Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unexpected pop ups [Solved]

Started by Chris - Thecleancar , Apr 21 2014 04:03 AM

  • This topic is locked This topic is locked

#1
Chris - Thecleancar
Posted 21 April 2014 - 04:03 AM

Chris - Thecleancar

    Member

  • Member
  • PipPipPip
  • 244 posts

Hi hope you can help me

 

I have started to see unexpected pop up windows in Firefox

I ran scans using AVG Malwarebytes and Spybot search and destroy and these found over a hundred 'pups' which the programs have deleted but the pop ups continue

I notice in the search box in firefox there is an icon i have not noticed before named 'conduit search'

I am running MS XP sp3 on a Dell dimension 8400

 

The problem seemed to start when I tried to view a live stream from Sky

 

My OTL log is attached could someone have a look and let me know if i have a problem and if so how to fix it

 

Thanks in advance

Chris

 

 

OTL logfile created on: 21/04/2014 10:42:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1.50 Gb Total Physical Memory | 0.71 Gb Available Physical Memory | 47.51% Memory free
2.48 Gb Paging File | 1.60 Gb Available in Paging File | 64.69% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.00 Gb Total Space | 87.54 Gb Free Space | 58.75% Space Free | Partition Type: NTFS
Drive D: | 980.72 Mb Total Space | 34.83 Mb Free Space | 3.55% Space Free | Partition Type: FAT
Drive E: | 29.87 Gb Total Space | 29.15 Gb Free Space | 97.61% Space Free | Partition Type: FAT32
 
Computer Name: DELLPC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/04/21 10:40:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
PRC - [2014/04/09 11:13:57 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014/03/26 21:38:28 | 002,544,664 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2014/03/26 21:38:26 | 001,771,032 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe
PRC - [2014/03/26 21:38:23 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
PRC - [2014/01/21 01:43:02 | 004,411,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/10/23 02:06:16 | 001,117,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/10/23 02:05:52 | 000,799,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2013/07/10 01:33:22 | 000,452,144 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2013/07/04 15:53:28 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/06/27 11:50:17 | 000,182,184 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/07/25 09:46:42 | 000,681,056 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe
PRC - [2012/07/14 16:59:59 | 000,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2012/07/10 12:43:00 | 000,145,936 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2012/07/10 12:42:59 | 000,159,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/01/12 16:05:00 | 000,185,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2011/01/12 16:05:00 | 000,161,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2011/01/12 16:05:00 | 000,075,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2011/01/12 08:08:00 | 000,215,360 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2011/01/12 08:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2011/01/12 08:08:00 | 000,033,648 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001/10/04 03:01:00 | 000,069,632 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_A10IC2.EXE
PRC - [2000/11/17 01:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/09 11:13:52 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/03/26 21:38:29 | 000,519,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\log4cplusU.dll
MOD - [2014/03/26 21:38:28 | 002,544,664 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2014/03/26 21:38:23 | 000,159,768 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\loggingserver.exe
MOD - [2014/03/16 09:46:03 | 016,276,872 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll
MOD - [2013/01/02 07:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/08/27 21:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 21:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/01/12 16:05:00 | 000,065,536 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
MOD - [2007/04/18 19:30:46 | 000,471,040 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\ccme_base.dll
MOD - [2007/04/18 19:30:46 | 000,393,216 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/04/09 11:13:54 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/26 21:38:26 | 001,771,032 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.0.5\ToolbarUpdater.exe -- (vToolbarUpdater18.0.5)
SRV - [2014/03/16 09:46:14 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/11/20 02:54:20 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/07/04 15:53:10 | 004,939,312 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/06/27 11:50:17 | 000,182,184 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/25 09:46:44 | 001,326,176 | ---- | M] (Secunia) [On_Demand | Stopped] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent)
SRV - [2012/07/25 09:46:42 | 000,681,056 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012/07/14 16:59:59 | 000,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2012/07/10 12:43:00 | 000,145,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2012/07/10 12:42:59 | 000,159,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/01/12 16:05:00 | 000,120,128 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011/01/12 08:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2000/11/17 01:02:00 | 000,114,688 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (mfeavfk01)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2014/04/15 13:35:26 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2014/03/26 21:38:30 | 000,042,272 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/11/25 02:48:36 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/10/23 02:05:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/10/23 02:05:10 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2013/07/20 01:51:00 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/07/20 01:50:56 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/07/20 01:50:50 | 000,171,320 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/07/01 01:45:28 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/07/10 12:43:00 | 000,436,728 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/07/10 12:43:00 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2012/07/10 12:43:00 | 000,085,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/07/10 12:42:59 | 000,171,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/07/10 12:42:59 | 000,116,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/07/10 12:42:59 | 000,058,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2006/02/09 20:57:46 | 001,502,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/23 14:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={2789E6E8-98CA-4791-ACDD-4358A7CE45D2}&mid=603cea76fd7547d08e18d158574a3765-9c16ff173d18b14c4e19c48d8be0389c9f9ef091&lang=en&ds=AVG&pr=fr&d=2012-09-27 10:34:37&v=15.4.0.4&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.bt.com/"
FF - prefs.js..extensions.enabledAddons: %7B49e51043-d75a-40d9-8746-5be1e5685c73%7D:1.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\18.0.5\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Application Data\AVG Secure Search\FireFoxExt\18.0.5.292 [2014/03/26 21:40:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012/07/11 17:06:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Extensions
[2014/04/18 12:08:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593\extensions
[2014/04/18 02:07:58 | 000,007,996 | ---- | M] () (No name found) -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593\extensions\{49e51043-d75a-40d9-8746-5be1e5685c73}.xpi
[2014/04/20 11:23:03 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593\searchplugins\conduit-search.xml
[2014/04/09 11:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/04/09 11:13:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
O1 HOSTS File: ([2014/04/11 10:21:56 | 000,450,622 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 15470 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120710124325.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Reg Error: Value error.) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\18.0.5.292\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MoneyStartUp10.0] C:\Program Files\Microsoft Money\System\Activation.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1341910306414 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1341928324406 (MUWebControl Class)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{808270E0-B957-4745-AF49-179E801A6742}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\18.0.5\ViProtocol.dll (AVG Secure Search)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/09 16:20:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{33b5363b-cdc3-11e1-ada9-001111aede96}\Shell - "" = AutoRun
O33 - MountPoints2\{33b5363b-cdc3-11e1-ada9-001111aede96}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{33b5363b-cdc3-11e1-ada9-001111aede96}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/21 10:40:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2014/04/20 12:40:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2014/04/20 11:40:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\Startup
[2014/04/20 11:39:38 | 000,000,000 | ---D | C] -- C:\Avenger
[2014/04/17 16:42:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2014/04/09 11:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[9 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\admin\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\admin\Local Settings\Application Data\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/04/21 10:45:15 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014/04/21 10:40:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2014/04/21 10:31:19 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/04/21 10:30:11 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/04/21 10:30:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2014/04/21 10:30:04 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2014/04/21 10:29:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/04/20 15:19:04 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/04/20 11:25:40 | 000,016,242 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\cc_20140420_112434.reg
[2014/04/18 12:09:53 | 000,411,162 | ---- | M] () -- C:\WINDOWS\unins000.dat
[2014/04/18 12:08:51 | 001,164,489 | ---- | M] () -- C:\WINDOWS\unins000.exe
[2014/04/15 13:35:26 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2014/04/11 10:29:35 | 000,004,996 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\cc_20140411_102854.reg
[2014/04/11 10:21:56 | 000,450,622 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2014/04/10 17:31:30 | 000,267,800 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2014/04/09 10:14:01 | 000,505,896 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2014/04/09 10:14:01 | 000,087,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2014/03/26 21:40:08 | 000,003,728 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2014/03/26 21:38:30 | 000,042,272 | ---- | M] (AVG Technologies) -- C:\WINDOWS\System32\drivers\avgtpx86.sys
[9 C:\*.tmp files -> C:\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\admin\Local Settings\Application Data\*.tmp files -> C:\Documents and Settings\admin\Local Settings\Application Data\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/20 11:24:36 | 000,016,242 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\cc_20140420_112434.reg
[2014/04/18 12:09:52 | 001,164,489 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2014/04/18 12:07:26 | 000,411,162 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2014/04/11 10:28:56 | 000,004,996 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\cc_20140411_102854.reg
[2013/06/27 10:49:15 | 000,003,728 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2012/09/22 19:11:23 | 000,056,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/08/11 13:20:49 | 000,027,520 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\dt.dat
[2012/07/24 10:12:59 | 000,000,145 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT3.DAT
[2012/07/16 17:02:31 | 000,942,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-583907252-1644491937-1177238915-1003-0.dat
[2012/07/16 11:55:44 | 000,269,198 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/07/14 17:08:23 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2012/07/14 17:00:31 | 000,049,152 | ---- | C] () -- C:\WINDOWS\StiRegstEng.dll
[2012/07/14 16:56:18 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2012/07/14 16:56:18 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2012/07/14 16:56:18 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2012/07/14 16:55:50 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2012/07/14 16:55:50 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2012/07/14 16:55:50 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2012/07/14 16:55:26 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\esfw41.bin
[2012/07/14 16:54:50 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE P242580EF.ini
[2012/07/14 15:50:59 | 000,088,576 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/13 16:13:50 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2012/07/13 16:11:37 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2012/07/10 11:13:44 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012/07/10 11:13:18 | 000,114,630 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012/07/10 10:05:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/09 17:10:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/07/09 17:09:00 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/09 16:22:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/09 16:17:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
 
========== ZeroAccess Check ==========
 
[2012/07/10 11:53:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2012/04/20 20:29:52 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/09/27 10:34:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\AVG Secure Search
[2012/09/27 10:38:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\AVG2013
[2012/07/16 11:34:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Garmin
[2012/07/10 11:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Oracle
[2013/03/20 12:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Smart Panel
[2012/09/27 10:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\TuneUp Software
[2012/07/10 11:56:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Desktop Search
[2012/11/18 12:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Application Data\Windows Search
[2012/09/22 18:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/12/09 09:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/09/29 11:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012/07/11 16:43:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012/07/16 15:46:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2013/03/14 13:34:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Licenses
[2014/04/17 16:43:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2014/04/10 17:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
 


  • 0

Advertisements

#2
gringo_pr
Posted 21 April 2014 - 06:13 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts

Hello Chris - Thecleancar

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
Chris - Thecleancar
Posted 22 April 2014 - 02:50 AM

Chris - Thecleancar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 244 posts

Hi Gringo

 

Thanks very much for helping me much appreciated

 

I have run both programs and all seemed to go ok

 

The AdwCleaner text file was not quite where you said it would be - I found two files at C:\AdwCleaner\AdwCleaner[S0].txt and AdwCleaner[R0].txt  i could not find AdwCleaner{s1].txt

 

The icon is gone from the Google seach box but the pop ups are still appearing

 

Here are the two files

 

Thanks again

Chris

 

# AdwCleaner v3.103 - Report created 22/04/2014 at 09:20:10
# Updated 21/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : admin - DELLPC
# Running from : C:\Documents and Settings\admin\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : vToolbarUpdater18.0.5

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
Folder Deleted : C:\Documents and Settings\admin\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\admin\Application Data\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593\searchplugins\conduit-search.xml
File Deleted : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu\Programs\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49B4-9D64-90988571CECB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49B4-9D64-90988571CECB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\IM
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3320206&octid=EB_ORIGINAL_CTID&ISID=MFF3B7CE3-4C08-4B3A-B12E-3D13752B23EB&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SP8C1932EA-033[...]
Line Deleted : user_pref("browser.search.defaultenginename", "Conduit Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Conduit Search");

*************************

AdwCleaner[R0].txt - [6698 octets] - [22/04/2014 09:18:10]
AdwCleaner[S0].txt - [6769 octets] - [22/04/2014 09:20:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6829 octets] ##########

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by admin on 22/04/2014 at  9:29:14.78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/04/2014 at  9:34:15.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


 


  • 0

#4
gringo_pr
Posted 22 April 2014 - 11:24 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts

Hello Chris - Thecleancar

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
  • 0

#5
Chris - Thecleancar
Posted 23 April 2014 - 04:22 AM

Chris - Thecleancar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 244 posts

Hi Gringo

 

I ran combofix.exe it requested the installation of the recovery console and everthing seemed to go ok

 

I am still getting the pop up windows which if i click on the x to close take me to another window

The pop up are suggesting that for example " Driver restore utility has detected 12 window errors it is highly recommended that you update"

Another tells me this is not a joke theres an iphone waiting to be won

 

Thanks again for your help

 

Here is my combofix log

 

ComboFix 14-04-20.01 - admin 23/04/2014  11:04:10.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.44.1033.18.1534.868 [GMT 1:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\admin\Local Settings\Application Data\nsk115.tmp
c:\documents and settings\admin\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
C:\LIL116.tmp
C:\LIL117.tmp
C:\LIL118.tmp
C:\LIL119.tmp
C:\LILFA.tmp
C:\LILFB.tmp
C:\LILFC.tmp
C:\LILFD.tmp
C:\LILFE.tmp
c:\windows\system32\Cache
c:\windows\system32\Cache\139be6b309508079.fb
c:\windows\system32\Cache\193661e1ee779739.fb
c:\windows\system32\Cache\2449d6d786a764b7.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2f9a88e30caaf74b.fb
c:\windows\system32\Cache\303f890bd93cc9d9.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3a3c45eb261e6330.fb
c:\windows\system32\Cache\3f7ed8f48ff07a5f.fb
c:\windows\system32\Cache\513fbab78ea89586.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\66c63503760778e2.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\87c8a82d38ef3581.fb
c:\windows\system32\Cache\91ef533efc05ea85.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b29bcaf1621537d0.fb
c:\windows\system32\Cache\baba52f823bd8ce0.fb
c:\windows\system32\Cache\be30afd7661a0916.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\cd9e60bd7a6daac4.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\dfb59232e53082bb.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-23 to 2014-04-23  )))))))))))))))))))))))))))))))
.
.
2014-04-22 08:29 . 2014-04-22 08:29    --------    d-----w-    c:\windows\ERUNT
2014-04-22 08:18 . 2014-04-22 08:22    --------    d-----w-    C:\AdwCleaner
2014-04-18 11:09 . 2014-04-18 11:08    1164489    ----a-w-    c:\windows\unins000.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-15 12:35 . 2012-03-19 04:17    182072    ----a-w-    c:\windows\system32\drivers\avgtdix.sys
2014-03-26 20:38 . 2012-09-27 09:34    42272    ----a-w-    c:\windows\system32\drivers\avgtpx86.sys
2014-03-16 08:46 . 2012-07-10 10:42    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-03-16 08:46 . 2012-07-10 10:42    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-16 08:45 . 2014-03-13 12:45    5777288    ----a-w-    c:\windows\system32\FlashPlayerInstaller.exe
2014-03-06 17:59 . 2008-04-14 12:00    920064    ----a-w-    c:\windows\system32\wininet.dll
2014-03-06 17:59 . 2008-04-14 12:00    43520    ------w-    c:\windows\system32\licmgr10.dll
2014-03-06 17:59 . 2008-04-14 12:00    18944    ----a-w-    c:\windows\system32\corpol.dll
2014-03-06 17:59 . 2008-04-14 12:00    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2014-03-06 00:46 . 2008-04-14 12:00    385024    ------w-    c:\windows\system32\html.iec
2014-02-07 02:01 . 2008-04-14 12:00    1879040    ----a-w-    c:\windows\system32\win32k.sys
2014-02-05 08:55 . 2008-04-14 12:00    562688    ----a-w-    c:\windows\system32\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus C60 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE" [2001-10-04 69632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-09 344064]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2011-01-12 161088]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2011-01-12 215360]
"MoneyStartUp10.0"="c:\program files\Microsoft Money\System\Activation.exe" [2001-07-25 245810]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2014-01-21 4411952]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2012-7-22 127488]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe  /startup [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute    REG_MULTI_SZ       autocheck autochk *\0c:\progra~1\AVG\AVG2013\avgrsx.exe /sync /restart
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2013\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19/04/2012 04:50 60216]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [09/08/2012 13:56 246072]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31/01/2012 04:46 39224]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 13:32 208184]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 13:32 22328]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22/02/2012 05:25 171320]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19/03/2012 05:17 182072]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [27/09/2012 10:34 42272]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10/07/2012 12:43 88544]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2013\avgwdsvc.exe [20/11/2013 02:54 283136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [10/07/2012 12:43 145936]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [25/07/2012 09:46 681056]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2013\avgidsagent.exe [04/07/2013 15:53 4939312]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10/07/2012 12:43 85152]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [01/09/2010 09:30 15544]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [25/07/2012 09:46 1326176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-10 08:46]
.
2013-11-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-19 10:18]
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-08-19 10:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.3.0/GarminAxControl_32.CAB
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593\
FF - prefs.js: browser.startup.homepage - hxxp://home.bt.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-04-23 11:09
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2014-04-23  11:11:21
ComboFix-quarantined-files.txt  2014-04-23 10:11
.
Pre-Run: 93,676,810,240 bytes free
Post-Run: 93,865,025,536 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 11E85BB42F1B01DB3D5AB330CBC923D0
8F558EB6672622401DA993E1E865C861
 


  • 0

#6
gringo_pr
Posted 23 April 2014 - 06:36 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts

Hello Chris



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
  • 0

#7
Chris - Thecleancar
Posted 24 April 2014 - 02:40 AM

Chris - Thecleancar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 244 posts

Hi again Gringo

 

I ran the 32 bit version of Farbar recovery tool without any problems

 

I'm still getting pop ups but the PC is running normally otherwise

 

QUESTION can I update my anti virus as it needs doing?

 

Here are the two log files you asked for

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014
Ran by admin (administrator) on DELLPC on 24-04-2014 09:31:02
Running from C:\Documents and Settings\admin\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgcsrvx.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgidsagent.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\udaterui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgui.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(C-Dilla Ltd) C:\WINDOWS\system32\drivers\CDAC11BA.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\FrameworkService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2013\avgemcx.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(Secunia) C:\Program Files\Secunia\PSI\sua.exe
(McAfee, Inc.) C:\Program Files\McAfee\Common Framework\McTray.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\udaterui.exe [161088 2011-01-12] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [215360 2011-01-12] (McAfee, Inc.)
HKLM\...\Run: [MoneyStartUp10.0] => C:\Program Files\Microsoft Money\System\Activation.exe [245810 2001-07-25] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-583907252-1644491937-1177238915-1003\...\Run: [EPSON Stylus C60 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE [69632 2001-10-04] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-583907252-1644491937-1177238915-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
ShortcutTarget: EPSON Status Monitor 3 Environment Check 2.lnk -> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120710124325.dll (McAfee, Inc.)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1341910306414
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593
FF Homepage: hxxp://home.bt.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1207148.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SwizzleBiz - C:\Documents and Settings\admin\Application Data\Mozilla\Firefox\Profiles\foswouv1.default-1351766612593\Extensions\{49e51043-d75a-40d9-8746-5be1e5685c73}.xpi [2014-04-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-02-09] ()
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [39936 2012-07-14] (C-Dilla Ltd)
R2 EPSONStatusAgent2; C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe [114688 2000-11-17] (SEIKO EPSON CORPORATION)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-06-27] (Oracle Corporation)
R2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [159320 2012-07-10] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [209760 2011-01-12] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [145936 2012-07-10] (McAfee, Inc.)
S3 Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [1326176 2012-07-25] (Secunia)
R2 Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [681056 2012-07-25] (Secunia)

==================== Drivers (Whitelisted) ====================

R1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [208184 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [60216 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22328 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [171320 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [96568 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [39224 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [182072 2014-04-15] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [42272 2014-03-26] (AVG Technologies)
S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [116104 2012-07-10] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [171296 2012-07-10] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [58456 2012-07-10] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [436728 2012-07-10] (McAfee, Inc.)
S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [85152 2012-07-10] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [88544 2012-07-10] (McAfee, Inc.)
S3 PSI; C:\WINDOWS\System32\DRIVERS\psi_mf.sys [15544 2010-09-01] (Secunia)
S3 catchme; \??\C:\DOCUME~1\admin\LOCALS~1\Temp\catchme.sys [X]
U3 mfeavfk01; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-24 09:31 - 2014-04-24 09:31 - 00012462 _____ () C:\Documents and Settings\admin\Desktop\FRST.txt
2014-04-24 09:30 - 2014-04-24 09:31 - 00000000 ____D () C:\FRST
2014-04-24 09:29 - 2014-04-24 09:29 - 01048576 _____ (Farbar) C:\Documents and Settings\admin\Desktop\FRST.exe
2014-04-23 11:11 - 2014-04-23 11:11 - 00012306 _____ () C:\Documents and Settings\admin\Desktop\ComboFix.txt
2014-04-23 11:02 - 2014-04-23 11:02 - 00000000 _RSHD () C:\cmdcons
2014-04-23 11:02 - 2012-07-09 16:14 - 00000211 _____ () C:\Boot.bak
2014-04-23 11:02 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-04-23 11:00 - 2014-04-23 11:11 - 00000000 ____D () C:\Qoobox
2014-04-23 11:00 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-04-23 11:00 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-04-23 11:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-04-23 11:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-04-23 11:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-04-23 11:00 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-04-23 11:00 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-04-23 11:00 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-04-23 11:00 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-04-23 10:59 - 2014-04-23 11:09 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-22 20:05 - 2014-04-22 20:05 - 05196870 ____R (Swearware) C:\Documents and Settings\admin\Desktop\ComboFix.exe
2014-04-22 09:34 - 2014-04-22 09:34 - 00000959 _____ () C:\Documents and Settings\admin\Desktop\JRT.txt
2014-04-22 09:29 - 2014-04-22 09:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-22 09:27 - 2014-04-22 09:22 - 00006909 _____ () C:\Documents and Settings\admin\Desktop\AdwCleaner[S0].txt
2014-04-22 09:18 - 2014-04-22 09:22 - 00000000 ____D () C:\AdwCleaner
2014-04-22 09:16 - 2014-04-22 09:16 - 01324843 _____ () C:\Documents and Settings\admin\Desktop\AdwCleaner.exe
2014-04-22 09:15 - 2014-04-22 09:15 - 01016261 _____ (Thisisu) C:\Documents and Settings\admin\Desktop\JRT.exe
2014-04-21 10:49 - 2014-04-21 10:49 - 00066784 _____ () C:\Documents and Settings\admin\Desktop\OTL.Txt
2014-04-21 10:49 - 2014-04-21 10:49 - 00028054 _____ () C:\Documents and Settings\admin\Desktop\Extras.Txt
2014-04-21 10:40 - 2014-04-21 10:40 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\admin\Desktop\OTL.exe
2014-04-20 11:39 - 2014-04-20 13:50 - 00000000 ____D () C:\Avenger
2014-04-20 11:24 - 2014-04-20 11:25 - 00016242 _____ () C:\Documents and Settings\admin\My Documents\cc_20140420_112434.reg
2014-04-18 12:09 - 2014-04-18 12:08 - 01164489 _____ () C:\WINDOWS\unins000.exe
2014-04-18 12:07 - 2014-04-18 12:09 - 00411162 _____ () C:\WINDOWS\unins000.dat
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-04-11 10:28 - 2014-04-11 10:29 - 00004996 _____ () C:\Documents and Settings\admin\My Documents\cc_20140411_102854.reg
2014-04-11 10:21 - 2014-03-04 09:50 - 00450622 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140411-102156.backup
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 17:23 - 2014-04-10 17:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-10 17:23 - 2014-04-10 17:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-04-09 11:13 - 2014-04-09 11:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-04-24 09:31 - 2014-04-24 09:31 - 00012462 _____ () C:\Documents and Settings\admin\Desktop\FRST.txt
2014-04-24 09:31 - 2014-04-24 09:30 - 00000000 ____D () C:\FRST
2014-04-24 09:29 - 2014-04-24 09:29 - 01048576 _____ (Farbar) C:\Documents and Settings\admin\Desktop\FRST.exe
2014-04-24 09:23 - 2012-07-13 16:56 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-04-24 09:23 - 2012-07-09 16:18 - 01428558 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-24 09:23 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-24 09:22 - 2012-08-19 11:18 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-24 09:22 - 2012-07-13 16:56 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-24 09:22 - 2012-07-09 16:23 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-23 11:37 - 2012-07-09 16:24 - 00000178 ___SH () C:\Documents and Settings\admin\ntuser.ini
2014-04-23 11:37 - 2012-07-09 16:23 - 00032628 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-23 11:19 - 2012-08-19 11:18 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-23 11:11 - 2014-04-23 11:11 - 00012306 _____ () C:\Documents and Settings\admin\Desktop\ComboFix.txt
2014-04-23 11:11 - 2014-04-23 11:00 - 00000000 ____D () C:\Qoobox
2014-04-23 11:09 - 2014-04-23 10:59 - 00000000 ____D () C:\WINDOWS\erdnt
2014-04-23 11:09 - 2008-04-14 13:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-04-23 11:08 - 2012-07-09 16:24 - 00000000 ____D () C:\Documents and Settings\admin
2014-04-23 11:02 - 2014-04-23 11:02 - 00000000 _RSHD () C:\cmdcons
2014-04-23 11:02 - 2012-07-09 17:08 - 00000327 __RSH () C:\boot.ini
2014-04-22 20:05 - 2014-04-22 20:05 - 05196870 ____R (Swearware) C:\Documents and Settings\admin\Desktop\ComboFix.exe
2014-04-22 19:45 - 2013-03-28 11:21 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-22 09:34 - 2014-04-22 09:34 - 00000959 _____ () C:\Documents and Settings\admin\Desktop\JRT.txt
2014-04-22 09:29 - 2014-04-22 09:29 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-04-22 09:22 - 2014-04-22 09:27 - 00006909 _____ () C:\Documents and Settings\admin\Desktop\AdwCleaner[S0].txt
2014-04-22 09:22 - 2014-04-22 09:18 - 00000000 ____D () C:\AdwCleaner
2014-04-22 09:16 - 2014-04-22 09:16 - 01324843 _____ () C:\Documents and Settings\admin\Desktop\AdwCleaner.exe
2014-04-22 09:15 - 2014-04-22 09:15 - 01016261 _____ (Thisisu) C:\Documents and Settings\admin\Desktop\JRT.exe
2014-04-21 10:49 - 2014-04-21 10:49 - 00066784 _____ () C:\Documents and Settings\admin\Desktop\OTL.Txt
2014-04-21 10:49 - 2014-04-21 10:49 - 00028054 _____ () C:\Documents and Settings\admin\Desktop\Extras.Txt
2014-04-21 10:40 - 2014-04-21 10:40 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\admin\Desktop\OTL.exe
2014-04-20 13:51 - 2012-07-10 09:53 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB898461$
2014-04-20 13:50 - 2014-04-20 11:39 - 00000000 ____D () C:\Avenger
2014-04-20 11:39 - 2012-07-10 10:13 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-04-20 11:25 - 2014-04-20 11:24 - 00016242 _____ () C:\Documents and Settings\admin\My Documents\cc_20140420_112434.reg
2014-04-20 11:20 - 2012-07-12 15:05 - 00000000 ____D () C:\Program Files\Microsoft Money
2014-04-20 11:04 - 2012-07-10 16:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-18 12:22 - 2012-07-10 13:36 - 00065536 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-04-18 12:09 - 2014-04-18 12:07 - 00411162 _____ () C:\WINDOWS\unins000.dat
2014-04-18 12:08 - 2014-04-18 12:09 - 01164489 _____ () C:\WINDOWS\unins000.exe
2014-04-18 11:56 - 2012-07-10 16:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-04-17 16:43 - 2012-07-11 16:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-04-17 16:42 - 2014-04-17 16:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-04-15 13:35 - 2012-03-19 05:17 - 00182072 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-04-11 10:29 - 2014-04-11 10:28 - 00004996 _____ () C:\Documents and Settings\admin\My Documents\cc_20140411_102854.reg
2014-04-10 17:33 - 2012-07-11 18:03 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-04-10 17:31 - 2012-07-09 17:09 - 00267800 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-04-10 17:29 - 2013-07-14 10:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-10 17:29 - 2012-07-10 10:23 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-10 17:26 - 2014-04-10 17:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-10 17:26 - 2012-07-10 14:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-10 17:23 - 2014-04-10 17:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-04-10 17:23 - 2014-04-10 17:23 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-04-10 15:39 - 2012-07-19 12:37 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-09 11:13 - 2014-04-09 11:13 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-09 10:14 - 2012-07-09 17:10 - 00606142 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-31 03:51 - 2012-07-10 10:19 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-26 21:40 - 2013-06-27 10:49 - 00003728 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
2014-03-26 21:38 - 2012-09-27 10:34 - 00042272 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-04-2014
Ran by admin at 2014-04-24 09:31:57
Running from C:\Documents and Settings\admin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2013 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan Enterprise+AntiSpyware Enterprise (Disabled - Up to date) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

==================== Installed Programs ======================


==================== Restore Points  =========================

20-02-2014 13:09:01 System Checkpoint
22-02-2014 11:50:31 Software Distribution Service 3.0
09-04-2014 13:34:57 System Checkpoint
10-04-2014 16:22:40 Software Distribution Service 3.0
14-04-2014 10:10:33 System Checkpoint
17-04-2014 16:29:57 System Checkpoint
18-04-2014 10:55:05 Software Distribution Service 3.0
20-04-2014 13:34:03 System Checkpoint
22-04-2014 19:01:43 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 13:00 - 2014-04-23 11:08 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-07-14 16:58 - 2002-07-04 09:38 - 00053248 _____ () C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 21:33 - 2012-08-27 21:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files\McAfee\Common Framework\ccme_base.dll
2011-01-12 16:05 - 2011-01-12 16:05 - 00065536 _____ () C:\Program Files\McAfee\Common Framework\boost_thread-vc80-mt-1_32.dll
2011-01-12 08:08 - 2011-01-12 08:08 - 00150032 _____ () C:\Program Files\McAfee\VirusScan Enterprise\WscAv.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: RADEON X300 Series Secondary
Description: RADEON X300 Series Secondary
Class Guid:  TI Technologies Inc.
Manufacturer: ATI Technologies Inc.
Service: ati2mtag
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/24/2014 09:25:31 AM) (Source: Application Hang) (User: )
Description: Hanging application firefox.exe, version 28.0.0.5186, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (04/18/2014 00:07:02 PM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 5.1.2600.5512, faulting module innoutils.dll, version 0.0.0.0, fault address 0x0000a070.
Processing media-specific event for [rundll32.exe!ws!]

Error: (02/22/2014 01:28:36 PM) (Source: .NET Runtime Optimization Service) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (12/06/2013 00:03:42 PM) (Source: Microsoft Money) (User: )
Description: msmoney.exe10.0.0.831mnyob99.dll10.0.0.83100273fbf

Error: (11/18/2013 11:28:35 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/18/2013 11:27:29 AM) (Source: Application Error) (User: )
Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.
Processing media-specific event for [drwtsn32.exe!ws!]

Error: (11/18/2013 11:27:10 AM) (Source: Application Error) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module unknown, version 0.0.0.0, fault address 0x01443404.
Processing media-specific event for [explorer.exe!ws!]

Error: (11/15/2013 11:47:00 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/15/2013 11:44:06 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/15/2013 11:43:51 AM) (Source: Application Hang) (User: )
Description: Hanging application mbam.exe, version 1.75.0.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (04/23/2014 11:01:49 AM) (Source: Service Control Manager) (User: )
Description: The C-DillaCdaC11BA service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/20/2014 01:52:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (04/20/2014 01:00:21 PM) (Source: 0) (User: )
Description: \Device\Harddisk0\D

Error: (04/20/2014 11:41:08 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
PCIIde

Error: (04/17/2014 04:46:25 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (04/10/2014 03:39:31 PM) (Source: 0) (User: )
Description: 0xC0000001HarddiskVolume1

Error: (04/10/2014 03:00:40 PM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (04/09/2014 10:12:54 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {4EB61BAC-A3B6-4760-9581-655041EF4D69} did not register with DCOM within the required timeout.

Error: (03/16/2014 09:39:23 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (03/08/2014 11:13:45 AM) (Source: Service Control Manager) (User: )
Description: The IMAPI CD-Burning COM Service service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 40%
Total physical RAM: 1534.09 MB
Available physical RAM: 919.53 MB
Total Pagefile: 2538.86 MB
Available Pagefile: 1908.46 MB
Total Virtual: 2047.88 MB
Available Virtual: 1938.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:149 GB) (Free:87.46 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (TravelDrive) (Removable) (Total:0.96 GB) (Free:0.03 GB) FAT
Drive e: (TRANSCEND) (Removable) (Total:29.87 GB) (Free:29.15 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: D0F4738C)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

========================================================
Disk: 2 (Size: 981 MB) (Disk ID: 4972236A)
Partition 1: (Not Active) - (Size=981 MB) - (Type=0E)

==================== End Of Log ============================


  • 0

#8
gringo_pr
Posted 25 April 2014 - 07:03 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts


Please download Sysinternals Autoruns from here and save it to your desktop.
http://live.sysinter...om/autoruns.exe

Note: If using Windows Vista or Windows 7 then you also need to do the following: Right-click on Autoruns.exe and select Properties
Click on the Compatibility tab
Under Privilege Level check the box next to Run this program as an administrator
Click on Apply then click OK

Double-click Autoruns.exe to run it.
Once it starts, please press the Esc key on your keyboard.
Now that scanning is stopped, click on the Options button at the top of the program and select Filter Options...
In the Autoruns Filter Options dialoge, verify that the following are unchecked, if they are checked, uncheck them:

Include empty locations
Hide Microsoft entries
Hide Windows entries

Verify that the following is checked, if it is unchecked, check it:

Verify code signatures

Once that's done press the F5 key on your keyboard, this will start the scan again, this time let it finish.
When it's finished and says Ready. on the lower left of the program window, please click on the File button at the top of the program and select Save and save the Autoruns.arn file to your desktop and close Autoruns.
Right click on the Autoruns.arn file on your desktop and hover your mouse over Send To and select Compressed (zipped) Folder
Attach the Autoruns.zip folder you just created to your next reply
  • 0

#9
Chris - Thecleancar
Posted 25 April 2014 - 08:38 AM

Chris - Thecleancar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 244 posts

Hello Gringo

I ran Autoruns as instructed F5 did nothing so i clicked rescan
Attached is my Autoruns file

I asked last time if I could update my Anti virus - is that ok to do?

 

Thanks for your help

 

 

Attached Files


  • 0

#10
Chris - Thecleancar
Posted 29 April 2014 - 02:30 AM

Chris - Thecleancar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 244 posts

Bump


  • 0

Advertisements

#11
gringo_pr
Posted 29 April 2014 - 06:11 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts

Hello chris


Sorry - I did not see anything in there abouit the popups

I would like to see a report that combofix makes.

extra combofix report
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok
copy and paste the report into this topic for me to review

Gringo
  • 0

#12
Chris - Thecleancar
Posted 29 April 2014 - 07:58 AM

Chris - Thecleancar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 244 posts

Hello Gringo

 

I did as you requested and the notepad box was empty

 

I'm still getting pop ups - usually telling me that I have a problem with my PC - I also get new windows opening for often when I close the pop up windows

 

Thanks for helping


  • 0

#13
gringo_pr
Posted 01 May 2014 - 07:32 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts

Create and Run Batch File
  • Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
  • Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: batfileicon.gif <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
  • 0

#14
Chris - Thecleancar
Posted 02 May 2014 - 03:17 AM

Chris - Thecleancar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 244 posts

Hello Gringo

 

Here is the file you requested

 

 

Windows IP Configuration



        Host Name . . . . . . . . . . . . : DELLPC

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No

        DNS Suffix Search List. . . . . . : home



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . : home

        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller

        Physical Address. . . . . . . . . : 00-11-11-AE-DE-96

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 192.168.1.72

        Subnet Mask . . . . . . . . . . . : 255.255.255.0

        Default Gateway . . . . . . . . . : 192.168.1.254

        DHCP Server . . . . . . . . . . . : 192.168.1.254

        DNS Servers . . . . . . . . . . . : 192.168.1.254

        Lease Obtained. . . . . . . . . . : 02 May 2014 09:41:29

        Lease Expires . . . . . . . . . . : 03 May 2014 09:41:29

Server:  api.home
Address:  192.168.1.254

Name:    google.com
Addresses:  173.194.34.70, 173.194.34.71, 173.194.34.78, 173.194.34.66
      173.194.34.67, 173.194.34.64, 173.194.34.72, 173.194.34.65, 173.194.34.69
      173.194.34.73, 173.194.34.68

Server:  api.home
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45



Pinging google.com [173.194.34.65] with 32 bytes of data:



Reply from 173.194.34.65: bytes=32 time=33ms TTL=52

Reply from 173.194.34.65: bytes=32 time=31ms TTL=52



Ping statistics for 173.194.34.65:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 31ms, Maximum = 33ms, Average = 32ms



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=182ms TTL=43

Reply from 206.190.36.45: bytes=32 time=183ms TTL=43



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 182ms, Maximum = 183ms, Average = 182ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 11 ae de 96 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254    192.168.1.72      20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      169.254.0.0      255.255.0.0     192.168.1.72    192.168.1.72      20
      192.168.1.0    255.255.255.0     192.168.1.72    192.168.1.72      20
     192.168.1.72  255.255.255.255        127.0.0.1       127.0.0.1      20
    192.168.1.255  255.255.255.255     192.168.1.72    192.168.1.72      20
        224.0.0.0        240.0.0.0     192.168.1.72    192.168.1.72      20
  255.255.255.255  255.255.255.255     192.168.1.72    192.168.1.72      1
Default Gateway:     192.168.1.254
===========================================================================
Persistent Routes:
  None
 

 

THANKS FOR YOUR HELP


  • 0

#15
gringo_pr
Posted 02 May 2014 - 06:56 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Lets change the routers DNS to open DNS and see if the popups stop

https://store.opendn...m/setup/router/

Just choose the router and follow the instructions


gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP