Hello joewag747 and welcome to TSF,

Having a company take control of your computer when you can't get their program running sounds much like a scam - do NOT purchase it. What is the name of this Registry Cleaner?

Also, since you gave them access to your computer, I think it would be most prudent to check for malware. Please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

 

I ran Malware software and it was clean. I have cancelled my order on that registry cleaner. It was called PerformerSoft and my money was refunded.

 

Thanks for the feedback. Ensure you've locked down the remote access, though.

 

I'm 71 and retired military. I'm not too familiar with the computer terminology, so I don't know what you mean by "locking down the remote access".

Any suggestions as to finding these files of the "numerous", what I believe to be old stored viruses that was stated being the cause of my system being so slow? I have an extra gig chip inserted also.

 

Sorry about that. :smile: It seemed like you were familiar with the computer. Typically in order for them to gain remote access to your machine, you would have had to allow it from your end, or their software included a way for them to get in.

The best way for me to be able to determine how they got in, as well as what remnants may be on your machine that they were referring to, would you please follow the instructions in our pre-posting topic New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply?

I really only need for you to run dds.scr and post both logs it produces. No need for you to run gmer.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

 

I used DDS twice and NEVER got 2 logs entitled DDS.txt or Attach.txt. I had my daughter compress the DDS results file and make it a ZIP. Below should be a "paperclip" image which you can find it - hopefully.

I checked for Daemon and those others you listed and they are nowhere on my computer.

This DDS file is quite large and I hope everything was done correctly. As I stated previously, I am not very knowledgeable on computers. I just want this thing to be faster. I have installed an extra gig chip. The computer is old and slow as whale ****.

Also, the software company that had control of my computer no longer has that control.

I hope that you have everything you requested. Thanks a lot.

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 17:00:46 on 2012-06-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.203 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: RASucks Toolbar: {81e0693a-bcad-4106-a3ae-8862f02d9fee} - c:\program files\rasucks\tbRASu.dll
uURLSearchHooks: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - c:\program files\vid-saver\Vid-Saver.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - c:\program files\blekkotb_soc\blekkotb_019X.dll
BHO: RASucks Toolbar: {81e0693a-bcad-4106-a3ae-8862f02d9fee} - c:\program files\rasucks\tbRASu.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: NetAssistant: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\freeze.com\netassistant\NetAssistant.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: RASucks Toolbar: {81e0693a-bcad-4106-a3ae-8862f02d9fee} - c:\program files\rasucks\tbRASu.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Blekko search bar: {7d9e1adc-7db1-4eaf-b6c7-7e062074e6be} - c:\program files\blekkotb_soc\blekkotb_019X.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Auslogics Registry Fixer] "c:\program files\auslogics\auslogics registry fixer\RegistryFixer.exe -tray -skiptutorial"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced System Protector] "c:\program files\advanced system protector\advancedsystemprotector.exe" autolaunch
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Advanced System Protector] "c:\program files\advanced system protector\advancedsystemprotector.exe" autolaunch
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb100\WUSB100.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186702051687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{3A95474A-65E0-4527-B4A5-EE2AD8DD5AAE} : DhcpNameServer = 10.0.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SvcLauncher - {804E702D-2A2E-D31A-A20C-F2CF7D8C5468} - c:\windows\system32\ajoeb\Director_gpoxausoa.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tyqgbwoh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com/?l=dis&o=41648106&gct=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bccc12400-8ece-425d-8389-11fd5dd0fc50%7D&mid=b58cd5f2e29f987c20029ab097403817-374b5980666131464280871d4928d4206109323a&ds=ft011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-19%2014%3A26%3A36&sap=ku&q=
FF - prefs.js: browser.search.selectedEngine - Blekko
FF - prefs.js: keyword.URL - hxxp://blekko.com/ws/?source=a545ea26&tbp=rbox&toolbarid=blekkotb_soc&u=FF765241C0FD7FDE2C912E4FCBA9E46B&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-8-8 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-7-12 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2008-7-12 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2008-7-12 297752]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\common files\avg secure search\vtoolbarupdater\11.0.2\ToolbarUpdater.exe [2012-4-19 932736]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-27 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-27 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 PRISM_ICB;SMC2802W 2.4GHz 54Mbps Wireless PCI Card;c:\windows\system32\drivers\smc2802w.sys --> c:\windows\system32\drivers\smc2802w.sys [?]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;c:\program files\stumbleupon\StumbleUponUpdateService.exe [2008-12-18 120168]
.
=============== Created Last 30 ================
.
2012-06-03 18:42:13 -------- d-----w- C:\Downloads
2012-06-03 18:29:17 -------- d-----w- c:\documents and settings\owner\application data\FreeFileViewer
2012-06-03 18:22:07 -------- d-----w- c:\documents and settings\owner\application data\blekkotb_019
2012-06-03 18:17:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\Vid-Saver
2012-06-03 18:17:32 -------- d-----w- c:\program files\Vid-Saver
2012-06-03 18:17:25 -------- d-----w- c:\documents and settings\owner\application data\Free Download Manager
2012-06-03 18:17:05 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-06-03 18:16:53 -------- d-----w- c:\program files\Free Download Manager
2012-06-03 18:16:11 -------- d-----w- c:\documents and settings\owner\application data\blekkotb_soc
2012-06-03 18:16:02 -------- d-----w- c:\program files\blekkotb_soc
2012-06-03 14:41:10 -------- d-----w- C:\e
2012-06-03 14:40:55 -------- d-----w- C:\Data
2012-06-02 14:41:20 -------- d-----w- c:\documents and settings\owner\local settings\application data\visi_coupon
2012-06-02 14:20:30 -------- d-----w- c:\program files\Yahoo!
2012-06-02 14:12:08 -------- d-----w- c:\program files\FreeFileViewer
2012-06-02 14:11:37 -------- d-----w- c:\program files\Freeze.com
2012-06-02 14:10:46 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-06-02 14:06:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\FileTypeAssistant
2012-06-01 18:30:01 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{4648471b-becc-4c02-a549-596981e37983}\mpengine.dll
2012-06-01 15:34:10 -------- d-----w- c:\documents and settings\owner\application data\SpeedyPC Software
2012-06-01 15:33:52 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-06-01 15:33:49 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-01 15:33:49 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-05-28 16:29:08 -------- d-----w- c:\documents and settings\owner\application data\DriverCure
2012-05-28 16:29:07 -------- d-----w- c:\documents and settings\owner\application data\ParetoLogic
2012-05-28 16:28:53 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2012-05-28 15:08:23 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2012-05-28 01:22:20 -------- d-----w- c:\documents and settings\all users\application data\Systweak
2012-05-27 19:48:56 -------- d-----w- c:\documents and settings\owner\application data\TeamViewer
2012-05-27 19:47:32 -------- d-----w- c:\program files\TeamViewer
2012-05-27 19:04:52 -------- d-----w- c:\documents and settings\all users\application data\AMMYY
2012-05-27 17:45:33 3993600 ----a-w- c:\program files\GUT285.tmp
2012-05-27 17:45:33 -------- d-----w- c:\program files\GUM284.tmp
2012-05-27 16:58:44 -------- d-----w- c:\documents and settings\owner\application data\Systweak
2012-05-27 16:58:31 17320 ----a-w- c:\windows\system32\roboot.exe
2012-05-26 18:24:22 -------- d-----w- c:\program files\RegZooka
2012-05-26 18:06:29 -------- d-----w- c:\documents and settings\owner\application data\Auslogics
2012-05-26 11:12:36 -------- d-----w- c:\documents and settings\all users\application data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-05-26 10:25:44 -------- d-----w- c:\documents and settings\owner\application data\Uniblue
2012-05-26 10:25:35 -------- d-----w- c:\program files\Uniblue
2012-05-26 10:25:10 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware
2012-05-24 11:54:42 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-05-24 11:54:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-05-16 12:38:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 12:38:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 17:03:29.32 ===============

 

You did pretty good, joewag747. :smile:

I really need to see that Attach.txt so I can see what programs actually show as installed on the machine - which would require you uninstalling them in the proper fashion - and which ones only have the folders remaining.

There are several programs I see in this log that should be removed and are likely contributing to the slowness of the computer.

Run dds.scr again. The first log will pop open for you - that's the dds.txt - I don't need that one again.

Look in your task bar at the bottom and you should see Attach.txt there. Single click it and it will pop open for you. No need to attach it. You can copy/paste the contents of that log in your next reply.

To do that, look toward the top left of the Attach.txt and you'll see what is called a Menu bar.

• Click Edit and a drop down box will appear.
  
  
• Click 'Select All' and you'll see the entire text highlighted.
  
  
• Next, click the Edit button again and select 'Copy'

Now, with the reply window open in this thread, right click anywhere in the reply window and select 'Paste' and you'll see the contents of that log appear.

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2007 4:59:49 PM
System Uptime: 6/5/2012 10:40:49 AM (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Celeron(R) CPU 2.60GHz | Microprocessor | 2591/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 270.021 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: VgaSave
Device ID: ROOT\LEGACY_VGASAVE\0000
Manufacturer:
Name: VgaSave
PNP Device ID: ROOT\LEGACY_VGASAVE\0000
Service: VgaSave
.
==== System Restore Points ===================
.
RP186: 5/28/2012 12:51:50 PM - System Checkpoint
RP187: 5/29/2012 3:45:29 AM - Software Distribution Service 3.0
RP188: 5/30/2012 10:43:05 AM - System Checkpoint
RP189: 5/31/2012 11:49:55 AM - System Checkpoint
RP190: 6/1/2012 12:18:58 PM - System Checkpoint
RP191: 6/1/2012 2:29:41 PM - Software Distribution Service 3.0
RP192: 6/2/2012 2:56:31 PM - System Checkpoint
RP193: 6/3/2012 3:21:59 PM - System Checkpoint
RP194: 6/4/2012 3:00:26 AM - Software Distribution Service 3.0
RP195: 6/5/2012 3:14:17 AM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Ask Toolbar
AVG Free 8.5
AVG Security Toolbar
Canon ScanGear Toolbox CS 2.2
Corel Photo Album 6
Coupon Printer for Windows
DigitImg
File Type Assistant
FlipShare
FoxTab PDF Converter
Free Download Manager 3.8
Free File Viewer 2011
Freeze.com NetAssistant
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Memories Disc
HP Software Update
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 30
Java(TM) 6 Update 5
Kodak EasyShare software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
muvee Plugin 1.0
NetAssistant
OmniPage Pro 9.0
Photosmart 140,240,7200,7600,7700,7900 Series
PS7900
PSShortcuts
PSUsage
QuickTime
RASucks Toolbar
Roxio DLA
Roxio Express Labeler
Roxio MyDVD DE
Roxio MyDVD Plus
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan Manager 5.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Shockwave
Sonic Update Manager
SoundMAX
SpeedyPC Pro
StumbleUpon IE Toolbar
Twitterlicious
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2718704)
Vid-Saver
WebFldrs XP
Windows Defender
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/1/2012 10:53:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
5/30/2012 10:17:15 AM, error: Service Control Manager [7000] - The PCASp50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================
This is the attack file. Will have to have my daughter compress and make a zip from the DDS file again.

 

Attached is the DDS file.

 

Thank you. :smile:

You have several undesirable programs and too many protective programs installed. Too many will cause slow downs and conflicts between the programs which can also slow down the internet experience.

One more thing - registry cleaners are not recommended. ALL Registry Cleaners are prone to causing massive damage/corruption to the Registry. The Registry is the single most important component in your Operating System. Once corrupted, the best recourse is to perform a wipe of the machine. Unfortunately, the corruption is seldom evident immediately. They manifest themselves as inexplicable issues further down the road.

Below are a couple of good articles on Registry Cleaners. Read them when you get the chance:

Why do registry errors keep coming back?

miekiemoes' Blog: Registry Cleaners and System Tweaking Tools


Additionally, your AVG 8 is a very outdated version, (they are now at version 10) and the AVG security toolbar also came bundled with programs you probably didn't want.

I think the first thing we should do is address the above. If you really want to keep any of the programs I list below for uninstall, then skip that uninstall and let me know in your next reply.

======================================

Click Start>Control Panel>Add or Remove Programs and uninstall the following:

Ask Toolbar
Freeze.com NetAssistant
Java(TM) 6 Update 2 <--outdated and no longer necessary
Java(TM) 6 Update 5 <--outdated and no longer necessary
Java(TM) 6 Update 30 <-- Leave this version of Java installed
RASucks Toolbar
StumbleUpon IE Toolbar

======================================

Next, you need to install another Anti Virus program. Here are 2 very good free Anti Virus programs:

• Avast Free AV
• Microsoft Security Essentials

Select one of these, or another of your choice. Download the installer file, but do not install it just yet.

After you've downloaded a new Anti Virus program, go back to Control Panel>Add or Remove Programs and uninstll these 2 programs:

AVG Free 8.5
AVG Security Toolbar

Reboot the machine and install the new Anti Virus that you downloaded earlier.

===================================

Run a new scan with dds.scr and post both logs it produces so I can see what remains.

How is the machine now, is it running any better?

 

I have uninstalled those items you had listed with the exception of the "Ask Toolbar". When I tried to uninstall it I kept getting a fatal error message. I also deleted AVG and installed Microsoft Security Essentials.

The computer seems to not have increased in speed and operation.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/8/2007 4:59:49 PM
System Uptime: 6/6/2012 11:58:48 AM (4 hours ago)
.
Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel(R) Celeron(R) CPU 2.60GHz | Microprocessor | 2591/400mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 298 GiB total, 270.129 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_4401&SUBSYS_81271028&REV_01\4&3B1CAF2B&0&48F0
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: VgaSave
Device ID: ROOT\LEGACY_VGASAVE\0000
Manufacturer:
Name: VgaSave
PNP Device ID: ROOT\LEGACY_VGASAVE\0000
Service: VgaSave
.
==== System Restore Points ===================
.
RP186: 5/28/2012 12:51:50 PM - System Checkpoint
RP187: 5/29/2012 3:45:29 AM - Software Distribution Service 3.0
RP188: 5/30/2012 10:43:05 AM - System Checkpoint
RP189: 5/31/2012 11:49:55 AM - System Checkpoint
RP190: 6/1/2012 12:18:58 PM - System Checkpoint
RP191: 6/1/2012 2:29:41 PM - Software Distribution Service 3.0
RP192: 6/2/2012 2:56:31 PM - System Checkpoint
RP193: 6/3/2012 3:21:59 PM - System Checkpoint
RP194: 6/4/2012 3:00:26 AM - Software Distribution Service 3.0
RP195: 6/5/2012 3:14:17 AM - System Checkpoint
RP196: 6/5/2012 4:43:28 PM - Software Distribution Service 3.0
RP197: 6/6/2012 6:57:33 AM - Removed Java(TM) 6 Update 2
RP198: 6/6/2012 6:59:29 AM - Removed Java(TM) 6 Update 5
RP199: 6/6/2012 7:05:52 AM - Removed Ask Toolbar.
RP200: 6/6/2012 7:06:39 AM - Removed Ask Toolbar.
RP201: 6/6/2012 7:09:13 AM - Removed Ask Toolbar.
RP202: 6/6/2012 7:14:05 AM - Removed NetAssistant
RP203: 6/6/2012 7:40:16 AM - Removed AVG Free 8.5
RP204: 6/6/2012 7:41:25 AM - Installed AVG Free 8.5
RP205: 6/6/2012 7:50:01 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Ask Toolbar
AVG Security Toolbar
Canon ScanGear Toolbox CS 2.2
Corel Photo Album 6
Coupon Printer for Windows
DigitImg
File Type Assistant
FlipShare
FoxTab PDF Converter
Free Download Manager 3.8
Free File Viewer 2011
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Memories Disc
HP Software Update
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Kodak EasyShare software
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
muvee Plugin 1.0
OmniPage Pro 9.0
Photosmart 140,240,7200,7600,7700,7900 Series
PS7900
PSShortcuts
PSUsage
QuickTime
Roxio DLA
Roxio Express Labeler
Roxio MyDVD DE
Roxio MyDVD Plus
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Scan Manager 5.2
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2695962)
Shockwave
Sonic Update Manager
SoundMAX
SpeedyPC Pro
Twitterlicious
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2718704)
Vid-Saver
WebFldrs XP
Windows Defender
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
Works Upgrade
XML Paper Specification Shared Components Pack 1.0
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/6/2012 7:00:22 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
6/5/2012 4:40:59 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
6/5/2012 4:40:59 PM, error: Service Control Manager [7000] - The PCASp50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 15:03:29 on 2012-06-06
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.238 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Free Download Manager\fdm.exe
svchost.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Vid-Saver: {11111111-1111-1111-1111-110011341191} - c:\program files\vid-saver\Vid-Saver.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.0.0.9\AVG Secure Search_toolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Auslogics Registry Fixer] "c:\program files\auslogics\auslogics registry fixer\RegistryFixer.exe -tray -skiptutorial"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced System Protector] "c:\program files\advanced system protector\advancedsystemprotector.exe" autolaunch
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [Advanced System Protector] "c:\program files\advanced system protector\advancedsystemprotector.exe" autolaunch
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb100\WUSB100.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186702051687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{3A95474A-65E0-4527-B4A5-EE2AD8DD5AAE} : DhcpNameServer = 10.0.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.0.2\ViProtocol.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SvcLauncher - {804E702D-2A2E-D31A-A20C-F2CF7D8C5468} - c:\windows\system32\ajoeb\Director_gpoxausoa.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tyqgbwoh.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=FF765241C0FD7FDE2C912E4FCBA9E46B&tbp=homepage&v=2_0
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bccc12400-8ece-425d-8389-11fd5dd0fc50%7D&mid=b58cd5f2e29f987c20029ab097403817-374b5980666131464280871d4928d4206109323a&ds=ft011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-19%2014%3A26%3A36&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.0.2\npsitesafety.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
S1 MpKsl2eaf2184;MpKsl2eaf2184;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8059efce-e9f5-47e0-b0ae-29acdb9f1837}\MpKsl2eaf2184.sys [2012-6-6 29904]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 PRISM_ICB;SMC2802W 2.4GHz 54Mbps Wireless PCI Card;c:\windows\system32\drivers\smc2802w.sys --> c:\windows\system32\drivers\smc2802w.sys [?]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
.
=============== Created Last 30 ================
.
2012-06-06 12:03:54 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8059efce-e9f5-47e0-b0ae-29acdb9f1837}\offreg.dll
2012-06-06 12:03:54 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8059efce-e9f5-47e0-b0ae-29acdb9f1837}\MpKsl2eaf2184.sys
2012-06-06 11:50:25 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{8059efce-e9f5-47e0-b0ae-29acdb9f1837}\mpengine.dll
2012-06-06 11:47:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-06 11:26:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-06-05 20:43:40 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{57bf8e32-0281-4408-bb71-e1dc9caaca89}\mpengine.dll
2012-06-03 23:56:58 -------- d-----w- C:\New Folder
2012-06-03 18:42:13 -------- d-----w- C:\Downloads
2012-06-03 18:29:17 -------- d-----w- c:\documents and settings\owner\application data\FreeFileViewer
2012-06-03 18:22:07 -------- d-----w- c:\documents and settings\owner\application data\blekkotb_019
2012-06-03 18:17:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\Vid-Saver
2012-06-03 18:17:32 -------- d-----w- c:\program files\Vid-Saver
2012-06-03 18:17:25 -------- d-----w- c:\documents and settings\owner\application data\Free Download Manager
2012-06-03 18:17:05 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-06-03 18:16:53 -------- d-----w- c:\program files\Free Download Manager
2012-06-03 14:41:10 -------- d-----w- C:\e
2012-06-03 14:40:55 -------- d-----w- C:\Data
2012-06-02 14:41:20 -------- d-----w- c:\documents and settings\owner\local settings\application data\visi_coupon
2012-06-02 14:20:30 -------- d-----w- c:\program files\Yahoo!
2012-06-02 14:12:08 -------- d-----w- c:\program files\FreeFileViewer
2012-06-02 14:10:46 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-06-02 14:06:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\FileTypeAssistant
2012-06-01 15:34:10 -------- d-----w- c:\documents and settings\owner\application data\SpeedyPC Software
2012-06-01 15:33:52 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-06-01 15:33:49 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-01 15:33:49 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-05-28 16:29:08 -------- d-----w- c:\documents and settings\owner\application data\DriverCure
2012-05-28 16:29:07 -------- d-----w- c:\documents and settings\owner\application data\ParetoLogic
2012-05-28 16:28:53 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2012-05-28 15:08:23 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2012-05-28 01:22:20 -------- d-----w- c:\documents and settings\all users\application data\Systweak
2012-05-27 19:48:56 -------- d-----w- c:\documents and settings\owner\application data\TeamViewer
2012-05-27 19:47:32 -------- d-----w- c:\program files\TeamViewer
2012-05-27 19:04:52 -------- d-----w- c:\documents and settings\all users\application data\AMMYY
2012-05-27 17:45:33 3993600 ----a-w- c:\program files\GUT285.tmp
2012-05-27 17:45:33 -------- d-----w- c:\program files\GUM284.tmp
2012-05-27 16:58:44 -------- d-----w- c:\documents and settings\owner\application data\Systweak
2012-05-27 16:58:31 17320 ----a-w- c:\windows\system32\roboot.exe
2012-05-26 18:24:22 -------- d-----w- c:\program files\RegZooka
2012-05-26 18:06:29 -------- d-----w- c:\documents and settings\owner\application data\Auslogics
2012-05-26 11:12:36 -------- d-----w- c:\documents and settings\all users\application data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-05-26 10:25:44 -------- d-----w- c:\documents and settings\owner\application data\Uniblue
2012-05-26 10:25:35 -------- d-----w- c:\program files\Uniblue
2012-05-26 10:25:10 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware
2012-05-24 11:54:42 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-05-24 11:54:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 12:38:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 12:38:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 15:06:39.59 ===============

 

I just recalled another major problem with this computer. After about 15 minutes of use, the page I am on will freeze. My mouse does not function on the page, and I have to take the computer down and leave it for awhile. The computer gets gradually slower each minute until it freezes.

The fan is working and about every 6 months I take the tower out and blow it out with my air compressor.

 

Thanks for the info.

I still see remnants of AVG Security Toolbar as well as Advanced System Protector. We'll take care of those in the next round. Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

 

Here is the ComboFix file:

ComboFix 12-06-07.03 - Owner 06/07/2012 7:45.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.692 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\background.html
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\browser.xul
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossrider.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\crossriderapi.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\dialog.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps-style.css
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\manage-apps.html
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\messaging.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\options.xul
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\push.html
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\search_dialog.xul
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\chrome\content\update.html
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\defaults\preferences\prefs.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\install.rdf
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\locale\en-US\translations.dtd
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\button1.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\button2.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\button3.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\button4.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\button5.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\crossrider_statusbar.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\icon128.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\icon16.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\icon24.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\icon48.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\panelarrow-up.png
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\popup.css
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\popup.html
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\popup_binding.xml
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\skin.css
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\extensions\crossriderapp3491@crossrider.com\skin\update.css
.
.
((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))
.
.
2012-06-06 12:03 . 2012-06-06 12:03 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8059EFCE-E9F5-47E0-B0AE-29ACDB9F1837}\offreg.dll
2012-06-06 12:03 . 2012-06-06 12:03 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8059EFCE-E9F5-47E0-B0AE-29ACDB9F1837}\MpKsl2eaf2184.sys
2012-06-06 11:50 . 2012-05-08 13:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8059EFCE-E9F5-47E0-B0AE-29ACDB9F1837}\mpengine.dll
2012-06-06 11:47 . 2012-06-06 11:48 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-06 11:26 . 2012-06-06 11:26 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-06-05 20:43 . 2012-05-08 16:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{57BF8E32-0281-4408-BB71-E1DC9CAACA89}\mpengine.dll
2012-06-05 15:47 . 2012-06-05 15:47 -------- d-----w- c:\program files\7-Zip
2012-06-03 23:56 . 2012-06-03 23:57 -------- d-----w- C:\New Folder
2012-06-03 18:42 . 2012-06-05 15:45 -------- d-----w- C:\Downloads
2012-06-03 18:29 . 2012-06-03 18:29 -------- d-----w- c:\documents and settings\Owner\Application Data\FreeFileViewer
2012-06-03 18:22 . 2012-06-03 18:22 -------- d-----w- c:\documents and settings\Owner\Application Data\blekkotb_019
2012-06-03 18:17 . 2012-06-03 18:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Vid-Saver
2012-06-03 18:17 . 2012-06-03 18:17 -------- d-----w- c:\program files\Vid-Saver
2012-06-03 18:17 . 2012-06-07 11:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Free Download Manager
2012-06-03 18:17 . 2012-06-04 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\blekko toolbars
2012-06-03 18:16 . 2012-06-05 18:31 -------- d-----w- c:\program files\Free Download Manager
2012-06-03 14:41 . 2012-06-03 14:41 -------- d-----w- C:\e
2012-06-02 14:41 . 2012-06-02 14:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\visi_coupon
2012-06-02 14:21 . 2012-06-02 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2012-06-02 14:20 . 2012-06-02 14:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2012-06-02 14:20 . 2012-06-02 14:20 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2012-06-02 14:20 . 2012-06-02 14:21 -------- d-----w- c:\program files\Yahoo!
2012-06-02 14:12 . 2012-06-02 14:12 -------- d-----w- c:\program files\FreeFileViewer
2012-06-02 14:10 . 2012-06-02 14:11 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-06-02 14:06 . 2012-06-02 14:07 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FileTypeAssistant
2012-06-01 15:34 . 2012-06-01 15:34 -------- d-----w- c:\documents and settings\Owner\Application Data\SpeedyPC Software
2012-06-01 15:33 . 2012-06-01 15:33 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-01 15:33 . 2012-06-01 15:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-06-01 15:33 . 2012-06-01 15:33 -------- d-----w- c:\program files\SpeedyPC Software
2012-05-28 16:29 . 2012-05-28 16:29 -------- d-----w- c:\documents and settings\Owner\Application Data\DriverCure
2012-05-28 16:29 . 2012-05-28 16:29 -------- d-----w- c:\documents and settings\Owner\Application Data\ParetoLogic
2012-05-28 16:28 . 2012-05-28 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2012-05-28 15:08 . 2012-05-28 15:08 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2012-05-28 01:22 . 2012-05-28 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
2012-05-27 19:48 . 2012-05-27 19:48 -------- d-----w- c:\documents and settings\Owner\Application Data\TeamViewer
2012-05-27 19:47 . 2012-05-27 21:42 -------- d-----w- c:\program files\TeamViewer
2012-05-27 17:45 . 2012-05-27 17:45 -------- d-----w- c:\program files\GUM284.tmp
2012-05-27 17:45 . 2012-05-27 17:45 3993600 ----a-w- c:\program files\GUT285.tmp
2012-05-27 17:39 . 2012-05-27 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2012-05-27 16:58 . 2012-05-28 01:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Systweak
2012-05-27 16:58 . 2012-05-24 22:32 17320 ----a-w- c:\windows\system32\roboot.exe
2012-05-26 18:24 . 2012-05-27 20:40 -------- d-----w- c:\program files\RegZooka
2012-05-26 18:06 . 2012-05-26 18:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Auslogics
2012-05-26 11:12 . 2012-05-26 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-05-26 10:25 . 2012-05-26 10:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2012-05-26 10:25 . 2012-05-26 10:25 -------- d-----w- c:\program files\Uniblue
2012-05-26 10:25 . 2012-05-26 10:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2012-05-24 11:54 . 2012-05-24 11:54 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2012-05-24 11:54 . 2012-05-24 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-03 23:30 . 2012-06-03 23:30 22 ----a-w- C:\New Compressed (zipped) Folder (2).zip
2012-06-03 23:06 . 2012-06-03 23:06 22 ----a-w- C:\dds - notepad.zip
2012-06-03 23:03 . 2012-06-03 23:03 22 ----a-w- C:\dds.zip
2012-06-03 23:00 . 2012-06-03 23:00 22 ----a-w- C:\New Compressed (zipped) Folder.zip
2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 12:38 . 2012-04-05 07:57 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-16 12:38 . 2011-12-06 17:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 16:40 . 2007-08-09 22:51 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2012-04-11 13:12 . 2004-08-04 10:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10 . 2005-03-30 01:23 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35 . 2005-03-30 01:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-21 00:44 . 2012-03-21 00:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2008-04-02 13:17 . 2012-04-24 22:11 1147731 ----a-w- c:\program files\mozilla firefox\components\1251016.dll
2012-05-04 02:57 . 2012-04-19 18:26 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\ServicePackFiles\i386\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\$NtServicePackUninstall$\ksuser.dll
[-] 2004-08-04 . CBCD254547689BFF80C9F547B20911E9 . 4096 . . [5.3.2600.2180] . . c:\windows\system32\ksuser.dll
.
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2004-08-04 10:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn0\yt.dll" [2012-03-21 1523512]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-04-19 18:26 2067328 ----a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-11-18 00:29 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-11-18 1515688]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-19 2067328]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-05-27 39408]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2011-12-28 6148096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-08-20 221184]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-11-18 901800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-19 1116544]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless Network Monitor.lnk - c:\program files\Linksys\WUSB100\WUSB100.exe [N/A]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SvcLauncher"= {804E702D-2A2E-D31A-A20C-F2CF7D8C5468} - c:\windows\system32\ajoeb\Director_gpoxausoa.dll [2008-04-02 1060332]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\KODAK\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FreeFileViewer\\FFVCheckForUpdates.exe"=
"c:\\Program Files\\File Type Assistant\\TSAssist.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDPeer Name Resolution Protocol (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R2 Iprip;RIP Listener;c:\windows\System32\svchost.exe -k netsvcs [8/4/2004 6:00 AM 14336]
R2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [4/19/2012 2:26 PM 932736]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2012 1:39 PM 136176]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/5/2012 3:57 AM 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2012 1:39 PM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/3/2012 10:57 PM 129976]
S3 PRISM_ICB;SMC2802W 2.4GHz 54Mbps Wireless PCI Card;c:\windows\system32\DRIVERS\smc2802w.sys --> c:\windows\system32\DRIVERS\smc2802w.sys [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\StumbleUpon\StumbleUponUpdateService.exe" --> c:\program files\StumbleUpon\StumbleUponUpdateService.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 12:38]
.
2012-06-06 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-06-02 18:24]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd3c6040ca8f9a.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 17:38]
.
2012-06-01 c:\windows\Tasks\HP DArC Task 2003-08-20 09:23ewlett-Packard-9002003-08-20 18:57N3CG3111PN8.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-08-20 18:57]
.
2012-06-07 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2007-08-12 21:23]
.
2012-06-06 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-06-07 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03]
.
2012-06-06 c:\windows\Tasks\ProgramUpdateCheck.job
- c:\program files\File Type Assistant\tsassist.exe [2012-03-08 02:19]
.
2012-06-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-11-18 00:29]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2011-10-09 01:19]
.
2012-06-01 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18]
.
2012-06-04 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18]
.
2012-06-07 c:\windows\Tasks\User_Feed_Synchronization-{5389E10E-96F8-4059-AF56-B54B9BC8E320}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel
TCP: DhcpNameServer = 10.0.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\tyqgbwoh.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=FF765241C0FD7FDE2C912E4FCBA9E46B&tbp=homepage&v=2_0
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bccc12400-8ece-425d-8389-11fd5dd0fc50%7D&mid=b58cd5f2e29f987c20029ab097403817-374b5980666131464280871d4928d4206109323a&ds=ft011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-19%2014%3A26%3A36&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-07 07:53
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1343024091-1645522239-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2012-06-07 08:00:48
ComboFix-quarantined-files.txt 2012-06-07 12:00
ComboFix2.txt 2012-06-06 23:12
.
Pre-Run: 293,355,315,200 bytes free
Post-Run: 293,333,753,856 bytes free
.
- - End Of File - - 326E672896BC2BE9B84267553B8AB445

 

I know you mentioned Ask Toolbar giving you trouble uninstalling, but what about AVG Security Toolbar? I still see it active in the log, and in the Installed programs list.

 

I have uninstalled it.

 

Just now? :smile:

If so, can you run dds.scr again so I can see if browser toolbars, run key, and services associated with that program are gone or not?

I don't need anything zipped, and I only need to see the dds.txt.

 

I deleted the Ask Toolbar the same day you notified me it was still there, but "after" I sent you the DDS file. Here is the DDS.txt file:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 8:07:25 on 2012-06-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1278.576 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Free Download Manager\fdm.exe
svchost.exe
C:\Program Files\Pure Digital Technologies\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kodak\KODAK Share Button App\Listener.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = localhost
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Free Download Manager: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} -
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Free Download Manager] "c:\program files\free download manager\fdm.exe" -autorun
uRun: [KGShareApp] c:\program files\kodak\kodak share button app\KGShare_App.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [KodakShareButtonApp] c:\program files\kodak\kodak share button app\Listener.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\linksys\wusb100\WUSB100.exe
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xport to Microsoft Excel
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1186702051687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.2.1.cab
TCP: DhcpNameServer = 10.0.0.1
TCP: Interfaces\{3A95474A-65E0-4527-B4A5-EE2AD8DD5AAE} : DhcpNameServer = 10.0.0.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SvcLauncher - {804E702D-2A2E-D31A-A20C-F2CF7D8C5468} - c:\windows\system32\ajoeb\Director_gpoxausoa.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\tyqgbwoh.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://blekkosearch.mystart.com/blekkotb_soc/?source=a545ea26&toolbarid=blekkotb_soc&u=FF765241C0FD7FDE2C912E4FCBA9E46B&tbp=homepage&v=2_0
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bccc12400-8ece-425d-8389-11fd5dd0fc50%7D&mid=b58cd5f2e29f987c20029ab097403817-374b5980666131464280871d4928d4206109323a&ds=ft011&v=11.0.0.9&lang=en&pr=sa&d=2012-04-19%2014%3A26%3A36&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 MpKsl38a6d0d4;MpKsl38a6d0d4;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c2304161-1b2f-4a2f-b15b-4309f152e7e5}\MpKsl38a6d0d4.sys [2012-6-8 29904]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-27 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-5 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-27 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 129976]
S3 PRISM_ICB;SMC2802W 2.4GHz 54Mbps Wireless PCI Card;c:\windows\system32\drivers\smc2802w.sys --> c:\windows\system32\drivers\smc2802w.sys [?]
S3 rt2870;Linksys 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys --> c:\windows\system32\drivers\rt2870.sys [?]
S3 StumbleUponUpdateService;StumbleUponUpdateService;"c:\program files\stumbleupon\stumbleuponupdateservice.exe" --> c:\program files\stumbleupon\StumbleUponUpdateService.exe [?]
.
=============== Created Last 30 ================
.
2012-06-08 06:38:58 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c2304161-1b2f-4a2f-b15b-4309f152e7e5}\offreg.dll
2012-06-08 06:38:58 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c2304161-1b2f-4a2f-b15b-4309f152e7e5}\MpKsl38a6d0d4.sys
2012-06-08 06:27:05 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c2304161-1b2f-4a2f-b15b-4309f152e7e5}\mpengine.dll
2012-06-07 22:11:49 6737808 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-06-07 14:22:09 -------- d-----w- c:\documents and settings\owner\application data\Kodak
2012-06-07 14:17:04 -------- d-----w- c:\documents and settings\all users\application data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
2012-06-06 22:49:33 -------- d-sha-r- C:\cmdcons
2012-06-06 22:46:57 98816 ----a-w- c:\windows\sed.exe
2012-06-06 22:46:57 518144 ----a-w- c:\windows\SWREG.exe
2012-06-06 22:46:57 256000 ----a-w- c:\windows\PEV.exe
2012-06-06 22:46:57 208896 ----a-w- c:\windows\MBR.exe
2012-06-06 11:47:53 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-06 11:26:32 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-06-05 20:43:40 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{57bf8e32-0281-4408-bb71-e1dc9caaca89}\mpengine.dll
2012-06-03 23:56:58 -------- d-----w- C:\New Folder
2012-06-03 18:42:13 -------- d-----w- C:\Downloads
2012-06-03 18:29:17 -------- d-----w- c:\documents and settings\owner\application data\FreeFileViewer
2012-06-03 18:22:07 -------- d-----w- c:\documents and settings\owner\application data\blekkotb_019
2012-06-03 18:17:43 -------- d-----w- c:\documents and settings\owner\local settings\application data\Vid-Saver
2012-06-03 18:17:32 -------- d-----w- c:\program files\Vid-Saver
2012-06-03 18:17:25 -------- d-----w- c:\documents and settings\owner\application data\Free Download Manager
2012-06-03 18:17:05 -------- d-----w- c:\documents and settings\all users\application data\blekko toolbars
2012-06-03 18:16:53 -------- d-----w- c:\program files\Free Download Manager
2012-06-03 14:41:10 -------- d-----w- C:\e
2012-06-02 14:41:20 -------- d-----w- c:\documents and settings\owner\local settings\application data\visi_coupon
2012-06-02 14:20:30 -------- d-----w- c:\program files\Yahoo!
2012-06-02 14:12:08 -------- d-----w- c:\program files\FreeFileViewer
2012-06-02 14:10:46 -------- d-----w- c:\program files\Free Offers from Freeze.com
2012-06-02 14:06:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\FileTypeAssistant
2012-06-01 15:34:10 -------- d-----w- c:\documents and settings\owner\application data\SpeedyPC Software
2012-06-01 15:33:52 -------- d-----w- c:\program files\common files\SpeedyPC Software
2012-06-01 15:33:49 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-01 15:33:49 -------- d-----w- c:\documents and settings\all users\application data\SpeedyPC Software
2012-05-28 16:29:08 -------- d-----w- c:\documents and settings\owner\application data\DriverCure
2012-05-28 16:29:07 -------- d-----w- c:\documents and settings\owner\application data\ParetoLogic
2012-05-28 16:28:53 -------- d-----w- c:\documents and settings\all users\application data\ParetoLogic
2012-05-28 15:08:23 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2012-05-28 01:22:20 -------- d-----w- c:\documents and settings\all users\application data\Systweak
2012-05-27 19:48:56 -------- d-----w- c:\documents and settings\owner\application data\TeamViewer
2012-05-27 19:47:32 -------- d-----w- c:\program files\TeamViewer
2012-05-27 17:45:33 3993600 ----a-w- c:\program files\GUT285.tmp
2012-05-27 17:45:33 -------- d-----w- c:\program files\GUM284.tmp
2012-05-27 16:58:44 -------- d-----w- c:\documents and settings\owner\application data\Systweak
2012-05-27 16:58:31 17320 ----a-w- c:\windows\system32\roboot.exe
2012-05-26 18:24:22 -------- d-----w- c:\program files\RegZooka
2012-05-26 18:06:29 -------- d-----w- c:\documents and settings\owner\application data\Auslogics
2012-05-26 11:12:36 -------- d-----w- c:\documents and settings\all users\application data\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
2012-05-26 10:25:44 -------- d-----w- c:\documents and settings\owner\application data\Uniblue
2012-05-26 10:25:35 -------- d-----w- c:\program files\Uniblue
2012-05-26 10:25:10 -------- d-----w- c:\documents and settings\owner\local settings\application data\PackageAware
2012-05-24 11:54:42 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2012-05-24 11:54:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 12:38:53 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-16 12:38:53 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:10:58 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 12:35:52 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-21 00:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 8:08:49.96 ===============

 

Thank you.

Download the attached CFScript.txt and save it to your desktop.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

***************************************************

Refering to the picture above, drag CFScript into ComboFix.exe and follow all prompts.

When finished, it shall produce a log for you. Post the C:\ComboFix.txt in your next reply.

=================================

After you've completed the above, we need to run an online scan to search for any remnants that may be lurking. Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
  
  
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Click Scan
• Wait for the scan to finish
• If any threats were found, click the 'List of found threats' , then click Export to text file....
• Save it to your desktop, then please copy and paste that log as a reply to this topic.

 

I have downloaded CFScript.txt to my desktop. However, when I try to drag it to Combofix, it will not go, and I get a box appear over CFSscript headlined "Combofix" with some green boxes and 3 empty boxes.

 

I did it incorrectly. I have the file and will zip and forward it when I finished your other instructions.

 

Okay, I'll be back online later this evening. :smile:

 

C:\Documents and Settings\Owner\My Documents\Downloads\registrybooster(1).exe Win32/RegistryBooster application
C:\Documents and Settings\Owner\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Documents and Settings\Owner\My Documents\Video clips\TotalRecipeSearch.exe Win32/AdInstaller application
C:\Downloads\7 zip setup.exe a variant of Win32/Soft32Downloader.B application
C:\System Volume Information\_restore{8D6B6459-F61D-4786-9E40-0F5B091484CB}\RP205\A0031935.exe a variant of Win32/InstallIQ application

These are the threats found running ESET. The ComboFix.txt is attached as a ZIP.

 

The fixes did not take place. Please download the CFScript.txt in Post 20 and repeat those steps for running the CFScript. Post the C:\ComboFix.txt when it has completed.

No need to re-scan with Eset.

 

I turned off my anti-virus; downloaded the Script file to desktop; dragged it into ComboFix and it launched. Attached is the ZIP file.