:56 - 00186608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876315$
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876217$
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2870699$
2013-09-14 16:57 - 2013-09-14 16:57 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2864063$
2013-09-14 16:57 - 2013-09-14 09:35 - 00013947 _____ C:\WINDOWS\KB2870699.log
2013-09-14 16:57 - 2013-09-14 09:35 - 00010423 _____ C:\WINDOWS\KB2876315.log
2013-09-14 16:57 - 2013-09-14 09:35 - 00009790 _____ C:\WINDOWS\KB2876217.log
2013-09-14 16:57 - 2013-09-14 09:35 - 00008847 _____ C:\WINDOWS\KB2864063.log
2013-09-14 16:57 - 2012-05-21 00:35 - 00038448 _____ C:\WINDOWS\updspapi.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00740149 _____ C:\WINDOWS\iis6.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00686269 _____ C:\WINDOWS\FaxSetup.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00328116 _____ C:\WINDOWS\ocgen.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00313131 _____ C:\WINDOWS\tsoc.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00227584 _____ C:\WINDOWS\comsetup.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00208900 _____ C:\WINDOWS\msmqinst.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00138112 _____ C:\WINDOWS\ntdtcsetup.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00120213 _____ C:\WINDOWS\netfxocm.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00047175 _____ C:\WINDOWS\MedCtrOC.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00037962 _____ C:\WINDOWS\ocmsn.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00034521 _____ C:\WINDOWS\tabletoc.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00034299 _____ C:\WINDOWS\msgsocm.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00001374 _____ C:\WINDOWS\imsins.log
2013-09-14 16:57 - 2012-05-21 00:34 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-09-14 16:56 - 2013-08-16 19:50 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-09-14 16:54 - 2011-01-16 19:58 - 76725432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-09-14 14:37 - 2012-04-18 21:19 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-14 14:37 - 2011-05-29 13:19 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-09-14 09:14 - 2013-09-14 09:14 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2013-09-14 09:14 - 2013-06-01 17:12 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HP
2013-09-14 09:08 - 2011-06-20 13:05 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2013-09-08 17:37 - 2013-09-08 17:34 - 04320054 _____ C:\Documents and Settings\Gary\Desktop\Book media today matt.bmp
2013-09-07 10:09 - 2011-04-05 17:05 - 00002483 _____ C:\Documents and Settings\Gary\Desktop\Microsoft Word.lnk

Some content of TEMP:
====================
C:\Documents and Settings\Gary\Local Settings\Temp\294823_.exe
C:\Documents and Settings\Gary\Local Settings\Temp\en_ww_Package.exe
C:\Documents and Settings\Gary\Local Settings\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe
C:\Documents and Settings\Gary\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\Gary\Local Settings\Temp\nerodeltmp.exe
C:\Documents and Settings\Gary\Local Settings\Temp\pnC6.exe
C:\Documents and Settings\Gary\Local Settings\Temp\SearchProtectionSetup.exe
C:\Documents and Settings\Gary\Local Settings\Temp\ShoppingChip.exe
C:\Documents and Settings\Gary\Local Settings\Temp\SpOrder.dll
C:\Documents and Settings\Gary\Local Settings\Temp\utt34.tmp.exe
C:\Documents and Settings\Gary\Local Settings\Temp\utt3D.tmp.exe
C:\Documents and Settings\Gary\Local Settings\Temp\vlc-2.0.7-win32.exe
C:\Documents and Settings\Matt\Local Settings\Temp\setup.exe
C:\Documents and Settings\Matt\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Matt\Local Settings\Temp\The_Weather_Channel_Application.exe
C:\Documents and Settings\Nick\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Nick\Local Settings\Temp\TsuB9AEDD91.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================





Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-10-2013
Ran by Gary at 2013-10-04 05:49:47
Running from C:\Documents and Settings\Gary\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe AIR (Version: 2.5.1.17730)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Reader X (10.1.8) (Version: 10.1.8)
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar Updater (HKCU Version: 1.2.2.23821)
BitTorrent (HKCU Version: 7.8.1.30016)
BitTorrent (Version: 7.8.0.29626)
Bonjour (Version: 3.0.0.10)
Broadcom Management Programs (Version: 11.67.01)
Broadcom NetXtreme Ethernet Controller (Version: 11.32.03)
Cisco Network Magic (Version: 5.5.09195.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ERUNT 1.1j
FileHippo.com Update Checker
FrostWire 5.6.3 (Version: 5.6.3.5)
Frostwire Toolbar (Version: 12.3.0.1019)
HP Deskjet 3510 series Basic Device Software (Version: 28.0.1315.0)
HP Deskjet 3510 series Help (Version: 28.0.0)
HP Deskjet 3510 series Product Improvement Study (Version: 28.0.1315.0)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photo Creations (Version: 1.0.0.7702)
HP Update (Version: 5.005.000.002)
HPDiagnosticAlert (Version: 1.00.0000)
HPDiagnosticCoreDll (Version: 1.0.16.0)
Intel® Graphics Media Accelerator Driver
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.1.6.0)
Java™ 6 Update 29 (Version: 6.0.290)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mjuice Components
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
Nero 7 Essentials (Version: 7.01.0875)
Network Magic (Version: 5.5.9195.0)
PreReq (Version: 6.2.4.0)
Primo (Version: 1.00.0000)
PrintMaster Gold 4.00
Pure Networks Platform (Version: 11.2.09195.1)
QuickTime (Version: 7.74.80.86)
Runtime (Version: 1.00.0000)
Search Protection (HKCU Version: 7.5.0.1)
ShoppingChip (Version: 1.2.0.1040)
Skype™ 5.0 (Version: 5.0.152)
Skype™ 5.10 (Version: 5.10.115)
Sony Picture Utility (Version: 4.2.00.15030)
SoundMAX (Version: 5.12.01.4070)
The Weather Channel App
Ubuntu (Version: 10.04-rev189)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VLC media player 2.0.3 (Version: 2.0.3)
WebFldrs XP (Version: 9.50.7523)
WebMakerPlus (Version: 1.2)
Winamp (remove only)
Window Shopper (Version: 01.02.0003)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Media Format Runtime

==================== Restore Points =========================

12-07-2013 01:52:09 Software Distribution Service 3.0
17-07-2013 01:10:44 Installed iTunes
19-07-2013 00:08:21 Software Distribution Service 3.0
20-07-2013 22:11:16 Software Distribution Service 3.0
26-07-2013 02:41:56 Software Distribution Service 3.0
16-08-2013 23:36:21 Software Distribution Service 3.0
26-08-2013 14:47:29 System Checkpoint
28-08-2013 03:32:13 Software Distribution Service 3.0
02-09-2013 21:42:14 Removed Nero 7 Essentials
07-09-2013 15:01:58 System Checkpoint
14-09-2013 19:40:08 System Checkpoint
14-09-2013 20:54:25 Software Distribution Service 3.0
26-09-2013 13:46:48 System Checkpoint
29-09-2013 03:31:08 System Checkpoint
01-10-2013 00:33:05 OTL Restore Point - 9/30/2013 8:33:01 PM
01-10-2013 00:48:04 OTL Restore Point - 9/30/2013 8:48:00 PM
01-10-2013 21:15:26 OTL Restore Point - 10/1/2013 5:15:20 PM

==================== Hosts content: ==========================

2008-08-21 08:00 - 2012-05-21 22:43 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00152112 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
2009-07-13 17:37 - 2009-07-13 17:37 - 00098304 _____ () C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
2011-05-06 12:46 - 2012-03-18 00:00 - 01969080 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-14 14:37 - 2013-09-14 14:37 - 16177544 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\webmakerplus => ""="service"

==================== Faulty Device Manager Devices =============

Name: Thomson USB CDC Device
Description: Thomson USB CDC Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (10/04/2013 05:45:11 AM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (10/04/2013 05:45:10 AM) (Source: Service Control Manager) (User: )
Description: The Driver Time service terminated with the following error:
%%2

Error: (10/03/2013 11:13:47 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (10/03/2013 11:13:47 PM) (Source: Service Control Manager) (User: )
Description: The Driver Time service terminated with the following error:
%%2

Error: (10/01/2013 11:22:59 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (10/01/2013 11:22:59 PM) (Source: Service Control Manager) (User: )
Description: The Driver Time service terminated with the following error:
%%2

Error: (10/01/2013 06:33:03 PM) (Source: Print) (User: NT AUTHORITY)
Description: Printer KodakESP5200+3567 failed to initialize because a suitable KODAK ESP 5200 Series AiO driver could not be found.

Error: (10/01/2013 06:33:02 PM) (Source: Service Control Manager) (User: )
Description: The Driver Time service terminated with the following error:
%%2

Error: (10/01/2013 05:49:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.

Error: (10/01/2013 05:48:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 2039.43 MB
Available physical RAM: 1483.65 MB
Total Pagefile: 3936.03 MB
Available Pagefile: 3568.55 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:235.62 GB) (Free:181 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: B77D5572)
Partition 1: (Active) - (Size=236 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=230 GB) - (Type=05)

==================== End Of Log ============================
  • 0

Advertisements


#11
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Sorry for the delay. We have a little more to clean up. I will try to get a fix for you soon.
  • 0

#12
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
ok. once again thanks for helping me.
  • 0

#13
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts

Earlier you mentioned that there was a keylogger installed on my computer. is it gone now?
I have begun changing logon ino... Thanks for alerting me to that!



We got rid of the file with our last fix, but we will run some more scans to make sure it is gone.


Please move FRST.exe to your desktop, and save the attached fixlist.txt to your desktop as well. Then run FRST again and this time select "Fix." Please post the resulting fixlog.txt.


Then,



Please download the latest version of TDSSKiller from here and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    Posted Image
  • Put a checkmark beside loaded modules.
    Posted Image
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    Posted Image
  • Click the Start Scan button.
    Posted Image
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    Posted Image
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Posted Image
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Attached Files


  • 0

#14
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I ran FRST and clicked 'fix' afterwards but it doesnt run. it say the fixlist.txt should be made and save in the same dir the tool is located. pgm and result file were both on my desktop! i even moved them both into a folder on my desktop. but it wouldnt run.
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
You had both frst.exe and fixlist.txt on your desktop?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP