Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Trojan horse Agent4.XZT ?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Trojan horse Agent4.XZT ?

Unread postby ProblemBoy » February 6th, 2013, 10:34 pm

Apparently I have once again caught a virus. My computer seems to be running alright, but AVG tells me that I have a Trojan Horse located in a inaccessible area. It displays two messages after running the scan. This problem first showed up in a scan on Feb. 4.
"";"C:\Program Files\Real\RealPlayer\Update\realsched.exe (3856)";"Trojan horse Agent4.XZT";"Deleted"
"";"C:\Program Files\Real\RealPlayer\Update\realsched.exe (3856):\C:\Program Files\Real\RealPlayer\Update\realsched.exe:\memory";"Trojan horse Agent4.XZT";"Infected"
The DDS scan was completed and copies are below. I await your further instructions. Thank you.

DDS Notepad
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.13.2
Run by Anthony at 21:01:29 on 2013-02-06
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.308 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
\??\C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\snmp.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\14.0.0\ToolbarUpdater.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\real\realplayer\update\realsched.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg2012\avgssie.dll
BHO: DriveLetterAccess: {5CA3D70E-1895-11CF-8E15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.0.7\AVG Secure Search_toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Cooliris Plug-In for Internet Explorer: {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - c:\program files\piclensie\cooliris.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\program files\windows live toolbar\msntb.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\14.0.0.7\AVG Secure Search_toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [WorkForce 435(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatihra.exe /fu "c:\docume~1\anthony\locals~1\temp\E_S74.tmp" /EF "HKCU"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [TFncKy] TFncKy.exe
mRun: [TDispVol] TDispVol.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logitech setpoint.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\metama~1.lnk - c:\program files\metamail inc\metamail tray\Metamail Trust Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ramasst.lnk - c:\windows\system32\RAMASST.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {3437D640-C91A-458f-89F5-B9095EA4C28B} - {04F93351-81D2-4484-9982-0D55DEFFFAE6} - c:\program files\piclensie\cooliris.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Custom ... anager.CAB
DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} - hxxp://www.schaeffersresearch.com/download/CfxIEAx.cab
DPF: {24BACF02-5676-11D3-B8DE-00105A17A9E6} - hxxp://www.schaeffersresearch.com/Downl ... ancial.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v ... b56649.cab
DPF: {CBD8B1CB-2F5F-415F-93E8-A297B33DCBB2} - hxxp://entriq.vo.llnwd.net/o1/NBCUniver ... _0_0_5.cab
DPF: {CE7D2BF2-D173-4CE2-9DAF-15EA153B5B43} - hxxp://entriq.vo.llnwd.net/o1/NBCUniver ... Silent.cab
DPF: {DE0FB644-C59B-46D1-B650-88BA945BC98F} - hxxp://entriq.vo.llnwd.net/o1/NBCUniver ... _0_0_7.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{22692D1F-4F17-4FB2-AF0E-1B69FE9576AD} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\14.0.0\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\anthony\application data\mozilla\firefox\profiles\yer9dd8q.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.msn.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\documents and settings\anthony\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\anthony\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\anthony\application data\move networks\plugins\npqmp071705000014.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\14.0.0\npsitesafety.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft research\hdview for firefox\nphdview.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-12-14 23:18; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: !HIDDEN! 2008-03-01 20:33; {3112ca9c-de6d-4884-a869-9855de68056c}; c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_de ... e06d36c&q=
FF - user.js: extensions.BabylonToolbar.id - 002d7f930000000000000018de06d36c
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15675
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.823:10:12
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - irhnew
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 250080]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2012-9-4 31576]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-11-2 5174392]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\epson\epsoncustomerparticipation\EPCP.exe [2011-6-9 521600]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2006-2-15 14336]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-10-14 10384]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
R2 vToolbarUpdater14.0.0;vToolbarUpdater14.0.0;c:\program files\common files\avg secure search\vtoolbarupdater\14.0.0\ToolbarUpdater.exe [2012-12-26 945480]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 142176]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S1 MpKsle16d8c51;MpKsle16d8c51;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e4c32a8c-6984-483b-b45e-1faccd4b53f2}\mpksle16d8c51.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e4c32a8c-6984-483b-b45e-1faccd4b53f2}\MpKsle16d8c51.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-11-9 196376]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
.
=============== Created Last 30 ================
.
2013-02-06 13:56:58 91544 ----a-w- c:\program files\mozilla firefox\nssdbm3.dll
2013-02-05 13:01:44 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-05 13:01:30 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-26 03:53:15 -------- d-----w- c:\program files\iPod
2013-01-26 03:52:36 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-26 03:52:35 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2013-02-05 13:00:35 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-05 13:00:34 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-16 02:29:41 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-16 02:29:39 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-26 13:16:13 31576 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-15 04:16:10 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-15 04:16:10 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-12-10 08:28:36 142176 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2006-11-03 04:34:16 14879120 ----a-w- c:\program files\GoogleEarthWin.exe
.
============= FINISH: 21:01:51.85 ===============

DDS Attached-Notepad
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2006 5:47:49 PM
System Uptime: 2/6/2013 2:36:12 PM (7 hours ago)
.
Motherboard: Intel Corporation | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2050 @ 1.60GHz | U1 | 1596/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 93 GiB total, 27.407 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart C5100 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C5100 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6000 E609n
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Officejet 6000 E609n
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
RP461: 11/9/2012 1:38:17 PM - System Checkpoint
RP462: 11/10/2012 2:23:06 PM - System Checkpoint
RP463: 11/11/2012 3:17:46 PM - System Checkpoint
RP464: 11/12/2012 11:42:19 PM - System Checkpoint
RP465: 11/14/2012 9:32:23 AM - System Checkpoint
RP466: 11/15/2012 9:00:33 AM - Software Distribution Service 3.0
RP467: 11/16/2012 10:10:56 AM - System Checkpoint
RP468: 11/17/2012 4:56:26 PM - System Checkpoint
RP469: 11/18/2012 7:22:23 PM - System Checkpoint
RP470: 11/19/2012 8:42:44 PM - System Checkpoint
RP471: 11/21/2012 12:21:27 AM - System Checkpoint
RP472: 11/22/2012 12:30:47 AM - System Checkpoint
RP473: 11/23/2012 9:32:46 AM - System Checkpoint
RP474: 11/24/2012 10:17:07 AM - System Checkpoint
RP475: 11/25/2012 10:34:39 AM - System Checkpoint
RP476: 11/26/2012 11:10:58 AM - System Checkpoint
RP477: 11/27/2012 11:40:36 AM - System Checkpoint
RP478: 11/28/2012 11:50:30 AM - System Checkpoint
RP479: 11/30/2012 7:20:12 PM - System Checkpoint
RP480: 12/1/2012 9:13:49 PM - System Checkpoint
RP481: 12/2/2012 9:34:24 PM - System Checkpoint
RP482: 12/3/2012 11:27:17 PM - System Checkpoint
RP483: 12/5/2012 10:22:07 AM - System Checkpoint
RP484: 12/6/2012 9:51:45 PM - System Checkpoint
RP485: 12/7/2012 11:33:53 PM - System Checkpoint
RP486: 12/9/2012 2:59:43 PM - System Checkpoint
RP487: 12/10/2012 5:23:23 PM - System Checkpoint
RP488: 12/11/2012 9:03:25 PM - System Checkpoint
RP489: 12/12/2012 9:44:39 PM - System Checkpoint
RP490: 12/13/2012 12:52:13 AM - Software Distribution Service 3.0
RP491: 12/14/2012 8:17:54 AM - System Checkpoint
RP492: 12/15/2012 8:53:01 AM - System Checkpoint
RP493: 12/16/2012 9:28:35 AM - System Checkpoint
RP494: 12/17/2012 9:54:44 AM - System Checkpoint
RP495: 12/18/2012 11:06:39 AM - System Checkpoint
RP496: 12/19/2012 4:45:33 PM - System Checkpoint
RP497: 12/20/2012 6:43:38 PM - System Checkpoint
RP498: 12/21/2012 9:00:20 AM - Software Distribution Service 3.0
RP499: 12/22/2012 9:12:28 AM - System Checkpoint
RP500: 12/23/2012 12:35:39 PM - System Checkpoint
RP501: 12/25/2012 1:04:12 PM - System Checkpoint
RP502: 12/26/2012 6:27:04 PM - System Checkpoint
RP503: 12/27/2012 8:21:09 PM - System Checkpoint
RP504: 12/28/2012 8:40:05 PM - System Checkpoint
RP505: 12/29/2012 9:21:08 PM - System Checkpoint
RP506: 12/30/2012 10:29:07 PM - System Checkpoint
RP507: 1/1/2013 11:19:02 AM - System Checkpoint
RP508: 1/2/2013 3:34:00 PM - System Checkpoint
RP509: 1/3/2013 5:21:33 PM - System Checkpoint
RP510: 1/4/2013 7:55:07 AM - Software Distribution Service 3.0
RP511: 1/5/2013 10:30:41 AM - System Checkpoint
RP512: 1/6/2013 12:57:59 PM - System Checkpoint
RP513: 1/7/2013 4:39:13 PM - System Checkpoint
RP514: 1/8/2013 5:03:58 PM - System Checkpoint
RP515: 1/9/2013 9:00:32 AM - Software Distribution Service 3.0
RP516: 1/10/2013 9:15:19 AM - System Checkpoint
RP517: 1/11/2013 10:12:03 AM - System Checkpoint
RP518: 1/12/2013 10:18:10 AM - System Checkpoint
RP519: 1/13/2013 10:31:14 AM - System Checkpoint
RP520: 1/14/2013 10:48:19 AM - System Checkpoint
RP521: 1/15/2013 12:39:16 AM - Software Distribution Service 3.0
RP522: 1/16/2013 11:50:22 AM - System Checkpoint
RP523: 1/17/2013 12:08:57 PM - System Checkpoint
RP524: 1/18/2013 2:10:14 PM - System Checkpoint
RP525: 1/19/2013 10:58:29 AM - Installed Java 7 Update 11
RP526: 1/20/2013 11:41:42 AM - System Checkpoint
RP527: 1/21/2013 12:09:51 PM - System Checkpoint
RP528: 1/22/2013 12:41:42 PM - System Checkpoint
RP529: 1/23/2013 12:57:00 PM - System Checkpoint
RP530: 1/24/2013 5:35:04 PM - System Checkpoint
RP531: 1/25/2013 6:31:34 PM - System Checkpoint
RP532: 1/26/2013 7:34:16 PM - System Checkpoint
RP533: 1/27/2013 10:37:13 PM - System Checkpoint
RP534: 1/29/2013 9:53:08 AM - System Checkpoint
RP535: 1/30/2013 10:43:24 AM - System Checkpoint
RP536: 1/31/2013 10:47:59 AM - System Checkpoint
RP537: 2/1/2013 5:49:01 PM - System Checkpoint
RP538: 2/2/2013 7:45:53 PM - System Checkpoint
RP539: 2/3/2013 11:19:55 PM - System Checkpoint
RP540: 2/5/2013 7:59:42 AM - Removed Java 7 Update 11
RP541: 2/6/2013 8:44:18 AM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.6
Adobe® Photoshop® Album Starter Edition 3.2
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2012
AVG Security Toolbar
Babylon toolbar
Bejeweled 2 Deluxe
Bernie Schaeffer's Options 101 CD-ROM 4.0.1
Bing Bar
BlackBerry Desktop Software 5.0
Blasterball 2 Revolution
Bluetooth Stack for Windows by Toshiba
Bonjour
BufferChm
C6300
Call of Duty Game of the Year Edition
Cards_Calendar_OrderGift_DoMorePlugout
CASIO USB Driver V1.2.2474.0623
CCleaner
CD/DVD Drive Acoustic Silencer
CDDRV_Installer
Compatibility Pack for the 2007 Office system
Cooliris for Internet Explorer
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
DVD-RAM Driver
Encore LaunchPad 6.8.25.100
Entriq MediaSphere 3.5.2.2
Epson Connect
Epson Customer Participation
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON WorkForce 435 Series Printer Uninstall
EpsonNet Print
erLT
ESPNMotion
eSupportQFolder
F4200
F4200_Help
Facebook Plug-In
FATE
GameCenter
GemMaster Mystic
GoforFiles
Gold Club Casino
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GPBaseService
GPBaseService2
HDView for Firefox
HighRoller
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hoyle Card Games 2007
HP Customer Participation Program 11.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 12.0
HP Photosmart C6300 All-In-One Driver Software 12.0 Rel .4
HP Photosmart Essential 3.5
HP Smart Web Printing
HP Solution Center 12.0
HP Update
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
HSP 1.0
HyperLoad - Golf Course
ImageMixer VCD/DVD2 for OLYMPUS
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
Java 7 Update 13
Java Auto Updater
JavaFX 2.1.1
KhalInstallWrapper
Learn-To-Count BlackJack 1.9
LG Android Drivers
LG USB Modem driver
Logitech SetPoint
LTCM Client
Macromedia Flash Player 8
MarketResearch
mCore
mDrWiFi
mHelp
Microsoft .NET Framework 1.0 Hotfix (KB2572066)
Microsoft .NET Framework 1.0 Hotfix (KB2604042)
Microsoft .NET Framework 1.0 Hotfix (KB2656378)
Microsoft .NET Framework 1.0 Security Update (KB2698035)
Microsoft .NET Framework 1.0 Security Update (KB2742607)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office OneNote 2003
Microsoft Office XP Professional
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
mIWA
mLogView
mMHouse
Motorola Driver Installation 3.9.0
Move Media Player
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
mWlsSafe
mXML
mZConfig
NBC Universal 1.0.0.7
Network
Office 2003 Trial Assistant
Ogg Codecs 0.81.15562
OLYMPUS Master
OLYMPUS Master 2
Otto
Paint.NET v3.36
Pantech Handset Driver
Polar Golfer
PS_AIO_04_C6300_Software_Min
PSSWCORE
Pure Sudoku 1.51
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Rhapsody Player Engine
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
Scan
SCRABBLE
SD Secure Module
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2491683)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Shop for HP Supplies
Skype Click to Call
Skype™ 5.10
SolutionCenter
Sonic DLA
Sonic Encoders
Sonic RecordNow!
Status
swMSM
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toolbox
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Game Console
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
Toshiba Registration
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA TV Tuner 4.0.12.73
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
TrayApp
Ultimate Sudoku
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB971029)
VideoToolkit01
WebFldrs XP
WebReg
Win@Baccarat - FREE 2.9
Win@Baccarat Gold with the Predictor System 5.4.20
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live installer
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Toolbar
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB2502898
Windows XP Media Center Edition 2005 KB2619340
Windows XP Media Center Edition 2005 KB2628259
Windows XP Service Pack 3
WinPatrol
World Series of Poker: TOC
.
==== Event Viewer Messages From Past Week ========
.
1/31/2013 9:19:28 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
1/31/2013 4:31:17 PM, error: Dhcp [1002] - The IP address lease 192.168.1.102 for the Network Card with network address 0018DE06D36C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
1/31/2013 3:18:13 PM, error: Dhcp [1002] - The IP address lease 192.168.1.18 for the Network Card with network address 0018DE06D36C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am
Advertisement
Register to Remove

Re: Trojan horse Agent4.XZT ?

Unread postby melboy » February 7th, 2013, 2:54 pm

Hi and welcome back to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


============================================

C:\Program Files\Real\RealPlayer\Update\realsched.exe

The AVG detection looks like a false positive. realsched.exe is a Real Player file.


There are however some minor issues that warrant attention.


AdwCleaner

Download AdwCleaner from HERE & save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Trojan horse Agent4.XZT ?

Unread postby ProblemBoy » February 7th, 2013, 6:48 pm

Hi melboy
I believe that you hit that nail on the head with that false positive. I guess that AVG figured it out too. When it scanned this morning, it reported no infections. I ran ADWCleaner anyway and here are the results:
# AdwCleaner v2.111 - Logfile created 02/07/2013 at 17:40:53
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Anthony - TOSHIBA-ANTHONY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Anthony\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\Anthony\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Anthony\Application Data\Babylon
Folder Found : C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\Conduit
Folder Found : C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\ConduitEngine
Folder Found : C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\FCTB
Folder Found : C:\Documents and Settings\Anthony\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Anthony\Local Settings\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Folder Found : C:\Program Files\AVG Secure Search
Folder Found : C:\Program Files\BabylonToolbar
Folder Found : C:\Program Files\Common Files\AVG Secure Search

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\CompeteInc
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\AskBarDis
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Found : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Found : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\CompeteInc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-3304055149-1954678347-4170687932-1005\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-3304055149-1954678347-4170687932-1005\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b4757e6315273824c2fc2bda390-d14d9d7676ea468029005a1912d8d52f98de9b94&lang=en&ds=AVG&pr=fr&d=2011-10-09 15:10:24&pid=avg&sg=&v=14.0.0.7&sap=nt

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\prefs.js

Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "002d7f930000000000000018de06d36c");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15675");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.823:10:12");

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.11] : homepage = "hxxps://isearch.avg.com/?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b4757e6315273824c2fc2bda390-d14d9d7676ea468029005a1912d8d52f98de9b94&lang=en&ds=AVG&pr=fr&d=2011-10-09 15:10:24&v=12.2.5.32&sap=hp",
Found [l.15] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b4757e6315273824c2fc2bda390-d14d9d7676ea468029005a1912d8d52f98de9b94&lang=en&ds=AVG&pr=fr&d=2011-10-09 15:10:24&v=12.2.5.32&sap=hp" ]
Found [l.40] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Found [l.43] : keyword = "isearch.avg.com",
Found [l.46] : search_url = "hxxp://isearch.avg.com/search?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b4757e6315273824c2fc2bda390-d14d9d7676ea468029005a1912d8d52f98de9b94&lang=en&ds=AVG&pr=fr&d=2011-10-09 15:10:24&v=10.0.0.7&sap=dsp&q={searchTerms}",
Found [l.230] : homepage = "hxxps://isearch.avg.com/?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b4757e6315273824c2fc2bda390-d14d9d7676ea468029005a1912d8d52f98de9b94&lang=en&ds=AVG&pr=fr&d=2011-10-09 15:10:24&v=12.2.5.32&sap=hp",
Found [l.554] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b4757e6315273824c2fc2bda390-d14d9d7676ea468029005a1912d8d52f98de9b94&lang=en&ds=AVG&pr=fr&d=2011-10-09 15:10:24&v=12.2.5.32&sap=hp" ]

*************************

AdwCleaner[R1].txt - [17145 octets] - [07/02/2013 17:40:53]

########## EOF - C:\AdwCleaner[R1].txt - [17206 octets] ##########

What type of problems did you spot?
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Trojan horse Agent4.XZT ?

Unread postby melboy » February 8th, 2013, 1:34 pm

ProblemBoy wrote:What type of problems did you spot?

There are entries in the DDS log pertaining to Babylon Toolbar. Whilst not malicious, this can be considered a PUP/PUA (Potentially Unwanted Program/Application) by some, as it often arrives on users systems unsolicited.

If you've knowingly installed it, we can leave it, or we can remove it.

What would you like to do?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Trojan horse Agent4.XZT ?

Unread postby ProblemBoy » February 8th, 2013, 3:44 pm

I have no idea what the Babylon Toolbar is (does it come from Babylonia?), so let's get rid of it.
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Trojan horse Agent4.XZT ?

Unread postby melboy » February 8th, 2013, 4:06 pm

AdwCleaner

  • Double click AdwCleaner.exe to run it.
  • Click Delete.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Trojan horse Agent4.XZT ?

Unread postby ProblemBoy » February 9th, 2013, 10:58 am

Thanks. Ran the program and here is the logfile.
# AdwCleaner v2.111 - Logfile created 02/09/2013 at 09:45:58
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Anthony - TOSHIBA-ANTHONY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Anthony\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\Anthony\Application Data\AVG Secure Search
Folder Deleted : C:\Documents and Settings\Anthony\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\Conduit
Folder Deleted : C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\FCTB
Folder Deleted : C:\Documents and Settings\Anthony\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Anthony\Local Settings\Application Data\AVG Secure Search
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\BabylonToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\CompeteInc
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://isearch.avg.com/tab?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b4757e6315273824c2fc2bda390-d14d9d7676ea468029005a1912d8d52f98de9b94&lang=en&ds=AVG&pr=fr&d=2011-10-09 15:10:24&pid=avg&sg=&v=14.0.0.7&sap=nt --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\prefs.js

C:\Documents and Settings\Anthony\Application Data\Mozilla\Firefox\Profiles\yer9dd8q.default\user.js ... Deleted !

Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "002d7f930000000000000018de06d36c");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15675");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.823:10:12");

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Anthony\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.11] : homepage = "hxxps://isearch.avg.com/?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b475[...]
Deleted [l.15] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={50A84824-4B9D-4CA1-B3A5-37FB[...]
Deleted [l.40] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.43] : keyword = "isearch.avg.com",
Deleted [l.46] : search_url = "hxxp://isearch.avg.com/search?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33[...]
Deleted [l.230] : homepage = "hxxps://isearch.avg.com/?cid={50A84824-4B9D-4CA1-B3A5-37FBB0443047}&mid=33300b4757e6[...]
Deleted [l.554] : urls_to_restore_on_startup = [ "hxxps://isearch.avg.com/?cid={50A84824-4B9D-4CA1-B3A5-37FBB04[...]

*************************

AdwCleaner[R1].txt - [17276 octets] - [07/02/2013 17:40:53]
AdwCleaner[S1].txt - [16755 octets] - [09/02/2013 09:45:58]

########## EOF - C:\AdwCleaner[S1].txt - [16816 octets] ##########
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Trojan horse Agent4.XZT ?

Unread postby melboy » February 10th, 2013, 4:02 am

Hi

Do you have any further problems?


TFC

Please download TFC by Old Timer to your desktop,

  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup-version.number.exe and follow the prompts to install the program.
  • At the end of the installation, Uncheck Enable the free trial Malwarebytes' Anti-Malware PRO
    (You can activate this when we've finished, if you wish)
  • Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Select the Settings tab, then the Scanner Settings tab
  • For Action for Potentially Unwanted Programs (PUP), choose Show in results list and check for removal
  • Select to the Scanner tab, select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when the application is started.
.
Note: If malware is found, MBAM may ask to reboot your computer so it can continue with the removal process - please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Trojan horse Agent4.XZT ?

Unread postby ProblemBoy » February 10th, 2013, 10:20 pm

Hi melboy,
I haven't had any new problems with the computer, but I did have something strange happen with your site. I received your email at 3:02 am and a second email at 11:23 am. The link on the first took me to the normal place. I don't know where the link in the second took me but it said that I was not authorized to read that forum. The link is: viewtopic.php?f=11&t=61420&p=621053&e=621053
TFC required a reboot. I usually run CCleaner every couple of weeks and I thought that I had (perhaps incorrectly) gotten it through your site. Just curious why you prefer TFC.
Malwarebytes did not offer the option for the pro version unless it was hidden somewhere. It did find one problem and corrected it. The log is:http://www.malwareremoval.com/forum/viewtopic.php?f=11&t=61420&p=621053&e=621053


Malwarebytes Anti-Malware 1.70.0.1100
http://www.malwarebytes.org

Database version: v2013.02.11.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Anthony :: TOSHIBA-ANTHONY [administrator]

2/10/2013 8:11:56 PM
mbam-log-2013-02-10 (20-11-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 262774
Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Documents and Settings\Anthony\My Documents\downloads\monte carlo anecdotes and systems of play.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Thanks for your help. I await any further instructions.
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Trojan horse Agent4.XZT ?

Unread postby melboy » February 11th, 2013, 7:34 pm

ProblemBoy wrote:I received your email at 3:02 am and a second email at 11:23 am. The link on the first took me to the normal place. I don't know where the link in the second took me but it said that I was not authorized to read that forum.
Nothing to worry about - it was a reply from an unauthorised poster & the post was subsequently removed.

ProblemBoy wrote:I usually run CCleaner every couple of weeks and I thought that I had (perhaps incorrectly) gotten it through your site. Just curious why you prefer TFC.
TFC specifically cleans temp files only. CCleaner cleans other things as well. For our purposes TFC is all we need.


Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are.


AdwCleaner

  • Double click AdwCleaner.exe to run it.
  • Click Uninstall.
  • Click Yes to the prompt.
    AdwCleaner will close and uninstall itself

Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.


========================================


General Security and Computer Health

Below are some steps to follow in order to dramatically lower the chances of infection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Clear System Restore Points

  • Turn System Restore off
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer
    -
  • Turn System Restore on
  • On the Desktop, right click on the My Computer icon.
  • Click Properties.
  • Click the System Restore tab.
  • Uncheck Turn off System Restore on all drives.
  • Click Apply
  • Click each drive in turn where system restore is not required and click Settings
    Note: System restore is only needed on drives with an operating system installed
  • For each drive without an operating system, check Turn off system restore on this drive, click Yes then click OK.
Note: only do this once, and not on a regular basis


  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    Uninstall Tools for Major Antivirus Products
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
  • Make Internet Explorer More Secure
    Even if you do not use Internet Explorer as you Primary/Default browser it is important to keep it updated. Internet Explorer can be utilised by other programs and therefore must be kept updated to avoid exploitable vulnerabilities.
    Internet Explorer 8 <<< Recommended Version


Recommended Programs

I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

  • Malwarebytes' Anti-Malware
    As you already have Malwarebytes' Anti-Malware on board I would keep it regularly updated and run regular quick scans with it. Malwarebytes' Anti-Malware is an anti-malware application that can thoroughly remove even the most advanced malware. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start.
    It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
  • Hosts File
    For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs and other applications & programs up to date.

Please read this guide: Computer Security - a short guide to staying safer online


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Trojan horse Agent4.XZT ?

Unread postby ProblemBoy » February 13th, 2013, 7:49 pm

Thanks again!
Things are going well, but I did run into a problem with Internet Explorer. It doesn't work and I remembered that it hasn't worked for a long time. When I try to bring it up, it appears as though it is going to work. It pops up and I see the tool bar and my home page in the address window and it says connecting. Then the word connecting blinks and it says something like there was a problem and it is recovering the page and the word connecting comes up again and stays there forever. I've tried going to other pages with the same results. So I assumed that there was a corrupt file and used the Windows add/remove program to remove it. Then, using Firefox, I downloaded Explorer 8 from Microsoft. Then I installed it and all the updates (the process toke about an hour, think I'd rather have watched paint dry). Once complete and rebooted I clicked on IE8 and got the exact same results as before. Somehow I still get the Windows automatic updates. To me this is only a convenience issue. Some sites want you to click for a download and they want to us IE, I copy the address and paste it to Firefox and get there. I don't know if this is your bailiwick or not. I think that the last time that I used your site, we did some work on IE and possibly removed something we shouldn't have. If you have access to those files it might help. Again, if you can't do anything it's OK.
Thanks again.
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Trojan horse Agent4.XZT ?

Unread postby melboy » February 14th, 2013, 3:16 am

Hi

  • Click Start > Run
  • Copy and paste the following command into the Run command window.
    Code: Select all
    iexplore -extoff
  • Click OK

Does IE open & run ok?
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Trojan horse Agent4.XZT ?

Unread postby ProblemBoy » February 14th, 2013, 7:14 pm

The saga continues.
When I opened Internet Explorer using the run method, I got the following message:


"Internet Explorer is currently running without add-ons

All Internet Explorer add-ons, such as ActiveX controls or toolbars, are turned off. Some webpages might not display correctly.
To continue to your home page, click the Home button.
To browse using add-ons, close Internet Explorer and then start it again.
Check for the latest Windows updates.


How do browser add-ons affect my browsing experience?"


So I activated the windows tool bar and did not find Active X in the add-ons. I then opened IE the normal way and it appeared to run ok until I tried connecting to a site using a new tab. Back to the same problem I originally had. Then I closed IE and reopen it using run and got the following:

"Internet Explorer is currently running without add-ons

All Internet Explorer add-ons, such as ActiveX controls or toolbars, are turned off. Some webpages might not display correctly.
To continue to your home page, click the Home button.
To browse using add-ons, close Internet Explorer and then start it again.
Check for the latest Windows updates.


How do browser add-ons affect my browsing experience?"


Now what?
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am

Re: Trojan horse Agent4.XZT ?

Unread postby melboy » February 14th, 2013, 7:54 pm

Hi

Run this Microsoft fixit and then tell me how IE is running.

http://go.microsoft.com/?linkid=9646978
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Trojan horse Agent4.XZT ?

Unread postby ProblemBoy » February 14th, 2013, 10:31 pm

By jove I think we've got it! Internet Explorer seems to be running perfectly. Thanks again for all your help. Guess you can close the file! :P
ProblemBoy
Regular Member
 
Posts: 76
Joined: October 1st, 2010, 11:22 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware