Somehow I have picked up Funmoods and cannot get rid of it. I ununstalled it ... but it is still there and will not let me change my primary seaarch provider. Also started to see some redirect issues in Internet Explorer.
Here is the MalwareBytes log (it was a full scan, I had completed it prior to realizing I needed to come to this site for help):
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.07.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ed :: ED-NXAIBJWWPXN5 [administrator]
11/7/2012 8:20:38 PM
mbam-log-2012-11-07 (20-20-38).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288255
Time elapsed: 5 hour(s), 9 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 12
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: af47eb11d2c194b396ff726a469ec377 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 15
C:\Documents and Settings\Ed\My Documents\Downloads\JDast_installer.exe (Trojan.AVKill) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033402.exe (Trojan.AVKill) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033426.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033427.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033428.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033429.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033432.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP299\A0033486.exe (Trojan.AVKill) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\escortApp.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\escortEng.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\escorTlbr.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\funmoodssrv.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ed\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
(end)
GMER Log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-11-08 20:23:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75DEA0 rev.05.03E05
Running: rr94c86h.exe; Driver: C:\WINDOWS\TEMP\awaiyuoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys (G Data Software AG)
---- EOF - GMER 1.0.15 ----
DDS Logs:
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Ed at 20:26:30 on 2012-11-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.469 [GMT -5:00]
.
AV: G Data TotalSecurity 2012 *Enabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G Data Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0CtDtA0FtD0EyEtC0D0B0F0Ezy0B0BzytN0D0Tzu0CtAtCtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=152496871
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: G Data WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - c:\program files\g data\totalsecurity\webfilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - c:\program files\common files\g data\avkproxy\BanksafeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: G Data WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - c:\program files\g data\totalsecurity\webfilter\AvkWebIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [G Data AntiVirus Tray Application] c:\program files\g data\totalsecurity\avktray\AVKTray.exe
mRun: [GDFirewallTray] c:\program files\g data\totalsecurity\firewall\GDFirewallTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5A0DE531-0B77-487D-B443-F8C892D9FD93} : DHCPNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-2-11 40440]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2012-2-11 30200]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-2-11 79992]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-2-12 69112]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-2-11 40568]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\common files\g data\avkproxy\AVKProxy.exe [2011-5-3 1499656]
R2 AVKService;G Data Scheduler;c:\program files\g data\totalsecurity\avk\AVKService.exe [2011-5-3 409608]
R2 AVKWCtl;G Data Filesystem Monitor;c:\program files\g data\totalsecurity\avk\AVKWCtl.exe [2011-5-3 1554184]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2012-2-11 52216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-7 399432]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 GDFwSvc;G Data Personal Firewall;c:\program files\g data\totalsecurity\firewall\GDFwSvc.exe [2011-5-3 1613424]
R3 GDScan;G Data Scanner;c:\program files\common files\g data\gdscan\GDScan.exe [2011-5-3 457536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-7 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-7 676936]
S3 GDBackupSvc;G Data Backup Service;c:\program files\g data\totalsecurity\avkbackup\AVKBackupService.exe [2011-5-3 1498616]
S3 GDTunerSvc;G Data Tuner Service;c:\program files\g data\totalsecurity\avktuner\AVKTunerService.exe [2011-5-3 960504]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-2-4 16968]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-08 18:03:37 -------- d-----w- c:\program files\MSXML 4.0
2012-11-08 18:01:30 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-08 17:31:09 -------- d-----w- c:\program files\Microsoft Download Manager
2012-11-07 16:42:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-07 02:41:14 -------- d-----w- c:\documents and settings\ed\application data\Funmoods
2012-11-07 02:20:41 -------- d-----w- c:\documents and settings\ed\application data\jdnetmon
2012-11-07 01:53:58 -------- d-----w- c:\documents and settings\ed\application data\jdast
2012-11-07 01:53:57 -------- d-----w- c:\program files\JDAST
2012-11-07 01:52:02 -------- d-----w- c:\documents and settings\ed\local settings\application data\Wajam
2012-10-21 15:40:28 -------- d-----w- c:\program files\common files\Symantec Shared
2012-10-21 15:40:04 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-10-21 15:39:57 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-10-10 03:05:04 -------- d-----w- C:\128908204b16f6cc63734c
.
==================== Find3M ====================
.
2012-11-08 18:00:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-08 18:00:58 473072 -c--a-w- c:\windows\system32\deployJava1.dll
2012-11-08 06:48:15 858424 -c--a-w- c:\windows\system32\sig.bin
2012-10-09 17:00:21 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:00:21 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:29:19 2192896 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 -c--a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 20:27:26.09 ===============
And:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/20/2009 8:51:45 PM
System Uptime: 11/8/2012 12:16:24 PM (8 hours ago)
.
Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 17.015 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01551028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01551028&REV_02\4&1C660DD6&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP281: 10/19/2012 6:25:49 AM - System Checkpoint
RP282: 10/20/2012 6:49:35 AM - System Checkpoint
RP283: 10/21/2012 7:38:44 AM - System Checkpoint
RP284: 10/22/2012 7:56:36 AM - System Checkpoint
RP285: 10/23/2012 8:14:43 AM - System Checkpoint
RP286: 10/24/2012 9:42:22 AM - System Checkpoint
RP287: 10/25/2012 10:40:31 AM - System Checkpoint
RP288: 10/26/2012 11:52:13 AM - System Checkpoint
RP289: 10/27/2012 12:08:55 PM - System Checkpoint
RP290: 10/28/2012 12:17:37 PM - System Checkpoint
RP291: 10/29/2012 12:49:49 PM - System Checkpoint
RP292: 10/30/2012 1:49:19 PM - System Checkpoint
RP293: 10/31/2012 2:44:09 PM - System Checkpoint
RP294: 11/1/2012 5:53:22 PM - System Checkpoint
RP295: 11/2/2012 6:01:31 PM - System Checkpoint
RP296: 11/3/2012 6:08:02 PM - System Checkpoint
RP297: 11/4/2012 6:20:18 PM - System Checkpoint
RP298: 11/5/2012 6:25:17 PM - System Checkpoint
RP299: 11/6/2012 10:47:09 PM - System Checkpoint
RP300: 11/8/2012 3:00:20 AM - Software Distribution Service 3.0
RP301: 11/8/2012 12:31:07 PM - Installed Microsoft Download Manager
RP302: 11/8/2012 1:03:35 PM - Installed MSXML 4.0 SP3 Parser
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 2012
Bonjour
Canon Camera Access Library
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Utility
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
CCleaner
Compatibility Pack for the 2007 Office system
Dell Picture Studio - Dell Image Expert
G Data TotalSecurity 2012
Google Earth Plug-in
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Michigan 2010
H&R Block Michigan 2011
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB954550-v5)
ieSpell
Intel(R) PRO Network Adapters and Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 37
JDs Auto Speed Tester
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft ASP.NET Web Pages
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server System CLR Types
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
NVIDIA Windows 2000/XP Display Drivers
Primo
QuickTime
Registry Mechanic 10.0
Runtime
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923789)
Sony Picture Utility
SoundMAX
swMSM
Uniblue SpeedUpMyPC
Uniblue SystemTweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 12:13:16 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
11/8/2012 1:21:28 PM, error: Service Control Manager [7031] - The G Data AntiVirus Proxy service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/5/2012 5:21:42 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
11/5/2012 3:40:15 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:15 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:14 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:13 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:13 PM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:13 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:13 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
Here is the MalwareBytes log (it was a full scan, I had completed it prior to realizing I needed to come to this site for help):
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org
Database version: v2012.11.07.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ed :: ED-NXAIBJWWPXN5 [administrator]
11/7/2012 8:20:38 PM
mbam-log-2012-11-07 (20-20-38).txt
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 288255
Time elapsed: 5 hour(s), 9 minute(s), 32 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 12
HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} (PUP.FunMoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.
Registry Values Detected: 1
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: af47eb11d2c194b396ff726a469ec377 -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 15
C:\Documents and Settings\Ed\My Documents\Downloads\JDast_installer.exe (Trojan.AVKill) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033402.exe (Trojan.AVKill) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033426.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033427.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033428.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033429.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP298\A0033432.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F32A3879-B8DD-4E00-ABC9-14C9B2FD324E}\RP299\A0033486.exe (Trojan.AVKill) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\escort.dll (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\escortApp.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\escortEng.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\escorTlbr.dll (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\is263093\funmoodssrv.exe (PUP.FunMoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ed\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Quarantined and deleted successfully.
C:\Documents and Settings\Ed\Local Settings\Application Data\funmoods.crx (PUP.Funmoods) -> Quarantined and deleted successfully.
(end)
GMER Log:
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-11-08 20:23:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD400BB-75DEA0 rev.05.03E05
Running: rr94c86h.exe; Driver: C:\WINDOWS\TEMP\awaiyuoc.sys
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys (G Data Software AG)
Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys (G Data Software AG)
---- EOF - GMER 1.0.15 ----
DDS Logs:
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Ed at 20:26:30 on 2012-11-08
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1279.469 [GMT -5:00]
.
AV: G Data TotalSecurity 2012 *Enabled/Updated* {71310606-6F3B-49F2-9A81-8315AA75FBB3}
FW: G Data Personal Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Secunia\PSI\sua.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.com/
mStart Page = hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1Qzu0CtDtA0FtD0EyEtC0D0B0F0Ezy0B0BzytN0D0Tzu0CtAtCtCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=152496871
uInternet Connection Wizard,ShellNext = "c:\program files\outlook express\msimn.exe"
BHO: G Data WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - c:\program files\g data\totalsecurity\webfilter\AvkWebIE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: G Data BankGuard: {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - c:\program files\common files\g data\avkproxy\BanksafeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: G Data WebFilter: {0124123D-61B4-456f-AF86-78C53A0790C5} - c:\program files\g data\totalsecurity\webfilter\AvkWebIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [G Data AntiVirus Tray Application] c:\program files\g data\totalsecurity\avktray\AVKTray.exe
mRun: [GDFirewallTray] c:\program files\g data\totalsecurity\firewall\GDFirewallTray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5A0DE531-0B77-487D-B443-F8C892D9FD93} : DHCPNameServer = 192.168.1.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-2-11 40440]
R0 GDNdisIc;GDNdisIc;c:\windows\system32\drivers\GDNdisIc.sys [2012-2-11 30200]
R1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-2-11 79992]
R1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-2-12 69112]
R1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-2-11 40568]
R2 AVKProxy;G Data AntiVirus Proxy;c:\program files\common files\g data\avkproxy\AVKProxy.exe [2011-5-3 1499656]
R2 AVKService;G Data Scheduler;c:\program files\g data\totalsecurity\avk\AVKService.exe [2011-5-3 409608]
R2 AVKWCtl;G Data Filesystem Monitor;c:\program files\g data\totalsecurity\avk\AVKWCtl.exe [2011-5-3 1554184]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [2012-2-11 52216]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-7 399432]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-10-14 994360]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-10-14 399416]
R3 GDFwSvc;G Data Personal Firewall;c:\program files\g data\totalsecurity\firewall\GDFwSvc.exe [2011-5-3 1613424]
R3 GDScan;G Data Scanner;c:\program files\common files\g data\gdscan\GDScan.exe [2011-5-3 457536]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-7 22856]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-7 676936]
S3 GDBackupSvc;G Data Backup Service;c:\program files\g data\totalsecurity\avkbackup\AVKBackupService.exe [2011-5-3 1498616]
S3 GDTunerSvc;G Data Tuner Service;c:\program files\g data\totalsecurity\avktuner\AVKTunerService.exe [2011-5-3 960504]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2011-2-4 16968]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys --> c:\windows\system32\drivers\sxuptp.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-08 18:03:37 -------- d-----w- c:\program files\MSXML 4.0
2012-11-08 18:01:30 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-11-08 17:31:09 -------- d-----w- c:\program files\Microsoft Download Manager
2012-11-07 16:42:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-07 02:41:14 -------- d-----w- c:\documents and settings\ed\application data\Funmoods
2012-11-07 02:20:41 -------- d-----w- c:\documents and settings\ed\application data\jdnetmon
2012-11-07 01:53:58 -------- d-----w- c:\documents and settings\ed\application data\jdast
2012-11-07 01:53:57 -------- d-----w- c:\program files\JDAST
2012-11-07 01:52:02 -------- d-----w- c:\documents and settings\ed\local settings\application data\Wajam
2012-10-21 15:40:28 -------- d-----w- c:\program files\common files\Symantec Shared
2012-10-21 15:40:04 -------- d-----w- c:\documents and settings\all users\application data\Norton
2012-10-21 15:39:57 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller
2012-10-10 03:05:04 -------- d-----w- C:\128908204b16f6cc63734c
.
==================== Find3M ====================
.
2012-11-08 18:00:59 73728 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-08 18:00:58 473072 -c--a-w- c:\windows\system32\deployJava1.dll
2012-11-08 06:48:15 858424 -c--a-w- c:\windows\system32\sig.bin
2012-10-09 17:00:21 73656 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:00:21 696760 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 17:01:22 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-08-21 17:01:22 106928 ----a-w- c:\windows\system32\GEARAspi.dll
2012-08-21 13:29:19 2192896 -c--a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 -c--a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 20:27:26.09 ===============
And:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 3/20/2009 8:51:45 PM
System Uptime: 11/8/2012 12:16:24 PM (8 hours ago)
.
Motherboard: Dell Computer Corp. | | 02Y832
Processor: Intel(R) Pentium(R) 4 CPU 2.66GHz | Microprocessor | 2660/533mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 17.015 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/100 VE Network Connection
Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01551028&REV_02\4&1C660DD6&0&40F0
Manufacturer: Intel
Name: Intel(R) PRO/100 VE Network Connection
PNP Device ID: PCI\VEN_8086&DEV_1050&SUBSYS_01551028&REV_02\4&1C660DD6&0&40F0
Service: E100B
.
==== System Restore Points ===================
.
RP281: 10/19/2012 6:25:49 AM - System Checkpoint
RP282: 10/20/2012 6:49:35 AM - System Checkpoint
RP283: 10/21/2012 7:38:44 AM - System Checkpoint
RP284: 10/22/2012 7:56:36 AM - System Checkpoint
RP285: 10/23/2012 8:14:43 AM - System Checkpoint
RP286: 10/24/2012 9:42:22 AM - System Checkpoint
RP287: 10/25/2012 10:40:31 AM - System Checkpoint
RP288: 10/26/2012 11:52:13 AM - System Checkpoint
RP289: 10/27/2012 12:08:55 PM - System Checkpoint
RP290: 10/28/2012 12:17:37 PM - System Checkpoint
RP291: 10/29/2012 12:49:49 PM - System Checkpoint
RP292: 10/30/2012 1:49:19 PM - System Checkpoint
RP293: 10/31/2012 2:44:09 PM - System Checkpoint
RP294: 11/1/2012 5:53:22 PM - System Checkpoint
RP295: 11/2/2012 6:01:31 PM - System Checkpoint
RP296: 11/3/2012 6:08:02 PM - System Checkpoint
RP297: 11/4/2012 6:20:18 PM - System Checkpoint
RP298: 11/5/2012 6:25:17 PM - System Checkpoint
RP299: 11/6/2012 10:47:09 PM - System Checkpoint
RP300: 11/8/2012 3:00:20 AM - Software Distribution Service 3.0
RP301: 11/8/2012 12:31:07 PM - Installed Microsoft Download Manager
RP302: 11/8/2012 1:03:35 PM - Installed MSXML 4.0 SP3 Parser
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask Toolbar
AVG 2012
Bonjour
Canon Camera Access Library
CANON iMAGE GATEWAY MyCamera Download Plugin
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Utilities CameraWindow DC 8
Canon Utilities CameraWindow Launcher
Canon Utilities Digital Photo Professional 3.10
Canon Utilities EOS Utility
Canon Utilities Movie Uploader for YouTube
Canon Utilities MyCamera
Canon Utilities ZoomBrowser EX
CCleaner
Compatibility Pack for the 2007 Office system
Dell Picture Studio - Dell Image Expert
G Data TotalSecurity 2012
Google Earth Plug-in
Google SketchUp 8
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block Deluxe + Efile + State 2010
H&R Block Deluxe + Efile + State 2011
H&R Block Michigan 2010
H&R Block Michigan 2011
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB954550-v5)
ieSpell
Intel(R) PRO Network Adapters and Drivers
iTunes
Java Auto Updater
Java(TM) 6 Update 37
JDs Auto Speed Tester
Malwarebytes Anti-Malware version 1.65.1.1000
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft ASP.NET Web Pages
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Download Manager
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Basic Edition 2003
Microsoft Office File Validation Add-In
Microsoft Silverlight
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server System CLR Types
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
NVIDIA Windows 2000/XP Display Drivers
Primo
QuickTime
Registry Mechanic 10.0
Runtime
Secunia PSI (2.0.0.4003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923789)
Sony Picture Utility
SoundMAX
swMSM
Uniblue SpeedUpMyPC
Uniblue SystemTweaker
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB951978)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
11/8/2012 12:13:16 PM, error: Service Control Manager [7034] - The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
11/8/2012 1:21:28 PM, error: Service Control Manager [7031] - The G Data AntiVirus Proxy service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/5/2012 5:21:42 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The authentication service is unknown.
11/5/2012 3:40:15 PM, error: Service Control Manager [7034] - The Secunia Update Agent service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:15 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:14 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:13 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:13 PM, error: Service Control Manager [7034] - The NVIDIA Driver Helper Service service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:13 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:13 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
11/5/2012 3:40:10 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================