Slow Computer--Possible Malware or Spyware

tlbailey79 · February 25, 2013

Here are my logs:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Owner at 14:20:25 on 2013-02-25

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.577 [GMT -5:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ================

.

C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\WINDOWS\System32\alg.exe

C:\Program Files\Alwil Software\Avast5\avastUI.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe

C:\Program Files\AVG Secure Search\vprot.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe

C:\Program Files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe

C:\Program Files\IObit\IObit Malware Fighter\IMF.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k LocalService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html

uDefault_Page_URL = hxxp://www.dell4me.com/myway

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

uURLSearchHooks: Vtools Toolbar: {5BFEFF94-6411-4B74-A947-4969134B24DE} - c:\program files\vtools toolbar\ie\6.9\vtoolsToolbarIE.dll

uURLSearchHooks: FCToolbarURLSearchHook Class: {810a18c2-8c07-be74-21b6-b8261b1487fd} - c:\program files\bucksbee loyalty plugin - openinstall\Helper.dll

BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: {30F9B915-B755-4826-820B-08FBA6BD249D} - <orphaned>

BHO: Vtools Toolbar: {5BFEFF94-6411-4B74-A947-4969134B24DE} - c:\program files\vtools toolbar\ie\6.9\vtoolsToolbarIE.dll

BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>

BHO: DealPly: {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - c:\program files\dealply\DealPlyIE.dll

BHO: GetSavin 5.0: {BA368F67-C9D7-4053-945D-1FACA7F9B6FC} - c:\documents and settings\owner\local settings\application data\getsavin\ie\getsavin_1361319902.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>

TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

EB: Real.com: {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\shdocvw.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Advanced SystemCare 6] "c:\program files\iobit\advanced systemcare 6\ASCTray.exe" /AutoStart

uRun: [smartRAM] "c:\program files\iobit\advanced systemcare 6\Suo10_SmartRAM.exe" /m

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [Conime] c:\windows\system32\conime.exe

mRun: [EKAiO2StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [vProt] "c:\program files\avg secure search\vprot.exe"

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [GB_UPDATE] c:\program files\razer\razer game booster\AutoUpdate.exe/AUTORUN

mRun: [iObit Malware Fighter] "c:\program files\iobit\iobit malware fighter\IMF.exe" /autostart

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:145

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE}

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: Interfaces\{315E1AFE-8BF8-48EF-AC7F-32F9938ABC52} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{9945C8EC-9CCA-4681-ACC0-F36AC667A0D7} : DHCPNameServer = 192.168.0.1

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.2.0\ViProtocol.dll

Notify: igfxcui - igfxsrvc.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\1o958ysv.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=744028&ilc=12&p=

FF - plugin: c:\documents and settings\owner\local settings\application data\robloxversions\version-55bff205328042f4\NPRobloxProxy.dll

FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll

FF - plugin: c:\progra~1\mi1933~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.2.0\npsitesafety.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\logitech\harmony remote driver\NprtHarmonyPlugin.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll

FF - ExtSQL: 2013-02-18 12:05; avg@toolbar; c:\documents and settings\all users\application data\avg secure search\firefoxext\14.2.0.1

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2013-2-24 14776]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-27 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-9-24 337880]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-2-12 33112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-9-24 20696]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2010-11-20 38144]

R3 FileMonitor;FileMonitor;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\FileMonitor.sys [2013-2-24 246816]

R3 RegFilter;RegFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\RegFilter.sys [2013-2-24 30408]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [2009-12-2 584680]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [2009-12-2 209512]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [2009-12-2 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [2009-12-2 18280]

R3 UrlFilter;UrlFilter;c:\program files\iobit\iobit malware fighter\drivers\wxp_x86\UrlFilter.sys [2013-2-24 16248]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

.

=============== Created Last 30 ================

.

2013-02-24 20:25:33 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla

2013-02-24 17:47:30 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2013-02-24 17:46:29 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2013-02-24 17:43:31 -------- d-----w- c:\documents and settings\all users\application data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

2013-02-22 21:29:09 -------- d-----w- c:\documents and settings\owner\local settings\application data\Razer

2013-02-22 21:16:06 -------- d-----w- c:\documents and settings\owner\application data\Search Settings

2013-02-22 21:14:48 -------- d-----w- c:\program files\Application Updater

2013-02-22 21:14:44 -------- d-----w- c:\program files\Vtools Toolbar

2013-02-22 21:14:44 -------- d-----w- c:\program files\common files\Spigot

2013-02-22 21:13:46 -------- d-----w- c:\documents and settings\owner\application data\Vtools

2013-02-22 21:13:26 -------- d-----w- c:\program files\Vtools

2013-02-20 21:18:51 -------- d-----w- c:\documents and settings\owner\local settings\application data\Free_i-Dressup

2013-02-20 15:01:19 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-20 15:01:19 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-20 00:29:01 -------- d-----w- c:\documents and settings\owner\application data\DealPly

2013-02-20 00:28:49 -------- d-----w- c:\documents and settings\owner\local settings\application data\getsavin

2013-02-20 00:28:48 -------- d-----w- c:\documents and settings\owner\application data\0F0C1V0V1L1C2Z2Y1T1I0F1T1H1L1I1L1P1B

2013-02-20 00:28:17 -------- d-----w- c:\program files\DealPly

2013-02-13 08:59:22 247808 ----a-w- c:\program files\internet explorer\SET919.tmp

2013-02-13 08:59:22 12800 ----a-w- c:\program files\internet explorer\SET917.tmp

2013-02-12 15:07:58 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-02-12 02:19:56 -------- d-----w- c:\documents and settings\owner\application data\PriceGong

2013-02-11 21:42:44 -------- d-----w- c:\documents and settings\owner\local settings\application data\Unity

2013-02-11 16:50:39 375296 ------w- c:\windows\system32\dllcache\dpnet.dll

2013-02-11 16:45:56 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

2013-02-11 16:45:42 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

==================== Find3M ====================

.

2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll

2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-26 20:16:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll

.

============= FINISH: 14:23:29.93 ===============

tlbailey79 · February 25, 2013

My DDS Attach Log

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume2

Install Date: 4/15/2009 8:00:01 PM

System Uptime: 2/25/2013 11:44:57 AM (3 hours ago)

.

Motherboard: Dell Computer Corp. | | 0F5949

Processor: Intel® Celeron® CPU 2.60GHz | Microprocessor | 2591/400mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 71 GiB total, 55.818 GiB free.

D: is CDROM (CDFS)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP408: 12/3/2012 10:15:54 PM - System Checkpoint

RP409: 12/5/2012 11:08:31 PM - System Checkpoint

RP410: 12/9/2012 6:31:05 PM - System Checkpoint

RP411: 12/11/2012 3:17:51 PM - System Checkpoint

RP412: 12/23/2012 6:54:15 PM - System Checkpoint

RP413: 12/24/2012 7:29:44 PM - System Checkpoint

RP414: 12/25/2012 8:29:44 PM - System Checkpoint

RP415: 12/26/2012 9:29:44 PM - System Checkpoint

RP416: 12/27/2012 10:29:44 PM - System Checkpoint

RP417: 12/28/2012 11:29:44 PM - System Checkpoint

RP418: 12/30/2012 12:29:44 AM - System Checkpoint

RP419: 2/11/2013 11:47:16 AM - Installed Windows XP KB2598845.

RP420: 2/11/2013 11:48:18 AM - Installed Windows XP KB2632503.

RP421: 2/11/2013 11:49:28 AM - Installed Windows XP KB2758857.

RP422: 2/11/2013 11:50:28 AM - Installed Windows XP KB2779030.

RP423: 2/11/2013 11:51:33 AM - Installed Windows XP KB2770660.

RP424: 2/11/2013 11:52:53 AM - Installed Windows XP KB2761465.

RP425: 2/11/2013 11:53:32 AM - Installed Windows XP KB2779562.

RP426: 2/11/2013 11:54:35 AM - Installed Windows XP KB2753842-v2.

RP427: 2/11/2013 11:55:39 AM - Installed Windows XP KB2757638.

RP428: 2/11/2013 12:14:58 PM - Installed Windows XP KB2799329.

RP429: 2/11/2013 9:39:26 PM - Software Distribution Service 3.0

RP430: 2/11/2013 10:43:34 PM - Installed Logitech Harmony Remote Software (x86)

RP431: 2/11/2013 10:48:14 PM - Removed Microsoft Silverlight

RP432: 2/12/2013 10:58:07 PM - System Checkpoint

RP433: 2/13/2013 11:58:09 PM - System Checkpoint

RP434: 2/14/2013 3:00:25 AM - Software Distribution Service 3.0

RP435: 2/15/2013 3:00:18 AM - Software Distribution Service 3.0

RP436: 2/16/2013 3:28:35 AM - System Checkpoint

RP437: 2/17/2013 4:28:34 AM - System Checkpoint

RP438: 2/18/2013 5:28:35 AM - System Checkpoint

RP439: 2/19/2013 6:28:37 AM - System Checkpoint

RP440: 2/20/2013 7:28:31 AM - System Checkpoint

RP441: 2/20/2013 4:23:11 PM - Removed Ask Toolbar.

RP442: 2/21/2013 5:01:59 PM - System Checkpoint

RP443: 2/22/2013 4:27:44 PM - Installed Razer Game Booster.

RP444: 2/23/2013 4:41:48 PM - System Checkpoint

RP445: 2/24/2013 5:35:49 PM - System Checkpoint

.

==== Installed Programs ======================

.

Adobe Acrobat - Reader 6.0.2 Update

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 6.0.1

Advanced SystemCare 6

AiO_Scan

aioprnt

aioscnnr

AiOSoftware

AOLIcon

avast! Free Antivirus

AVG Security Toolbar

Bejeweled 2 Deluxe

Broadcom Management Programs

BucksBee Loyalty Plugin - OpenInstall

C4USelfUpdater

center

Conduit Engine

DealPly

Dell Driver Reset Tool

Dell Media Experience

Dell Photo Printer 720

Dell Picture Studio v3.0

Dell Support 5.0.0 (630)

Dell System Restore

Driver Performer 2010

essentials

Fax

Free Window Registry Repair

GetSavin

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB2756822)

Hotfix for Windows XP (KB2779562)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB981793)

HP Extended Capabilities 4.7

HP Image Zone 4.7

HP Product Assistant

HP PSC & OfficeJet 4.7

iMicro Wireless Adapter Driver and Utility

Intel® 537EP V9x DF PCI Modem

Intel® Extreme Graphics Driver

Internet Explorer Default Page

IObit Malware Fighter

Jasc Paint Shop Photo Album 5

Jasc Paint Shop Pro Studio, Dell Editon

Java 2 Runtime Environment, SE v1.4.2_03

Java Auto Updater

Java 6 Update 21

Kodak AIO Printer

KODAK AiO Software

Learn2 Player (Uninstall Only)

Legends 2 Hidden Relics 1.0

Legends of Dreams

Logitech Harmony Remote Software (x86)

LogMeIn Hamachi

Macromedia Flash Player

Malwarebytes' Anti-Malware version 1.51.2.1300

MarketResearch

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2698023)

Microsoft .NET Framework 1.1 Security Update (KB2742597)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Office Click-to-Run 2010

Microsoft Plus! Digital Media Edition Installer

Microsoft Plus! Photo Story 2 LE

Microsoft Silverlight

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Modem Event Monitor

Modem Helper

Modem On Hold

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSN

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB973686)

My Way Search Assistant

ocr

Peggle Deluxe

Photo Click

Play Pickle

PreReq

QFolder

QuickTime

Razer Game Booster

Readme

RealPlayer Basic

Scan

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Windows (KB2564958)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Internet Explorer 8 (KB2482017)

Security Update for Windows Internet Explorer 8 (KB2497640)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2586448)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB2744842)

Security Update for Windows Internet Explorer 8 (KB2761465)

Security Update for Windows Internet Explorer 8 (KB2792100)

Security Update for Windows Internet Explorer 8 (KB2797052)

Security Update for Windows Internet Explorer 8 (KB2799329)

Security Update for Windows Internet Explorer 8 (KB971961)

Security Update for Windows Internet Explorer 8 (KB981332)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2476687)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479628)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485376)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2491683)

Security Update for Windows XP (KB2503658)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2506223)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2511455)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2724197)

Security Update for Windows XP (KB2727528)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB2753842-v2)

Security Update for Windows XP (KB2757638)

Security Update for Windows XP (KB2758857)

Security Update for Windows XP (KB2761226)

Security Update for Windows XP (KB2770660)

Security Update for Windows XP (KB2778344)

Security Update for Windows XP (KB2779030)

Security Update for Windows XP (KB2780091)

Security Update for Windows XP (KB2799494)

Security Update for Windows XP (KB2802968)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982665)

Smart Defrag 2

Unity Web Player

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows Internet Explorer 8 (KB2632503)

Update for Windows Internet Explorer 8 (KB976662)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2661254-v2)

Update for Windows XP (KB2718704)

Update for Windows XP (KB2736233)

Update for Windows XP (KB2749655)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Viewpoint Media Player

Virtual Families Packages

Vtools Toolbar v6.9

WebFldrs XP

Windows Cleaner

Windows Genuine Advantage Validation Tool (KB892130)

Windows Imaging Component

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format Runtime

Windows Media Player 10

Windows XP Service Pack 3

WordPerfect Office 12

.

==== Event Viewer Messages From Past Week ========

.

2/25/2013 11:27:36 AM, error: Service Control Manager [7034] - The Application Virtualization Client service terminated unexpectedly. It has done this 1 time(s).

2/25/2013 11:27:30 AM, error: Service Control Manager [7034] - The Client Virtualization Handler service terminated unexpectedly. It has done this 1 time(s).

2/25/2013 11:27:29 AM, error: Service Control Manager [7034] - The Application Virtualization Service Agent service terminated unexpectedly. It has done this 1 time(s).

2/25/2013 11:27:28 AM, error: Service Control Manager [7034] - The IMF Service service terminated unexpectedly. It has done this 1 time(s).

2/25/2013 11:27:28 AM, error: Service Control Manager [7034] - The Application Updater service terminated unexpectedly. It has done this 1 time(s).

2/25/2013 11:27:26 AM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).

2/24/2013 12:41:26 PM, error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).

2/22/2013 4:59:37 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Client Virtualization Handler service to connect.

2/22/2013 4:59:37 PM, error: Service Control Manager [7000] - The Client Virtualization Handler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

2/22/2013 4:56:55 PM, error: Application Popup [877] - There was error [DATABASE OPEN FAILED] processing the driver database.

2/21/2013 10:58:54 AM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{315E1AFE-8BF8-48EF-AC7F-32F9938ABC52} because another computer on the network has the same name. The server could not start.

2/20/2013 9:53:08 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\snxhk.dll. Reference error message: The operation completed successfully. .

2/20/2013 8:04:38 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{BF7ACC95-4026-49E9-B6D8-9114096FA471} because another computer on the network has the same name. The server could not start.

2/20/2013 7:43:51 AM, error: W32Time [46] - The time service encountered an error and was forced to shut down. The error was: 0x8007046A

2/20/2013 7:29:00 PM, error: Schedule [7901] - The At1.job command failed to start due to the following error: General access denied error

2/20/2013 7:09:50 AM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Alwil Software\Avast5\Setup\SetIFace.dll. Reference error message: Error Message is unavailable .

2/20/2013 4:23:23 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

.

==== End Of File ===========================

tlbailey79 · February 25, 2013

My Iobit Malware Fighter Log

IObit Malware Fighter

OS: Windows XP

Version: 1.7.0.0

Define Version: 1212

Time Elapsed: 00:56:38

Objects Scanned: 70097

Threats Found: 0

Save Time: 2/25/2013 12:49:06 PM

Scannan · February 25, 2013

tlbailey79

Welcome. Do you normally just post your logs in forums or is there a reason for doing so.

If so, then please state the reason. If you require assistance, then it would be simple courtesy to state your request, and to supply additional information, such as why you think you have a problem, and circumstances prior to the problem occurring.

This is a forum is made up of volunteers, who freely give of their time to assist other users. It is not very respectful to simply post your logs.

Superdave · February 25, 2013

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

*********************************************

Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

*************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1

Link 2

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

tlbailey79 · February 25, 2013

Actually I read the thread about how to post on here and this is what it said to do. In my title, I said that I think I may have spyware or something. And that my computer is slow.

tlbailey79

Welcome. Do you normally just post your logs in forums or is there a reason for doing so.
If so, then please state the reason. If you require assistance, then it would be simple courtesy to state your request, and to supply additional information, such as why you think you have a problem, and circumstances prior to the problem occurring.
This is a forum is made up of volunteers, who freely give of their time to assist other users. It is not very respectful to simply post your logs.

tlbailey79 · February 25, 2013

Superdave

Thank you, I will give all of this a try and let you know what happens. Thanks for your help.

tlbailey79 · February 25, 2013

Scannan and anyone else who is interested...

Some of the problems I've been having are: very slow use of whole computer, not just on internet. While on internet sometimes a window will pop up from my systray saying virtual memory too low. Sometimes pages will actually freeze up. I've ran all the tools in my iobit toolbox, that I can with the free version. I've done pre-boot scans and full and quick scans and anti-virus scans with avast! It was through Iobit that I found this forum. I thought I would give it a try. I'm just guessing that it's spyware, malware or similar problems that is wrong. My son plays games on Poptropica.com all the time and I'm guessing that's where all of this stuff is coming from. Although I am on Facebook a lot, but I don't play any of the games or anything on there. Just use the social network aspect of it.

Scannan · February 25, 2013

Thank you for the additional info. I noticed from your logs that you recently installed Razer Game Booster. Did the problem occur after this installation or did it exist before that.

tlbailey79 · February 26, 2013

Razer Booster

It started before that. When I was in the Iobit Toolbox, I noticed the Game Booster tool. Since my son was playing that game all the time, I thought maybe that might help. When I clicked on it, it had me download Razer Game Booster. It hasn't really helped me any, as far as I can tell. It seems to only work on the downloaded games on your computer.

tlbailey79 · February 26, 2013

Superdave--the log from AdwCleaner

# AdwCleaner v2.113 - Logfile created 02/25/2013 at 22:54:01

# Updated 23/02/2013 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Owner - KIDS

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Owner\My Documents\Downloads\AdwCleaner.exe

# Option [search]

***** [services] *****

Found : Application Updater

***** [Files / Folders] *****

File Found : C:\END

Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Found : C:\Documents and Settings\All Users\Start Menu\Programs\DealPly

Folder Found : C:\Documents and Settings\Owner\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Owner\Application Data\DealPly

Folder Found : C:\Documents and Settings\Owner\Application Data\PriceGong

Folder Found : C:\Documents and Settings\Owner\Application Data\Search Settings

Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\Owner\Local Settings\Application Data\ConduitEngine

Folder Found : C:\Documents and Settings\Tiffanni\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Tiffanni\Application Data\Search Settings

Folder Found : C:\Documents and Settings\Tiffanni\Local Settings\Application Data\AVG Secure Search

Folder Found : C:\Documents and Settings\Tiffanni\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\Tiffanni\Local Settings\Application Data\ConduitEngine

Folder Found : C:\Program Files\Application Updater

Folder Found : C:\Program Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\AVG Secure Search

Folder Found : C:\Program Files\Common Files\spigot

Folder Found : C:\Program Files\ConduitEngine

Folder Found : C:\Program Files\DealPly

Folder Found : C:\Program Files\Viewpoint

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Freecause

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\AVG Secure Search

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\conduitEngine

Key Found : HKCU\Software\DealPly

Key Found : HKCU\Software\FCTB000100493

Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\PerformerSoft

Key Found : HKCU\Software\PriceGong

Key Found : HKCU\Software\Search Settings

Key Found : HKCU\Software\SmartBar

Key Found : HKCU\Toolbar

Key Found : HKLM\Software\Application Updater

Key Found : HKLM\Software\AVG Secure Search

Key Found : HKLM\Software\AVG Security Toolbar

Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook

Key Found : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1

Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\conduitEngine

Key Found : HKLM\Software\DealPly

Key Found : HKLM\SOFTWARE\FCTB000100493

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje

Key Found : HKLM\Software\MetaStream

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{18005F07-6081-4A4C-92F5-4C0752FAB478}

Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DealPly

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer

Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP

Key Found : HKLM\Software\Search Settings

Key Found : HKLM\Software\Viewpoint

Key Found : HKU\S-1-5-21-632029342-3332899112-3667181100-1008\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}

Key Found : HKU\S-1-5-21-632029342-3332899112-3667181100-1008\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Found : HKU\S-1-5-21-632029342-3332899112-3667181100-1008\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={71F05EC3-362D-4907-8CC6-0A2A8E206F96}&mid=9dedc080a63747d0ac78d15b79314112-9c5e518529b2018398dd93ecf8db9016db0dca29&lang=en&ds=ka011&pr=sa&d=2012-03-17 08:43:57&pid=avg&sg=&v=14.2.0.1&sap=nt

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\1o958ysv.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10806 octets] - [25/02/2013 22:54:01]

AdwCleaner[R2].txt - [408 octets] - [25/02/2013 22:56:35]

########## EOF - C:\AdwCleaner[R1].txt - [10926 octets] ##########

Scannan · February 26, 2013

At this point it is better if you follow SuperDaves instructions. Otherwise it may become confusing.

tlbailey79 · February 26, 2013

MBAM Log

Malwarebytes Anti-Malware 1.70.0.1100

http://www.malwarebytes.org

Database version: v2013.02.26.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Owner :: KIDS [administrator]

2/25/2013 11:12:04 PM

mbam-log-2013-02-25 (23-12-04).txt

Scan type: Full scan (C:\|)

Scan options disabled: P2P

Objects scanned: 310264

Time elapsed: 2 hour(s), 31 minute(s), 20 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

tlbailey79 · February 26, 2013

Superdave: And Finally Security Check Log

Results of screen317's Security Check version 0.99.59

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Free Antivirus

AVG Security Toolbar

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.70.0.1100

Windows Cleaner

Java 6 Update 21

Java 2 Runtime Environment, SE v1.4.2_03

Java version out of Date!

Adobe Flash Player 11.6.602.168

Adobe Reader 6 Adobe Reader out of Date!

Mozilla Firefox (19.0)

````````Process Check: objlist.exe by Laurent````````

IObit IObit Malware Fighter IMFsrv.exe

IObit IObit Malware Fighter IMF.exe

Alwil Software Avast5 AvastSvc.exe

Alwil Software Avast5 avastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:: 3%

````````````````````End of Log``````````````````````

tlbailey79 · February 26, 2013

Scannan

If you see something that may be wrong, don't hesitate to tell me. I can keep up, as long as someone is telling me what to do. I've done all that he has asked. From what I could tell in the logs, there were no infections, unless you or him can see otherwise.

Scannan · February 26, 2013

Hi tlbailey79

Thank you for the feedback. You are in the very best hands with Superdave. and he will issue you with further instructions as required. He will have your machine back in top shape for you.

Superdave · February 26, 2013

Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

***************************************************

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

************************************************

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

***********************************************

Download Combofix from any of the links below, and save it to your DESKTOP.

If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1

Link 2

Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

tlbailey79 · February 26, 2013

ComboFix Log

ComboFix 13-02-26.01 - Owner 02/26/2013 17:53:32.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.708 [GMT -5:00]

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Owner\WINDOWS

c:\program files\Internet Explorer\SET917.tmp

c:\program files\Internet Explorer\SET919.tmp

c:\windows\system32\_000005_.tmp.dll

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\Cache

c:\windows\system32\Cache\2404e639410ff74b.fb

c:\windows\system32\Cache\26c630d098e22dd5.fb

c:\windows\system32\Cache\272512937d9e61a4.fb

c:\windows\system32\Cache\287204568329e189.fb

c:\windows\system32\Cache\28bc8f716fd76a47.fb

c:\windows\system32\Cache\2c53092c95605355.fb

c:\windows\system32\Cache\31a0997e9a5b5eb3.fb

c:\windows\system32\Cache\32c84fe32bb74d60.fb

c:\windows\system32\Cache\382cd3247a1e37e5.fb

c:\windows\system32\Cache\3917078cb68ec657.fb

c:\windows\system32\Cache\45b3cc7567a6d0cf.fb

c:\windows\system32\Cache\590ba23ce359fd0c.fb

c:\windows\system32\Cache\610289e025a3ee9a.fb

c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb

c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb

c:\windows\system32\Cache\6d03dad1035885d3.fb

c:\windows\system32\Cache\95f567698be8a182.fb

c:\windows\system32\Cache\a8556537add6dfc5.fb

c:\windows\system32\Cache\aa1b786fd61cb93a.fb

c:\windows\system32\Cache\ad10a52aff5e038d.fb

c:\windows\system32\Cache\c1055196d87d4121.fb

c:\windows\system32\Cache\c1fa887b03019701.fb

c:\windows\system32\Cache\c4d28dca2e7648be.fb

c:\windows\system32\Cache\d201ef9910cd39de.fb

c:\windows\system32\Cache\d2e94710a5708128.fb

c:\windows\system32\Cache\d79b9dfe81484ec4.fb

c:\windows\system32\Cache\e0de16f883bea794.fb

c:\windows\system32\Cache\f998975c9cc711ee.fb

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

c:\windows\wininit.ini

.

((((((((((((((((((((((((( Files Created from 2013-01-26 to 2013-02-26 )))))))))))))))))))))))))))))))

.

2013-02-26 22:09 . 2013-02-26 22:09 73728 ----a-w- c:\windows\system32\javacpl.cpl

2013-02-26 22:09 . 2013-02-26 22:08 477168 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-02-26 04:09 . 2013-02-26 04:10 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-02-24 20:25 . 2013-02-24 20:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla

2013-02-24 20:24 . 2013-02-24 20:24 -------- d-----w- c:\program files\Mozilla Maintenance Service

2013-02-24 17:47 . 2012-05-08 23:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2013-02-24 17:46 . 2010-11-26 23:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2013-02-24 17:43 . 2013-02-24 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}

2013-02-22 21:29 . 2013-02-22 21:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Razer

2013-02-22 21:27 . 2013-02-22 21:27 -------- d-----w- c:\program files\Razer

2013-02-22 21:27 . 2013-02-22 21:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Razer

2013-02-22 21:14 . 2013-02-22 21:14 -------- d-----w- c:\program files\Vtools Toolbar

2013-02-22 21:13 . 2013-02-22 21:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Vtools

2013-02-22 21:13 . 2013-02-22 21:13 -------- d-----w- c:\program files\Vtools

2013-02-20 21:18 . 2013-02-20 21:18 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Free_i-Dressup

2013-02-20 15:01 . 2013-02-24 20:36 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-20 15:01 . 2013-02-24 20:36 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-20 00:28 . 2013-02-20 00:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\getsavin

2013-02-20 00:28 . 2013-02-20 00:28 -------- d-----w- c:\documents and settings\Owner\Application Data\0F0C1V0V1L1C2Z2Y1T1I0F1T1H1L1I1L1P1B

2013-02-15 22:04 . 2013-02-15 22:04 208448 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

2013-02-12 15:07 . 2013-02-18 17:05 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2013-02-12 03:49 . 2013-02-12 03:49 -------- d-----w- c:\program files\Microsoft Silverlight

2013-02-12 03:43 . 2013-02-12 03:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Logitech

2013-02-12 03:43 . 2013-02-12 03:43 -------- d-----w- c:\program files\Logitech

2013-02-11 21:42 . 2013-02-11 21:42 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Unity

2013-02-11 16:50 . 2012-11-02 02:02 375296 ------w- c:\windows\system32\dllcache\dpnet.dll

2013-02-11 16:45 . 2011-08-16 10:45 6144 ------w- c:\windows\system32\dllcache\iecompat.dll

2013-02-11 16:45 . 2012-10-13 00:09 22400 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-26 22:08 . 2010-11-04 18:55 473072 ----a-w- c:\windows\system32\deployJava1.dll

2013-01-26 03:55 . 2004-08-10 17:51 552448 ----a-w- c:\windows\system32\oleaut32.dll

2013-01-07 01:16 . 2004-08-10 17:51 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-07 00:36 . 2004-08-04 03:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-01-04 01:20 . 2004-08-10 17:51 1867264 ----a-w- c:\windows\system32\win32k.sys

2013-01-02 06:49 . 2004-08-10 17:51 1292288 ----a-w- c:\windows\system32\quartz.dll

2013-01-02 06:49 . 2004-08-10 17:51 148992 ----a-w- c:\windows\system32\mpg2splt.ax

2012-12-26 20:16 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll

2012-12-26 20:16 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-12-26 20:16 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-24 06:40 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec

2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 21:49 . 2011-11-01 17:29 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-02-16 00:35 . 2013-02-24 20:24 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{5BFEFF94-6411-4B74-A947-4969134B24DE}"= "c:\program files\Vtools Toolbar\IE\6.9\vtoolsToolbarIE.dll" [2013-02-08 1353024]

"{810a18c2-8c07-be74-21b6-b8261b1487fd}"= "c:\program files\BucksBee Loyalty Plugin - OpenInstall\Helper.dll" [2012-03-17 361984]

.

[HKEY_CLASSES_ROOT\clsid\{5bfeff94-6411-4b74-a947-4969134b24de}]

.

[HKEY_CLASSES_ROOT\clsid\{810a18c2-8c07-be74-21b6-b8261b1487fd}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{EB6979FB-8AB5-5024-452B-B60A303C9F89}]

[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{5BFEFF94-6411-4B74-A947-4969134B24DE}]

2013-02-08 15:46 1353024 ----a-w- c:\program files\Vtools Toolbar\IE\6.9\vtoolsToolbarIE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{BA368F67-C9D7-4053-945D-1FACA7F9B6FC}]

2013-02-20 00:25 78648 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\getsavin\ie\getsavin_1361319902.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-03-06 23:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare 6"="c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe" [2013-01-15 491840]

"SmartRAM"="c:\program files\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe" [2013-01-15 547648]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GB_UPDATE"="c:\program files\Razer\Razer Game Booster\AutoUpdate.exe/AUTORUN" [X]

"Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]

"EKAiO2StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKAiO2MUI.exe" [2011-03-01 2421760]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-07-13 98304]

"IObit Malware Fighter"="c:\program files\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^iMicro Wireless Utility.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\iMicro Wireless Utility.lnk

backup=c:\windows\pss\iMicro Wireless Utility.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Conime]

2008-04-14 00:12 27648 ----a-w- c:\windows\system32\conime.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]

2004-07-19 12:51 306688 ----a-w- c:\program files\Dell Support\DSAgnt.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]

2005-01-27 06:02 86016 ----a-w- c:\program files\Dell\Media Experience\DMXLauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EKAIO2StatusMonitor]

2011-03-01 21:47 2421760 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\EKAiO2MUI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]

2005-01-23 21:31 126976 ----a-w- c:\windows\system32\hkcmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2005-01-23 21:36 155648 ----a-w- c:\windows\system32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]

2003-09-04 01:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]

2004-07-27 21:50 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]

2004-07-27 21:50 81920 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]

2011-03-28 19:41 1910152 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QBReminderFlash]

2004-11-11 15:26 26112 ----a-w- c:\program files\Intuit\QuickBooks 2005\Atom\QBReminder.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2005-07-13 16:19 98304 ----a-w- c:\program files\QuickTime\qttask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]

2005-07-13 16:19 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2004-10-15 00:42 1404928 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-09-17 17:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"JavaQuickStarterService"=2 (0x2)

"Kodak AiO Network Discovery Service"=2 (0x2)

"Hamachi2Svc"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiMalware]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=

"c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=

"c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=

"c:\\Program Files\\BucksBee Loyalty Plugin - OpenInstall\\TroubleShooter.exe"=

"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5353:UDP"= 5353:UDP:Bonjour Port 5353

"9322:TCP"= 9322:TCP:EKDiscovery

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2/24/2013 12:46 PM 14776]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/27/2011 11:30 AM 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [9/24/2010 4:21 PM 337880]

R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2/12/2013 10:07 AM 33112]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [11/17/2012 1:31 PM 465216]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/24/2010 4:21 PM 20696]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [1/4/2012 1:22 PM 822624]

R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [11/20/2010 12:10 PM 38144]

R2 IMFservice;IMF Service;c:\program files\IObit\IObit Malware Fighter\IMFsrv.exe [2/24/2013 12:45 PM 821592]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [10/1/2011 7:30 AM 508776]

R3 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\FileMonitor.sys [2/24/2013 12:45 PM 246816]

R3 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\RegFilter.sys [2/24/2013 12:45 PM 30408]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 9:23 PM 584680]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 9:23 PM 209512]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 9:23 PM 20584]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 9:23 PM 18280]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [10/1/2011 7:30 AM 219496]

R3 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\Drivers\wxp_x86\UrlFilter.sys [2/24/2013 12:45 PM 16248]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/25/2013 11:09 PM 40776]

S3 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe --> c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\Razer\Razer Game Booster\Driver\WinRing0.sys [11/13/2012 9:53 PM 14416]

S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/28/2011 2:41 PM 1242504]

S4 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\EKAiOHostService.exe [3/9/2011 12:29 PM 366000]

.

Contents of the 'Scheduled Tasks' folder

.

2013-02-26 c:\windows\Tasks\SmartDefragUpdate.job

- c:\program files\IObit\Smart Defrag 2\AutoUpdate.exe [2013-02-24 16:06]

.

2013-02-26 c:\windows\Tasks\SmartDefrag_Startup.job

- c:\program files\IObit\Smart Defrag 2\SmartDefrag.exe [2013-02-24 20:11]

.

2013-02-26 c:\windows\Tasks\WindowsCleanerLoginCheckUpdate.job

- c:\program files\Vtools\Windows Cleaner\AutoUpdate.exe [2013-02-22 21:10]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\1o958ysv.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - ExtSQL: 2013-02-26 17:09; {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-vProt - c:\program files\AVG Secure Search\vprot.exe

MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe

MSConfigStartUp-Play Pickle - c:\program files\Play Pickle\playpickle32.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2013-02-26 18:14

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_168_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

Completion time: 2013-02-26 18:20:11

ComboFix-quarantined-files.txt 2013-02-26 23:20

.

Pre-Run: 58,416,275,456 bytes free

Post-Run: 59,337,703,424 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

.

- - End Of File - - F66CDA31984CC64315838E02E4978C24

Superdave · February 26, 2013

SysProt Antirootkit

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
[*]At the bottom of the page
- Hidden Objects Only << Selected
[*]Click on the Create Log button on the bottom right.
[*]After a few seconds a new window should appear.
[*]Select Scan Root Drive. Click on the Start button.
[*]When it is complete a new window will appear to indicate that the scan is finished.
[*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

tlbailey79 · February 27, 2013

SysProt Log

SysProt AntiRootkit v1.0.1.0

by swatkat

******************************************************************************************

No Hidden Processes found

******************************************************************************************

Kernel Modules:

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

Service Name: ---

Module Base: F7E06000

Module End: F7E08000

Hidden: Yes

Module Name: \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys

Service Name: catchme

Module Base: F7BBC000

Module End: F7BC4000

Hidden: Yes

******************************************************************************************

SSDT:

Function Name: ZwAddBootEntry

Address: EEA00DF8

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwAllocateVirtualMemory

Address: EEA8DA5A

Driver Base: EEA82000

Driver End: EEAD3000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwAssignProcessToJobObject

Address: EEA0185E

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwClose

Address: EEA2DD5D

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEvent

Address: EEA062E4

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateEventPair

Address: EEA06330

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateIoCompletion

Address: EEA06422

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateKey

Address: EEA2D711

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateMutant

Address: EEA06252

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSection

Address: EEA06374

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateSemaphore

Address: EEA0629A

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwCreateTimer

Address: EEA063DC

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteBootEntry

Address: EEA00E44

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteKey

Address: EEA2E423

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDeleteValueKey

Address: EEA2E6D9

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwDuplicateObject

Address: EEA039A8

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateKey

Address: EEA2E28E

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwEnumerateValueKey

Address: EEA2E0F9

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwFreeVirtualMemory

Address: EEA8DB34

Driver Base: EEA82000

Driver End: EEAD3000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwLoadDriver

Address: EEA00AD6

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwModifyBootEntry

Address: EEA00E90

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeKey

Address: EEA03D1C

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwNotifyChangeMultipleKeys

Address: EEA01B02

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEvent

Address: EEA0630E

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenEventPair

Address: EEA06352

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenIoCompletion

Address: EEA06446

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenKey

Address: EEA2DA6D

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenMutant

Address: EEA06278

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenProcess

Address: EEA03518

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSection

Address: EEA063AE

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenSemaphore

Address: EEA062C2

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenThread

Address: EEA0374C

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwOpenTimer

Address: EEA06400

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwProtectVirtualMemory

Address: EEA8DCA0

Driver Base: EEA82000

Driver End: EEAD3000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwQueryKey

Address: EEA2DF74

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryObject

Address: EEA019CE

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwQueryValueKey

Address: EEA2DDC6

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwRenameKey

Address: EEA97B68

Driver Base: EEA82000

Driver End: EEAD3000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwRestoreKey

Address: EEA2CD84

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootEntryOrder

Address: EEA00EDC

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetBootOptions

Address: EEA00F28

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemInformation

Address: EEA00B46

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetSystemPowerState

Address: EEA00CEA

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSetValueKey

Address: EEA2E52A

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwShutdownSystem

Address: EEA00C92

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwSystemDebugControl

Address: EEA00D5A

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwTerminateProcess

Address: EEA8DD60

Driver Base: EEA82000

Driver End: EEAD3000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

Function Name: ZwVdmControl

Address: EEA00F74

Driver Base: EE9E8000

Driver End: EEA82000

Driver Name: \SystemRoot\System32\Drivers\aswSnx.SYS

Function Name: ZwWriteVirtualMemory

Address: EEA8DBE0

Driver Base: EEA82000

Driver End: EEAD3000

Driver Name: \SystemRoot\System32\Drivers\aswSP.SYS

******************************************************************************************

Kernel Hooks:

Hooked Function: ZwCreateProcessEx

At Address: 8058304C

Jump To: EEAA3D96

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: PsGetProcessInheritedFromUniqueProcessId

At Address: 804FD889

Jump To: EAAC805A

Module Name: _unknown_

Hooked Function: ObMakeTemporaryObject

At Address: 8059EA42

Jump To: EEAA0C8C

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

Hooked Function: ObInsertObject

At Address: 8056513A

Jump To: EEAA274C

Module Name: C:\WINDOWS\System32\Drivers\aswSP.SYS

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

Superdave · February 27, 2013

How's your computer running now?

ESET Online Scan

Scan your computer with the ESET FREE Online Virus Scan

* Click the ESET Online Scanner button.

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

In your next reply please include the ESET Online Scan Log

tlbailey79 · February 27, 2013

It seems to be running quite a bit better. But I did have the virtual memory error pop up today. The highest running VM processes in my task manager were Firefox.exe, IMF.exe and plugin-container.exe...which from what I've read are pretty standard.

tlbailey79 · February 28, 2013

It said there were no threats found and I didn't see the link "List of Found Threats".

Superdave · February 28, 2013

You can read about that low memory problem here. Give it a try and tell me what happens.

tlbailey79 · March 1, 2013

Thanks SuperDave. I had already read that article. I also already did what it asked. It isn't doing it as often, but it is still doing it.

Slow Computer--Possible Malware or Spyware

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Archived