Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

Popup for Free Computer Backup

This is a discussion on Popup for Free Computer Backup within the Resolved HJT Threads forums, part of the Tech Support Forum category. Our laptop computer constantly opens pop windows with the following message: Reminder Your Computer Is Not Backed Up, Backup Your


 
 
Thread Tools Search this Thread
Old 01-04-2014, 10:53 PM   #1
Registered Member
 
Join Date: Jan 2014
Posts: 3
OS: Windows XP



Our laptop computer constantly opens pop windows with the following message:

Reminder
Your Computer Is Not Backed Up, Backup Your Files Online Today
FREE Computer Backup Available

The first Malwarebytes scan I ran last week had more than a thousand potentially unwanted programs. I removed them all. The last Malwarebytes scan did not find any problems.

The operating system is Windows XP Home Edition. We do not have access to a Windows Install disc or a Boot CD.

Also "TrustLoke Toolbar" is in the Add or Remove Programs list and cannot be removed.

Steve

--

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.25.2
Run by Britten McDowell at 11:13:46 on 2014-01-04
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.565 [GMT -7:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\MyPC Backup\BackupStack.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MyPC Backup\MyPC Backup.exe
C:\WINDOWS\system32\igfxext.exe
C:\DOCUME~1\BRITTE~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://inboxtoolbar.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=aoa150
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=0&o=xph&d=0609&m=aoa150
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://inboxtoolbar.com/search/ie.aspx?tbid=80289
mCustomizeSearch = hxxp://inboxtoolbar.com/help/sa_customize.aspx?tbid=80289
uURLSearchHooks: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - <orphaned>
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
uURLSearchHooks: <No Name>: {00A6FAF6-072E-44cf-8957-5838F569A31D} -
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - c:\documents and settings\eli mcdowell\local settings\application data\downloadterms\temp.dat
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {7736C7FA-512D-11E2-B871-DEC36088709B} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: My Web Search: {07B18EA9-A523-4961-B6BB-170DE4475CCA} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Desk 365] "c:\program files\desk 365\desk365.exe" /autorun
uRun: [Driver Pro] c:\program files\driver pro\DPLauncher.exe
uRun: [RDReminder] c:\program files\regclean pro\RegCleanPro.exe -rem
uRun: [SpeedUpMyPC] "c:\program files\uniblue\speedupmypc\launcher.exe" -d 20000
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_11_7_700_224_Plugin.exe -update plugin
mRun: [LaunchApp] Alaunch
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\installshield\AzMixerSel.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\eRAgent.exe
mRun: [Panasonic Device Manager for Multi-Function Station software] c:\program files\panasonic\mfstation\PCCMFSDM.exe
mRun: [Panasonic PCFAX for Multi-Function Station software] c:\program files\panasonic\mfstation\KmPcFax.exe -1
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ApnTBMon] "c:\program files\askpartnernetwork\toolbar\updater\TBNotifier.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [SearchProtect] c:\windows\system32\config\systemprofile\application data\searchprotect\bin\cltmng.exe
StartupFolder: c:\docume~1\britte~1\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: &Search - <no file>
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1244859527375
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/search/search?q={searchTerms}&s_it=sgmao-ff&s_qt=sb&tb_uuid=814ACD5AACA947768C119C20F37B0477&tb_oid=30-10-2013&tb_mrud=09-12-2013
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko10.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko11.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko12.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko5.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko6.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko7.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko8.dll
FF - component: c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{2d922b81-34c7-4aab-9c5d-433e79fc9445}\components\RadioWMPCoreGecko9.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\mywebsearch\bar\1.bin\NPMYWEBS.DLL
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-12-12 11:41; ext@bettersurfplusv1.com; c:\program files\bettersurf\bettersurfplusv1\ff
FF - ExtSQL: 2013-12-12 12:16; webbooster@iminent.com; c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\webbooster@iminent.com.xpi
FF - ExtSQL: 1969-12-31 17:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; c:\documents and settings\britten mcdowell\application data\mozilla\firefox\profiles\i7dpjn3u.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
FF - ExtSQL: !HIDDEN! 2009-09-04 06:03; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2011-11-08 21:23; m3ffxtbr@mywebsearch.com; c:\program files\mywebsearch\bar\1.bin
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
FF - user.js: extentions.y2layers.installId - 7d786fdf-a0f6-45a7-96c2-cd83c80d33dd
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - f001c7b100000000000000242b23e7c3
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15937
FF - user.js: extensions.delta.vrsn - 1.8.24.6
FF - user.js: extensions.delta.vrsni - 1.8.24.6
FF - user.js: extensions.delta.vrsnTs - 1.8.24.616:48:19
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=122786&tt=200813_246&tsp=4980
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 214696]
R2 APNMCP;Ask Update Service;c:\program files\askpartnernetwork\toolbar\apnmcp.exe [2013-12-10 166352]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2013-7-1 32808]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\panaso~1\localcom\lmsrvnt.exe [2009-7-16 36864]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-3-6 39056]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [2008-5-5 151936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2011-4-22 34320]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S2 TorchCrashHandler;Torch Crash Handler;c:\documents and settings\em\local settings\application data\torch\update\torchcrashhandler.exe --> c:\documents and settings\em\local settings\application data\torch\update\TorchCrashHandler.exe [?]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2009-6-12 96856]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-01-04 17:35:06 -------- d--h--w- c:\windows\PIF
2014-01-04 06:36:05 62576 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90204e40-6dc3-48df-8408-f9e73dc38c37}\offreg.dll
2014-01-03 07:00:58 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{90204e40-6dc3-48df-8408-f9e73dc38c37}\mpengine.dll
2014-01-01 22:55:57 7760024 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-01-01 22:42:28 -------- d-----w- c:\documents and settings\britten mcdowell\application data\Malwarebytes
2013-12-29 06:38:33 -------- d-----w- c:\windows\system32\MRT
2013-12-28 19:31:47 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-12-28 18:35:24 12928 -c----w- c:\windows\system32\dllcache\usb8023x.sys
2013-12-28 18:18:20 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-12-28 17:51:20 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2013-12-28 17:51:20 3072 ------w- c:\windows\system32\iacenc.dll
2013-12-28 17:16:28 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2013-12-28 06:47:35 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-12-28 06:47:30 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-28 06:47:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-20 18:18:02 22370928 ----a-w- c:\program files\mozilla firefox\xul.dll
2013-12-20 18:18:02 108144 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-12-20 18:18:01 872352 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2013-12-20 18:18:01 276592 ----a-w- c:\program files\mozilla firefox\updater.exe
2013-12-20 18:18:01 170960 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-12-20 18:18:01 153712 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2013-12-20 00:11:35 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-12-20 00:08:31 -------- d-----w- c:\program files\iPod
2013-12-20 00:08:04 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-12-20 00:08:03 -------- d-----w- c:\program files\iTunes
2013-12-20 00:04:52 -------- d-----w- c:\program files\Bonjour
2013-12-19 21:35:05 -------- d-----w- C:\video_out
2013-12-17 03:40:20 -------- d-----w- c:\program files\weDownload
2013-12-14 20:39:18 -------- d-----w- c:\program files\Amazon
2013-12-12 19:05:16 -------- d-----w- c:\documents and settings\britten mcdowell\local settings\application data\InternetHelper3.1
2013-12-09 2235 -------- d-----w- c:\documents and settings\britten mcdowell\local settings\application data\SearchProtect
.
==================== Find3M ====================
.
2013-11-19 10:21:30 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-13 02:59:42 150528 ----a-w- c:\windows\system32\imagehlp.dll
2013-11-07 05:38:51 591360 ----a-w- c:\windows\system32\rpcrt4.dll
2013-11-06 01:03:31 7168 ----a-w- c:\windows\system32\xpsp4res.dll
2013-10-30 02:26:17 1879040 ----a-w- c:\windows\system32\win32k.sys
2013-10-23 23:45:49 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-10-12 15:56:19 278528 ----a-w- c:\windows\system32\oakley.dll
2013-10-09 13:12:48 287744 ----a-w- c:\windows\system32\gdi32.dll
2013-10-07 10:59:21 603136 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH: 11:14:02.04 ===============
Attached Files
File Type: zip attach.zip (5.2 KB, 19 views)

__________________
steveb84 is offline  
Old 01-15-2014, 11:59 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,397
OS: XP SP3; Win7 32/64-bit



Hello Steve. Do you still need help?

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 01-16-2014, 06:31 PM   #3
Registered Member
 
Join Date: Jan 2014
Posts: 3
OS: Windows XP



Yes, we still need help.
__________________
steveb84 is offline  
Old 01-16-2014, 07:02 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,397
OS: XP SP3; Win7 32/64-bit



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

My Web Search<<Please read this

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Delete
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 01-21-2014, 11:13 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,397
OS: XP SP3; Win7 32/64-bit



Still with us, steveb84? Any trouble with those last instructions?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
Old 01-22-2014, 07:16 PM   #6
Registered Member
 
Join Date: Jan 2014
Posts: 3
OS: Windows XP



I understand the instructions, but I no longer have access to the computer now that I have returned home from the holidays. It's my niece's computer. She lives in another state.

I'll run AdwCleaner next time I visit, but it probably won't be until this summer.

It would probably be best to close this thread now. Thanks for your help.
__________________
steveb84 is offline  
Old 01-23-2014, 04:42 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 26,397
OS: XP SP3; Win7 32/64-bit



You're very welcome, Steve! Glad to have helped.

__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Suspect audio virus and tool bar removal
Good evening and thank you for your efforts so far. I use an Acer AX1200-B1581A running Win 7 64 bit. Every audio source that I play is interrupted with silence or tone intervention. This includes internet sources as well as CD drive. I am older, my glasses are in the shop and I sincerely hope I...
sonofwilliam Resolved HJT Threads 81 03-19-2013 08:30 AM
PC is taking up all my backup HDD space.
My external HDD recently died on me, and I removed it from the case and put it in my PC in order to retrieve the data and fix up a few problems that occurred. It's been in my PC for the last few weeks while I've been doing all this, and up until today I didn't have any issues other than the fact my...
timW Hard Drive Support 3 10-02-2012 11:30 AM
~*~Mixed Bag of Problems~*~
Hi, everyone! I have had a lot of problems with my computer lately and I'm hoping someone would be able to help me out. The most pressing issue right now is that my e-mail is sending out Spam links when I'm not even on my computer. The first time it happened, I changed my password, but tonight the...
TabbyCat725 Virus/Trojan/Spyware Help 156 07-09-2012 07:50 PM
Power Supply Information and Selection
:smile: CHOOSING AND UNDERSTANDING A POWER SUPPLY UNIT The power supply unit in today’s modern computer assumes a role probably more critical than any other single component in your system even when compared to the CPU and motherboard. Therefore, there are multiple factors that must...
Tumbleweed36 RAM and Power Supply Support 0 07-09-2006 03:41 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:50 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts