Dave,
I have run the things you asked me to.
1) Adware results are: ( I had to restart this a couple of times, I was getting "Not Responding after it started twice.)
# AdwCleaner v2.100 - Logfile created 12/11/2012 at 06:48:03
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : dell - DELL-0313B2E353
# Boot Mode : Normal
# Running from : C:\Documents and Settings\dell\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Folder Deleted : C:\Documents and Settings\dell\Local Settings\Application Data\Wajam
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\FCTB000100815
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.FCTB000100815Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.FCTB000100815Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\FCTB000100815
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v [Unable to get version]
File : C:\Documents and Settings\dell\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2999 octets] - [09/12/2012 06:54:39]
AdwCleaner[S1].txt - [429 octets] - [11/12/2012 06:33:55]
AdwCleaner[S2].txt - [373 octets] - [11/12/2012 06:45:49]
AdwCleaner[S3].txt - [2790 octets] - [11/12/2012 06:48:03]
########## EOF - C:\AdwCleaner[S3].txt - [2850 octets] ##########
2) I have updted my Java, and removed the older versions.
3) Run ComboFix Results are:
ComboFix 12-12-10.01 - dell 12/11/2012 7:26.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.236 [GMT -5]
Running from: c:\documents and settings\dell\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((( Files Created from 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))))
.
.
2012-12-11 11:33 . 2012-12-11 11:33 154 ----a-w- c:\windows\DeleteOnReboot.bat
2012-12-11 11:23 . 2012-12-11 11:23 -------- d-----w- c:\documents and settings\dell\Local Settings\Application Data\Sun
2012-12-11 11:15 . 2012-12-11 11:15 -------- d-----w- c:\program files\Common Files\Java
2012-12-11 11:13 . 2012-12-11 11:12 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-11 11:13 . 2012-12-11 11:12 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-11 11:10 . 2012-12-11 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2012-12-09 12:05 . 2012-12-09 12:07 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-12-09 12:05 . 2012-12-09 12:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-09 12:05 . 2012-09-30 00:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-16 09:32 . 2012-11-16 09:32 -------- d-----w- c:\documents and settings\dell\Application Data\PC Cleaners
2012-11-16 09:31 . 2012-11-16 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC1Data
2012-11-16 09:31 . 2012-11-16 09:33 -------- d-----w- c:\documents and settings\dell\Application Data\PCPro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 11:12 . 2012-03-09 10:25 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-11-16 09:30 . 2011-10-30 00:56 4584760 ----a-w- c:\windows\uninst.exe
2012-11-11 10:27 . 2012-04-05 10:01 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-11 10:27 . 2011-05-16 09:16 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2004-08-04 05:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2004-08-04 05:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-10-01 09:16 . 2012-08-17 18:02 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4d95229d-bcd1-51b4-d184-411b9857a1f4}"= "c:\program files\Bucksbee Loyalty Plugin - 100815\Helper.dll" [2012-10-10 378880]
.
[HKEY_CLASSES_ROOT\clsid\{4d95229d-bcd1-51b4-d184-411b9857a1f4}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{8DA6D85F-D1C0-10F4-618A-592FF65E4A02}]
[HKEY_CLASSES_ROOT\FreeCauseURLSearchHook.FCToolbarURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD}]
2012-03-19 14:59 13632 ----a-w- c:\program files\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-29 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-2 147456]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
"c:\\Program Files\\Bucksbee Loyalty Plugin - 100815\\TroubleShooter.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [4/19/2012 3:50 AM 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 4:12 AM 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 1:19 PM 301920]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [2/14/2012 3:53 AM 193288]
R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/9/2012 7:05 AM 399432]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/9/2012 7:05 AM 676936]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [12/23/2011 12:32 PM 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [12/23/2011 12:32 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [12/23/2011 12:32 PM 17232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/9/2012 7:05 AM 22856]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [8/13/2012 2:24 AM 5167736]
S3 cpuz134;cpuz134;\??\c:\docume~1\dell\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\dell\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/9/2012 7:05 AM 40776]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [8/17/2012 1:02 PM 13024]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 10:27]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Lookup on Merriam Webster -
file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia -
file://c:\program files\ieSpell\wikipedia.HTM
TCP: DhcpNameServer = 192.168.0.1 165.166.142.42
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2012-12-11 07:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(688)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2012-12-11 07:38:46
ComboFix-quarantined-files.txt 2012-12-11 12:38
ComboFix2.txt 2012-12-06 11:24
ComboFix3.txt 2012-10-06 23:07
.
Pre-Run: 44,365,774,848 bytes free
Post-Run: 44,562,571,264 bytes free
.
- - End Of File - - D2D6B40BBAF937D1382520994F19F1BE
Pat
Last edited by Wingnut on 11th December 2012, 1:06 pm; edited 1 time in total (Reason for editing : spelling)