John - nice to chat with you again........but it's always when I have a problem...I do appreciate it.
Here are the results of the ComboFix and HijackThis scans..
OOps - it looks like I can't post the CoboFix log - it's 19.7kb and don't have room for it. How do I delete my other attchements to make room?
ComboFix 13-06-08.02 - Gary 06/08/2013 22:03:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3071.2220 [GMT -7:00]
Running from: c:\documents and settings\Gary\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gary\Application Data\OneTab\OnETab.dll
c:\documents and settings\Gary\Application Data\PriceGong
c:\documents and settings\Gary\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Gary\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Gary\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Rosemary\Application Data\PriceGong
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\2256.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Rosemary\Application Data\PriceGong\Data\z.txt
c:\windows\system32\PowerToyReadme.htm
c:\windows\tmp
c:\windows\tmp\dd_vcredistMSI0A02.txt
c:\windows\tmp\dd_vcredistMSI2790.txt
c:\windows\tmp\dd_vcredistUI0A02.txt
c:\windows\tmp\dd_vcredistUI2790.txt
c:\windows\tmp\qtsingleapp-koboex-f4a6-0-lockfile
.
.
((((((((((((((((((((((((( Files Created from 2013-05-09 to 2013-06-09 )))))))))))))))))))))))))))))))
.
.
2013-06-09 04:48 . 2013-06-09 04:48 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85828CDA-4323-4A4C-8822-A7EE540DF37A}\MpKsl16751333.sys
2013-06-08 19:46 . 2013-06-08 19:46 -------- d-sh--w- c:\documents and settings\ALLISON\IECompatCache
2013-06-08 15:06 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85828CDA-4323-4A4C-8822-A7EE540DF37A}\mpengine.dll
2013-06-06 18:38 . 2013-05-13 06:19 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-31 00:46 . 2013-05-31 00:55 -------- d-----w- c:\documents and settings\Rosemary\Application Data\vlc
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 04:02 . 2012-11-02 19:53 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-15 04:02 . 2012-11-02 19:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 15:28 . 2012-11-02 21:08 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2008-04-14 12:42 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2008-04-14 12:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-04-16 22:17 . 2008-04-14 12:41 43520 ------w- c:\windows\system32\licmgr10.dll
2013-04-12 23:28 . 2008-04-14 07:07 385024 ------w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2008-04-14 08:00 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 21:50 . 2012-11-02 19:59 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-04 12:35 . 2013-04-26 15:27 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 20:11 . 2013-01-25 03:35 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTo1.dll" [2013-05-20 231712]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
2013-05-20 09:21 231712 ----a-w- c:\program files\uTorrentControl_v2\prxtbuTo1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7473b6bd-4691-4744-a82b-7854eb3d70b6}"= "c:\program files\uTorrentControl_v2\prxtbuTo1.dll" [2013-05-20 231712]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7473B6BD-4691-4744-A82B-7854EB3D70B6}"= "c:\program files\uTorrentControl_v2\prxtbuTo1.dll" [2013-05-20 231712]
.
[HKEY_CLASSES_ROOT\clsid\{7473b6bd-4691-4744-a82b-7854eb3d70b6}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2009-01-12 2908160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-05 39408]
"Facebook Update"="c:\documents and settings\Gary\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-03-01 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2009-01-17 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-04-03 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-12-22 295072]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Gary\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*
isabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/2/2012 5:46 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/2/2012 5:46 PM 361032]
R1 MpKsl16751333;MpKsl16751333;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{85828CDA-4323-4A4C-8822-A7EE540DF37A}\MpKsl16751333.sys [6/8/2013 9:48 PM 29904]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/2/2012 5:46 PM 21256]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [11/2/2012 12:59 PM 418376]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/2/2012 12:59 PM 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [11/29/2012 9:31 PM 38608]
R2 WajamUpdater;WajamUpdater;c:\program files\Wajam\Updater\WajamUpdater.exe [10/5/2012 8:08 AM 109064]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/2/2012 12:59 PM 22856]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1236MK3);c:\windows\system32\drivers\wfeaglxt.sys [11/2/2012 2:48 PM 433792]
S1 ccmrssud;ccmrssud;\??\c:\windows\system32\drivers\ccmrssud.sys --> c:\windows\system32\drivers\ccmrssud.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 1:55 PM 161536]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL16751333
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-02 04:02]
.
2013-06-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-03 22:50]
.
2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-2147271927-682003330-1004Core.job
- c:\documents and settings\Gary\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-03-01 02:00]
.
2013-06-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-515967899-2147271927-682003330-1004UA.job
- c:\documents and settings\Gary\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-03-01 02:00]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 06:38]
.
2013-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 06:38]
.
2013-06-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2013-01-27 19:11]
.
2013-06-01 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-515967899-2147271927-682003330-1004.job
- c:\program files\RealNetworks\RealDownloader\recordingmanager.exe [2012-11-30 04:33]
.
2013-06-08 c:\windows\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-515967899-2147271927-682003330-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 04:31]
.
2013-06-08 c:\windows\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-515967899-2147271927-682003330-1004.job
- c:\program files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-30 04:31]
.
2013-06-09 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-2147271927-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-06-08 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-515967899-2147271927-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-06-09 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-2147271927-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-06-08 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-515967899-2147271927-682003330-1007.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-06-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-515967899-2147271927-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-06-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-2147271927-682003330-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-11-30 23:30]
.
2013-06-09 c:\windows\Tasks\User_Feed_Synchronization-{A6CE507B-BB34-4002-8EE5-A5F6775BB409}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 12:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
https://www.google.ca/
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 64.59.160.15 64.59.161.69
Handler: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - c:\program files\TurboTax 2012\ic2012pp.dll
FF - ProfilePath - c:\documents and settings\Gary\Application Data\Mozilla\Firefox\Profiles\tptxpxqc.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=100000027&locale=en_US&apn_uid=6F579782-BC02-4951-AFCE-CBF7554E1973&apn_ptnrs=%5EU3&apn_sauid=612EB5E6-CD7E-4124-A850-B85297077307&apn_dtid=%5EOSJ000%5EYY%5ECA&&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
HKLM-Run-NWEReboot - (no file)
AddRemove-RealPlayer 16.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-06-08 22:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 9:45:14 PM, on 6/8/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
FIREFOX: 18.0.1 (en-US)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Wajam\Updater\WajamUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\program files\real\realplayer\update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gary\Local Settings\Temporary Internet Files\Content.IE5\FRWCUVW6\HijackThis[1].exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
https://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: (no name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
R3 - URLSearchHook: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTo1.dll
O2 - BHO: OneTab Add-on - {16ADEA98-D215-4F51-80AF-5E5ED660B9C0} - C:\Documents and Settings\Gary\Application Data\OneTab\OneTab.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: uTorrentControl_v2 - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTo1.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: uTorrentControl_v2 Toolbar - {7473b6bd-4691-4744-a82b-7854eb3d70b6} - C:\Program Files\uTorrentControl_v2\prxtbuTo1.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Gary\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-21-515967899-2147271927-682003330-1007\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Rosemary')
O4 - HKUS\S-1-5-21-515967899-2147271927-682003330-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Rosemary')
O4 - HKUS\S-1-5-21-515967899-2147271927-682003330-1007\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User 'Rosemary')
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1351879282989
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1351891621265
O18 - Protocol: intu-tt2012 - {02F985EF-502B-4597-993F-6BF9E004C138} - C:\Program Files\TurboTax 2012\ic2012pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WajamUpdater - Wajam - C:\Program Files\Wajam\Updater\WajamUpdater.exe
--
End of file - 11743 bytes