Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC has Searchnu and it comes up as a tab on Chrome browser running Win XP


  • Please log in to reply
23 replies to this topic

#1 caymangolfer

caymangolfer

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 21 March 2013 - 10:37 PM

I am helping my neighbour remove SearchNu, It appears it was installed with ilivid (sp), I have removed that and also removed SearchQu and Search-results toolbar from Control Panel. I have gone into extensions manage tabs on Chrome Settings. However it keeps coming back. I am sure there is stuff I am missing which is why I am here!

 

Please let me know what I need to do to start the process.

 

As I said it is running Win XP, neighbour was using Norton A/V as that is what Direct TV installer put on. I have downloaded and updated MalwareBytes and it is running the Pro version on a trial basis. I plan to remove Norton and install MSE when the PC is up and running. PS I am presume he is running SP3 on XP but did not confirm but can do if necessary. I have also run a HJT scan and can copy and paste the log if necessary.

 

Thanks!

 

PT



BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:32 AM

Posted 21 March 2013 - 11:09 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif NOTE. Make sure all logs are pasted not attached.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 caymangolfer

caymangolfer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 22 March 2013 - 12:03 AM

Thanks! Here we go! 
 
Results of screen317's Security Check version 0.99.61  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
 Norton AntiVirus     
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java™ 6 Update 37  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 8 Adobe Reader out of Date! 
 Mozilla Firefox (2.0.0 Firefox out of Date!  
 Google Chrome 25.0.1364.152  
 Google Chrome 25.0.1364.172  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Norton AntiVirus Engine 19.9.1.14 ccSvcHst.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 7% 
````````````````````End of Log`````````````````````` 
 
Next one!
 

Farbar Service Scanner Version: 03-03-2013
Ran by Doug (administrator) on 21-03-2013 at 23:15:52
Running from "C:\Documents and Settings\Doug\My Documents\downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\System32\srsvc.dll".
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\System32\DRIVERS\sr.sys".
 
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll
[2003-08-13 22:06] - [2008-04-13 19:12] - 0006656 ____A (Microsoft Corporation) 35321FB577CDC98CE3EB3A3EB9E4610A
 
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe
[2003-08-13 21:58] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation) 65DF52F5B8B6E9BBD183505225C37315
 
 
Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) SYMTDI(11) Tcpip(3) 
0x0B000000040000000100000002000000030000000B0000000A0000000900000008000000050000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****
 

MiniToolBox by Farbar  Version:05-03-2013
Ran by Doug (administrator) on 21-03-2013 at 23:17:54
Running from "C:\Documents and Settings\Doug\My Documents\downloads"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
"network.proxy.no_proxies_on", "localhost,127.0.0.1"
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Wireless-G PCI Adapter = Wireless Network Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : Dougs
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Hybrid
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : Home
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Wireless-G PCI Adapter
 
        Physical Address. . . . . . . . . : 00-0C-41-65-C2-2D
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : Home
 
        Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
 
        Physical Address. . . . . . . . . : 00-0C-6E-E1-2D-B8
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 192.168.0.4
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 192.168.0.1
 
        DHCP Server . . . . . . . . . . . : 192.168.0.1
 
        DNS Servers . . . . . . . . . . . : 192.168.0.1
 
                                            205.171.2.25
 
        Lease Obtained. . . . . . . . . . : Thursday, March 21, 2013 8:30:04 PM
 
        Lease Expires . . . . . . . . . . : Friday, March 22, 2013 8:30:04 PM
 
DNS request timed out.
    timeout was 2 seconds.
Server:  resolver.qwest.net
Address:  205.171.2.25
 
Name:    google.com
Addresses:  74.125.225.128, 74.125.225.129, 74.125.225.130, 74.125.225.131
 74.125.225.132, 74.125.225.133, 74.125.225.134, 74.125.225.135, 74.125.225.136
 74.125.225.137, 74.125.225.142
 
 
 
Pinging google.com [74.125.225.128] with 32 bytes of data:
 
 
 
Reply from 74.125.225.128: bytes=32 time=36ms TTL=57
 
Reply from 74.125.225.128: bytes=32 time=36ms TTL=57
 
 
 
Ping statistics for 74.125.225.128:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 36ms, Maximum = 36ms, Average = 36ms
 
DNS request timed out.
    timeout was 2 seconds.
Server:  resolver.qwest.net
Address:  205.171.2.25
 
Name:    yahoo.com
Addresses:  98.138.253.109, 98.139.183.24, 206.190.36.45
 
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
 
 
 
Reply from 98.138.253.109: bytes=32 time=175ms TTL=52
 
Reply from 98.138.253.109: bytes=32 time=126ms TTL=52
 
 
 
Ping statistics for 98.138.253.109:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 126ms, Maximum = 175ms, Average = 150ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c 41 65 c2 2d ...... Wireless-G PCI Adapter - Packet Scheduler Miniport
0x3 ...00 0c 6e e1 2d b8 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1     192.168.0.4  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      169.254.0.0      255.255.0.0      192.168.0.4     192.168.0.4  20
      192.168.0.0    255.255.255.0      192.168.0.4     192.168.0.4  20
      192.168.0.4  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.0.255  255.255.255.255      192.168.0.4     192.168.0.4  20
        224.0.0.0        240.0.0.0      192.168.0.4     192.168.0.4  20
  255.255.255.255  255.255.255.255      192.168.0.4     192.168.0.4  1
  255.255.255.255  255.255.255.255      192.168.0.4               2  1
Default Gateway:       192.168.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/21/2013 04:11:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12076422
 
Error: (03/21/2013 04:11:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12076422
 
Error: (03/21/2013 04:11:56 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/21/2013 08:20:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36409766
 
Error: (03/21/2013 08:20:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36409766
 
Error: (03/21/2013 08:20:55 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/20/2013 08:33:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10588235
 
Error: (03/20/2013 08:33:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10588235
 
Error: (03/20/2013 08:33:30 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/20/2013 00:19:45 PM) (Source: .NET Runtime 2.0 Error Reporting) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, stamp 49b3ad2e, faulting module mshtml.dll, version 8.0.6001.19403, stamp 51301363, debug? 0, fault address 0x000d6c27.
 
 
System errors:
=============
Error: (03/21/2013 10:58:52 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
Error: (03/21/2013 10:58:51 PM) (Source: Service Control Manager) (User: )
Description: The Application Management service terminated with the following error: 
%%126
 
 
Microsoft Office Sessions:
=========================
Error: (03/21/2013 04:11:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 12076422
 
Error: (03/21/2013 04:11:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 12076422
 
Error: (03/21/2013 04:11:56 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/21/2013 08:20:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36409766
 
Error: (03/21/2013 08:20:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36409766
 
Error: (03/21/2013 08:20:55 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/20/2013 08:33:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10588235
 
Error: (03/20/2013 08:33:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10588235
 
Error: (03/20/2013 08:33:30 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (03/20/2013 00:19:45 PM) (Source: .NET Runtime 2.0 Error Reporting)(User: )
Description: iexplore.exe8.0.6001.1870249b3ad2emshtml.dll8.0.6001.19403513013630000d6c27
 
 
=========================== Installed Programs ============================
 
Accurate Outlook Express Mail Expert 3.2
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (Version: 11.6.602.180)
Adobe Flash Player 11 Plugin (Version: 11.6.602.180)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11 (Version: 11)
Agere Systems AC'97 Modem
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
ATI Control Panel
ATI Display Driver (Version: 7.91.5-030706a-010301C-Sony)
Bing Rewards Client Installer (Version: 16.0.345.0)
Bonjour (Version: 3.0.0.10)
Canon i860
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1 (Version: 3.1.9)
Champion Wrestling Stats 5.0
Click to DVD 1.3
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Costco Photo Organizer (Version: 1.1.0.20)
Coupon Printer for Windows (Version: 5.0.0.0)
Disney Toontown Online (Version: )
Easy-WebPrint
Freddi Fish's One-Stop Fun Shop
FreePriceAlerts 2.3.5 (Version: 2.3.5)
Garmin Communicator Plugin (Version: 4.0.3)
Garmin Lifetime Updater (Version: 2.1.11)
Giga Pocket 5.5
Giga Pocket Demo Movie
Giga Pocket Hardware Library 5.5
Google Chrome (Version: 25.0.1364.172)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.135)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HiJackThis (Version: 1.0.0)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Photo Creations (Version: 1.0.0.5192)
HP Photosmart 5510 series Basic Device Software (Version: 25.0.621.0)
HP Photosmart 5510 series Help (Version: 140.0.2.2)
HP Photosmart 5510 series Product Improvement Study (Version: 25.0.621.0)
HP Product Detection (Version: 11.14.0001)
HP Update (Version: 5.003.001.001)
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Internet Explorer (Enable DEP)
iTunes (Version: 10.6.3.25)
Java™ 6 Update 37 (Version: 6.0.370)
Junk Mail filter update (Version: 14.0.8117.416)
Logitech Vid HD (Version: 7.2 (7240))
Logitech Webcam Software (Version: 12.00.1280)
Logitech Webcam Software Driver Package (Version: 12.0.1278)
Macromedia Shockwave Player (Version: 10.1.0.011)
Malwarebytes Anti-Malware version 1.70.0.1100 (Version: 1.70.0.1100)
Memory Stick Formatter
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Data Access Components KB870669
Microsoft Default Manager (Version: 2.2.114.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003 (Version: 11.0.8305.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works 7.0 (Version: 07.02.0620)
Mozilla Firefox (2.0.0.14) (Version: 2.0.0.14 (en-US))
MSVCRT (Version: 14.0.1468.721)
Music Visualizer Library 1.4.00
MyPublisher
Norton AntiVirus (Version: 19.9.1.14)
NVIDIA Windows 2000/XP Display Drivers
OpenMG Limited Patch 3.2-03-02-21-08
OpenMG Limited Patch 3.2-03-03-18-01
OpenMG Limited Patch 3.2-03-04-14-02
OpenMG Secure Module 3.2
Pajama Sam's One-Stop Fun Shop
PhotoStitch (Version: 3.1.9)
PictureGear Studio 2.0
PowerDVD
Putt-Putt's One-Stop Fun Shop
Quicken 2003 New User Edition (Version: 12.00.0000)
QuickTime (Version: 7.72.80.56)
RealArcade
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
Repair Tool for Outlook Express v.2.1.0
Rhapsody Player Engine (Version: 1.0.2.636)
Segoe UI (Version: 14.0.4327.805)
SES Driver (Version: 1.0.0)
Shutterfly Express Uploader (Version: 1.0.0)
Shutterfly Express Uploader (Version: 1.0.0.4)
Skype Toolbars (Version: 1.0.4051)
Skype™ 5.10 (Version: 5.10.116)
SonicStage 1.6.00
Sony Certificate PCH
Sony on Yahoo! Essentials
Sony Video Shared Library
Symantec Network Driver Update (Version: 5.3.2)
Symantec Technical Support Web Controls (Version: 3.3.0)
The Incredibles - When Danger Calls
Torch (Version: 2.0.0.1705)
TrueSwitch Wizard
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
VAIO BrightColor Wallpaper
VAIO Help and Support (Version: 8.01)
VAIO Media 2.6
VAIO Media Integrated Server 2.6 (Version: 1.0.00)
VAIO Media Redistribution 2.6
VAIO Registration (Version: 9.0.0)
VAIO Remote Commander Utility 6.1
VAIO Support
VAIO Survey Standalone (Version: 1.70)
VAIO System Information
Viewpoint Media Player (Remove Only)
VTech Download Agent Library (Version: 1.00.0000)
WD SmartWare (Version: 1.4.5.5)
WebFldrs XP (Version: 9.50.6513)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 10
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 70%
Total physical RAM: 1535.36 MB
Available physical RAM: 452.5 MB
Total Pagefile: 2923.06 MB
Available Pagefile: 2006.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.04 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:106.8 GB) (Free:56.45 GB) NTFS
3 Drive d: (My Passport) (Fixed) (Total:465.73 GB) (Free:443.95 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DOUGS
 
Administrator            Doug                     Guest                    
HelpAssistant            SUPPORT_388945a0         
 
 
**** End of log ****
 
 

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.22.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doug :: DOUGS [administrator]
 
Protection: Enabled
 
3/21/2013 7:56:01 PM
mbam-log-2013-03-21 (19-56-01).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224130
Time elapsed: 30 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 1
C:\Program Files\Savings Explorer\Savings Explorer.dll (PUP.215Apps) -> Delete on reboot.
 
Registry Keys Detected: 27
HKCR\CLSID\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCR\TypeLib\{44444444-4444-4444-4444-440244104458} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCR\Interface\{55555555-5555-5555-5555-550255105558} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021058.BHO.1 (PUP.215Apps) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCR\CLSID\{C1ED9DA0-AFD0-4b90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCR\TypeLib\{1FDC0B61-91AC-4157-9B27-CAD9A09AB67E} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCR\BrowserConnection.Loader.1 (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCR\BrowserConnection.Loader (PUP.Datamngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1ED9DA0-AFD0-4B90-AC6A-D3874F591014} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCR\CLSID\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0021058.BHO (PUP.215Apps) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CROSSRIDER (Adware.GamePlayLab) -> Quarantined and deleted successfully.
 
Registry Values Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{F34C9277-6577-4DFF-B2D7-7D58092F272F} (PUP.Datamngr) -> Data: Search-Results Toolbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f34c9277-6577-4dff-b2d7-7d58092f272f} (PUP.Datamngr) -> Data:  -> Quarantined and deleted successfully.
HKCU\Software\Crossrider|215AppVerifier (Adware.GamePlayLab) -> Data: b546852b7b060a4ac4e9b3d1c616edbe -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings|ProxyServer (PUM.Bad.Proxy) -> Data: http=127.0.0.1:5555 -> Quarantined and deleted successfully.
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 3
C:\Program Files\Savings Explorer\Savings Explorer.dll (PUP.215Apps) -> Delete on reboot.
C:\Program Files\Search Results Toolbar\Datamngr\BrowserConnection.dll (PUP.Datamngr) -> Delete on reboot.
C:\Program Files\Search Results Toolbar\Datamngr\SRTOOL~1\searchresultsDx.dll (PUP.Datamngr) -> Quarantined and deleted successfully.
 
(end)
 

Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
 
Database version: v2013.03.22.02
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doug :: DOUGS [administrator]
 
3/22/2013 12:01:46 AM
mbar-log-2013-03-22 (00-01-46).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 27600
Time elapsed: 32 minute(s), 33 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 3
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Delete on reboot.
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Delete on reboot.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1021
 
© Malwarebytes Corporation 2011-2012
 
OS version: 5.1.2600 Windows XP Service Pack 3 x86
 
Account is Administrative
 
Internet Explorer version: 8.0.6001.18702
 
Java version: 1.6.0_37
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.792000 GHz
Memory total: 1609936896, free: 472420352
 
------------ Kernel report ------------
     03/21/2013 23:25:37
------------ Loaded modules -----------
\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
hnbgux.sys
ACPI.sys
\WINDOWS\System32\DRIVERS\WMILIB.SYS
pci.sys
isapnp.sys
ohci1394.sys
\WINDOWS\System32\DRIVERS\1394BUS.SYS
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
SYMDS.SYS
SYMEFA.SYS
PxHelp20.sys
KSecDD.sys
WudfPf.sys
Ntfs.sys
NDIS.sys
Mup.sys
agp440.sys
\SystemRoot\System32\DRIVERS\intelppm.sys
\SystemRoot\System32\DRIVERS\ati2mtag.sys
\SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\usbuhci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\e100b325.sys
\SystemRoot\System32\DRIVERS\smrt.sys
\SystemRoot\System32\DRIVERS\STREAM.SYS
\SystemRoot\System32\DRIVERS\ks.sys
\SystemRoot\System32\DRIVERS\bcmwl5.sys
\SystemRoot\System32\DRIVERS\nic1394.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\smwdm.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\aeaudio.sys
\SystemRoot\System32\DRIVERS\AGRSM.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\system32\drivers\NAV\1309010.00E\ccSetx86.sys
\SystemRoot\system32\drivers\NAV\1309010.00E\Ironx86.SYS
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\Drivers\NAV\1309010.00E\SYMTDI.SYS
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
\SystemRoot\System32\DRIVERS\arp1394.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130321.001\IDSxpx86.sys
\SystemRoot\System32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbios.sys
\SystemRoot\system32\drivers\NAV\1309010.00E\SRTSPX.SYS
\SystemRoot\System32\DRIVERS\rdbss.sys
\SystemRoot\System32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\Drivers\Fips.SYS
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\DRIVERS\DMICall.sys
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130301.001\BHDrvx86.sys
\SystemRoot\system32\DRIVERS\wdcsam.sys
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\ati2dvag.dll
\SystemRoot\System32\ati3d2ag.dll
\SystemRoot\System32\ATMFD.DLL
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\LVPr2Mon.sys
\SystemRoot\System32\DRIVERS\ipfltdrv.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\NAV\1309010.00E\SRTSP.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130321.017\NAVEX15.SYS
\??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130321.017\NAVENG.SYS
\SystemRoot\system32\drivers\kmixer.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
\WINDOWS\system32\ntdll.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR6
Upper Device Object: 0xffffffff8a0d32e8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xffffffff8a0c9da8
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR5
Upper Device Object: 0xffffffff8a1dd030
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xffffffff8a112ea0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR4
Upper Device Object: 0xffffffff8a2199e8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xffffffff8a090680
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xffffffff8a11f578
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xffffffff8a0c9958
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8a4d3ab8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-3\
Lower Device Object: 0xffffffff8a4c2d98
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.03.22.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8a4d3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a4beb70, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a4d3ab8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a500260, DeviceName: \Device\0000006b\, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8a4c2d98, DeviceName: \Device\Ide\IdeDeviceP0T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe4fb9d18, 0xffffffff8a4d3ab8, 0xffffffff87758478
Lower DeviceData: 0xffffffffe11e0c08, 0xffffffff8a4c2d98, 0xffffffff879a36e0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\WINDOWS\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
The directory C:\WINDOWS\system32\drivers seems inaccessible or encrypted.
Drivers scan is aborted.
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 34206BB7
 
Partition information:
 
    Partition 0 type is Other (0x12)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 10506447
 
    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 10506510  Numsec = 223984498
    Partition file system is NTFS
    Partition is bootable
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 120060444672 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-234473056-234493056)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff8a11f578, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a0f3020, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a11f578, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0c9958, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff8a2199e8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a12ac50, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a2199e8, DeviceName: \Device\Harddisk2\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a090680, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff8a1dd030, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a127c50, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a1dd030, DeviceName: \Device\Harddisk3\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a112ea0, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 4, DevicePointer: 0xffffffff8a0d32e8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8a0c92e8, DeviceName: Unknown, DriverName: \Driver\PartMgr\
DevicePointer: 0xffffffff8a0d32e8, DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8a0c9da8, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk4\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffe1eb4c98, 0xffffffff8a0d32e8, 0xffffffff87730ab8
Lower DeviceData: 0xffffffffe4a2b4f8, 0xffffffff8a0c9da8, 0xffffffff879bba90
Drive 4
Scanning MBR on drive 4...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 38A56
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976705536
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500074283008 bytes
Sector size: 512 bytes
 
Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{11111111-1111-1111-1111-110211101158} --> [PUP.215Apps]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110211101158} --> [PUP.215Apps]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} --> [PUP.PlayBryte]
Done!
Scan finished
=======================================
 
This should be it for now! 
 
Thanks!


#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:32 AM

Posted 22 March 2013 - 03:44 PM

Did you disable System Restore for whatever reason?

 

Please re-run MBAM (not MBAR) one more time and post new log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 caymangolfer

caymangolfer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 22 March 2013 - 09:06 PM

Did you disable System Restore for whatever reason?

 

Please re-run MBAM (not MBAR) one more time and post new log.

 Hi  Broni,

 

I noticed that Sys restore was disabled, my neighbour doesn't remember doing it and I didn't enable until you told me.

 

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.22.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doug :: DOUGS [administrator]
 
Protection: Enabled
 
3/22/2013 8:38:32 PM
mbam-log-2013-03-22 (20-38-32).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228346
Time elapsed: 26 minute(s), 24 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211101158} (PUP.215Apps) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:32 AM

Posted 22 March 2013 - 09:17 PM

I have to ask you to run it one more time.

 

I assume you re-enabled system restore, correct?


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 caymangolfer

caymangolfer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 22 March 2013 - 09:26 PM

No I didn't as I wasn't sure if you wnated me to, I will enable now and then re run. I might not get back to post the log until tomorrow as it is 9.30 here and my neighbours may want me out of here :)



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:32 AM

Posted 22 March 2013 - 09:37 PM

thumbsup-thumbs-up-approve-ok-smiley-emo


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 caymangolfer

caymangolfer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 23 March 2013 - 02:27 PM

Here you go.

 

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org
 
Database version: v2013.03.22.01
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doug :: DOUGS [administrator]
 
Protection: Enabled
 
3/22/2013 9:32:11 PM
mbam-log-2013-03-22 (21-32-11).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228000
Time elapsed: 19 minute(s), 36 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:32 AM

Posted 23 March 2013 - 02:36 PM

Good :)

 

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


=============================================================================

p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


=======================================

p22002970.gif Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    NOTE. If Eset doesn't find any threats it'll NOT produce any log.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 caymangolfer

caymangolfer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 23 March 2013 - 03:41 PM

So TFC just hangs, I run it and it closes explorer and that is about it, just sits there with the hour glass and not responding. It has sat like that for 15+ mins now. I am not sure if there is a progress bar on the bottom but that hasn't done anything yet. Is this normal, and if not, can we skip this step for now?

 

Thanks

 

Paul



#12 caymangolfer

caymangolfer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 23 March 2013 - 05:06 PM

Alright figured it out, it needs to be run on the ADMINISTRATOR account, my neighbour is running XP Home addition which means that admin can only be run in Safe Mode. I booted up into Safe Mode and it is running right now. I will run the others when it is done and post here when it is done.



#13 caymangolfer

caymangolfer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 23 March 2013 - 06:38 PM

Here you go:

 

 

# AdwCleaner v2.115 - Logfile created 03/23/2013 at 17:46:07
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Doug - DOUGS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Doug\My Documents\downloads\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : WajamUpdater
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\83zk5wrm.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
File Deleted : C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\83zk5wrm.default\extensions\pricepeep@getpricepeep.com.xpi
File Deleted : C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\83zk5wrm.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\83zk5wrm.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Ask
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Doug\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\83zk5wrm.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\83zk5wrm.default\ilividtoolbarguid
Folder Deleted : C:\Documents and Settings\Doug\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Doug\Application Data\searchresultstb
Folder Deleted : C:\Documents and Settings\Doug\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Doug\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Doug\Local Settings\Application Data\Wajam
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\PricePeep
Folder Deleted : C:\Program Files\Viewpoint
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PricePeep
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B278D9F8-0FA9-465E-9938-0C392605D8E3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021058.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021058.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3196716
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\TENCENT
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v2.0.0.14 (en-US)
 
File : C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\83zk5wrm.default\prefs.js
 
C:\Documents and Settings\Doug\Application Data\Mozilla\Firefox\Profiles\83zk5wrm.default\user.js ... Deleted !
 
Deleted : user_pref("browser.startup.homepage", "hxxp://www.claro-search.com/?affID=117450&tt=5112_5&babsrc=HP[...]
Deleted : user_pref("browser.search.selectedEngine", "Claro Search");
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Documents and Settings\Doug\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [10461 octets] - [23/03/2013 17:46:07]
 
########## EOF - C:\AdwCleaner[S1].txt - [10522 octets] ##########
 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Microsoft Windows XP x86
Ran by Doug on Sat 03/23/2013 at 17:54:32.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] hkey_current_user\software\torch
Successfully deleted: [Registry Key] hkey_local_machine\software\torch
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\plugins\npmozcouponprinter.dll"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Doug\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Doug\Application Data\registry mechanic"
Successfully deleted: [Folder] "C:\Documents and Settings\Doug\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\Doug\Local Settings\Application Data\torch"
Successfully deleted: [Folder] "C:\Program Files\coupons"
 
 
 
~~~ FireFox
 
Failed to delete: [Folder] C:\Documents and Settings\Doug\Application Data\mozilla\firefox\profiles\83zk5wrm.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/23/2013 at 18:07:59.68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
The Online virus scan is running, I will post the results if any when it is done.


#14 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,716 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:10:32 AM

Posted 23 March 2013 - 06:51 PM

thumbsup-thumbs-up-approve-ok-smiley-emo


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#15 caymangolfer

caymangolfer
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:12:32 PM

Posted 24 March 2013 - 11:11 AM

ESET ran and did not find anything. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users