Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected With Malware?


  • Please log in to reply
24 replies to this topic

#1 Frackin Malware

Frackin Malware

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 09 June 2013 - 07:25 PM

I am suffering from the same problems. 

 

 I have to right click to start or open items.  Getting the same code 0x80040154 class not registered while trying to re install software.  I have followed the same instructions you requested on that thread.  I have finished almost all.  FSS, Minin Toolbox, but the Maleware Bytes Anti Maleware did not load.  I received a boat load of those 0x80040154 error messages.  I am running the aswMBR right now and waiting for results.  Whatever info you want, just let me know.  I can post all the results I saved so far.

 

 

I will appreciate whatever help you can offer.  I'll make a donation too.  It will be a lot cheaper than the local computer shops around here.

 

Thanks

 

Moderator Edit: Split into separate topic

Roger


Edited by rotor123, 09 June 2013 - 08:09 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 09 June 2013 - 08:21 PM

Hello, appears you got split but they forgot the old link. So please post all the logs.

 

Tell me your operating system and browser.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 09 June 2013 - 08:47 PM

 Thanks Roger!

 

 My story started yesterday when I was trying to find software for an older webcam I was trying to resurrect.  After downloading two or three USB 20 webcam software sources, a AVG search bar popped up and I thought I was in trouble.  I forget the source of the software or which may have been the source.  That search bar will not uninstall.

 

 I am using Windows XP SP3 with Google Chrome.  The original thread I was following was here:

http://www.bleepingcomputer.com/forums/t/481166/computer-infected-with-malware/?p=3073994

 

Below are my logs for the FSS,  screens317 and mini tool box.  aswMBR is still running.  Malware Byte's Anti-Malware did not load, but I received a lot of messages with "coCreateinstance Failed code 0x80040154 class not registered".  I can supply those also if anyone needs them.

 

Thanks

 

 

Farbar Service Scanner Version: 31-05-2013 01
Ran by Leon (administrator) on 09-06-2013 at 18:27:28
Running from "C:\Documents and Settings\Leon\Desktop"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
 
Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) 
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****
 
 

 

MiniToolBox by Farbar  Version:21-04-2013
Ran by Leon (administrator) on 09-06-2013 at 18:30:43
Running from "C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox"
Microsoft Windows XP Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
========================= FF Proxy Settings: ============================== 
 
========================= Hosts content: =================================
 
 
127.0.0.1       localhost
 
========================= IP Configuration: ================================
 
Broadcom NetXtreme 57xx Gigabit Controller = Local Area Connection (Connected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
Windows IP Configuration        Host Name . . . . . . . . . . . . : home        Primary Dns Suffix  . . . . . . . :         Node Type . . . . . . . . . . . . : Unknown        IP Routing Enabled. . . . . . . . : No        WINS Proxy Enabled. . . . . . . . : NoEthernet adapter Local Area Connection:        Connection-specific DNS Suffix  . :         Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller        Physical Address. . . . . . . . . : 00-12-3F-57-92-94        Dhcp Enabled. . . . . . . . . . . : Yes        Autoconfiguration Enabled . . . . : Yes        IP Address. . . . . . . . . . . . : 192.168.1.8        Subnet Mask . . . . . . . . . . . : 255.255.255.0        Default Gateway . . . . . . . . . : 192.168.1.1        DHCP Server . . . . . . . . . . . : 192.168.1.1        DNS Servers . . . . . . . . . . . : 192.168.1.1        Lease Obtained. . . . . . . . . . : Sunday, June 09, 2013 18:00:22        Lease Expires . . . . . . . . . . : Monday, June 10, 2013 18:00:22Server:  UnKnown
Address:  192.168.1.1
 
Name:    google.com
Addresses:  173.194.43.8, 173.194.43.7, 173.194.43.1, 173.194.43.2
 173.194.43.4, 173.194.43.6, 173.194.43.0, 173.194.43.5, 173.194.43.14
 173.194.43.9, 173.194.43.3
 
Pinging google.com [173.194.43.35] with 32 bytes of data:Reply from 173.194.43.35: bytes=32 time=19ms TTL=50Reply from 173.194.43.35: bytes=32 time=20ms TTL=50Ping statistics for 173.194.43.35:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 19ms, Maximum = 20ms, Average = 19msServer:  UnKnown
Address:  192.168.1.1
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.138.253.109, 98.139.183.24
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:Reply from 206.190.36.45: bytes=32 time=87ms TTL=42Reply from 206.190.36.45: bytes=32 time=89ms TTL=42Ping statistics for 206.190.36.45:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 87ms, Maximum = 89ms, Average = 88msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Reply from 127.0.0.1: bytes=32 time<1ms TTL=64Ping statistics for 127.0.0.1:    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds:    Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 12 3f 57 92 94 ...... Broadcom NetXtreme 57xx Gigabit Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1     192.168.1.8  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
      192.168.1.0    255.255.255.0      192.168.1.8     192.168.1.8  20
      192.168.1.8  255.255.255.255        127.0.0.1       127.0.0.1  20
    192.168.1.255  255.255.255.255      192.168.1.8     192.168.1.8  20
        224.0.0.0        240.0.0.0      192.168.1.8     192.168.1.8  20
  255.255.255.255  255.255.255.255      192.168.1.8     192.168.1.8  1
Default Gateway:       192.168.1.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\iavlsp.dll [118784] (iolo technologies, LLC)
Catalog9 02 C:\WINDOWS\system32\iavlsp.dll [118784] (iolo technologies, LLC)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS\system32\iavlsp.dll [118784] (iolo technologies, LLC)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (06/09/2013 09:30:03 AM) (Source: ESENT) (User: )
Description: wuauclt (2820) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1022.
 
Error: (06/09/2013 07:07:01 AM) (Source: ESENT) (User: )
Description: wuauclt (1340) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1022.
 
Error: (06/09/2013 07:07:00 AM) (Source: ESENT) (User: )
Description: wuauclt (1692) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1022.
 
Error: (06/09/2013 07:07:00 AM) (Source: ESENT) (User: )
Description: wuauclt (1692) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The open file operation will fail with error -1022 (0xfffffc02).
 
Error: (06/09/2013 07:07:00 AM) (Source: ESENT) (User: )
Description: wuauclt (1692) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT) (User: )
Description: wuauclt (952) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1022.
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT) (User: )
Description: wuauclt (952) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The open file operation will fail with error -1022 (0xfffffc02).
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT) (User: )
Description: wuauclt (952) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The delete file operation will fail with error -1022 (0xfffffc02).
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT) (User: )
Description: wuauclt (1952) Unable to write a shadowed header for file C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb. Error -1022.
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT) (User: )
Description: wuauclt (1952) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb" for read / write access failed with system error 1392 (0x00000570): "The file or directory is corrupted and unreadable. ".  The open file operation will fail with error -1022 (0xfffffc02).
 
 
System errors:
=============
Error: (06/09/2013 11:27:17 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 11:19:34 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 11:17:34 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 11:15:34 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 11:13:34 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 11:11:34 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 11:09:34 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 11:03:01 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 11:01:01 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
Error: (06/09/2013 10:59:01 AM) (Source: DCOM) (User: HOME)
Description: The server {9B1F122C-2982-4E91-AA8B-E071D54F2A4D} did not register with DCOM within the required timeout.
 
 
Microsoft Office Sessions:
=========================
Error: (06/09/2013 09:30:03 AM) (Source: ESENT)(User: )
Description: wuauclt2820C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022
 
Error: (06/09/2013 07:07:01 AM) (Source: ESENT)(User: )
Description: wuauclt1340C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022
 
Error: (06/09/2013 07:07:00 AM) (Source: ESENT)(User: )
Description: wuauclt1692C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022
 
Error: (06/09/2013 07:07:00 AM) (Source: ESENT)(User: )
Description: wuauclt1692C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (06/09/2013 07:07:00 AM) (Source: ESENT)(User: )
Description: wuauclt1692C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT)(User: )
Description: wuauclt952C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT)(User: )
Description: wuauclt952C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT)(User: )
Description: wuauclt952C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT)(User: )
Description: wuauclt1952C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022
 
Error: (06/09/2013 07:03:02 AM) (Source: ESENT)(User: )
Description: wuauclt1952C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb-1022 (0xfffffc02)1392 (0x00000570)The file or directory is corrupted and unreadable.
 
 
=========================== Installed Programs ============================
 
7-Zip 9.21 (Version: 9.21.00.0)
Adobe Acrobat XI Pro (Version: 11.0)
Adobe Acrobat XI Pro (Version: 11.0.03)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Apple Application Support (Version: 2.3)
Apple Software Update (Version: 2.1.3.127)
ArcSoft PhotoImpression 5
ArcSoft TotalMedia 3.5 (Version: 3.5.7.282)
ASCOM Platform 6 - SP1 (Version: 6.0.0.0)
Ask Toolbar Updater (Version: 1.2.0.20007)
ASPCA Reminder by We-Care.com v5.0.5.1 (Version: 5.0.5.1)
Avery Template - U_0087_01_PlateauLines_0805_01_en (Version: 1.0.0.0)
AVG SafeGuard toolbar (Version: 15.2.0.5)
AVSDK5 (Version: 5.3.20)
BabylonObjectInstaller (Version: 2.0.0.4)
BOINC (Version: 6.12.34)
Canon iP6310D Memory Card Utility
Canon iP6310D User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint
Carbonite (Version: 5.4.6 build 3121 (May-22-2013))
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CopyScreen (Version: 5.00.0000)
Coupon Printer for Windows (Version: 5.0.0.1)
Cumulus 1.9.2
Dealio Toolbar v6.2 (Version: 6.2)
DefaultTab (Version: 2.2.1.0)
DesignPro 5.0 Media Edition (Version: 5.0.1056)
Documents To Go Desktop for iOS (Version: 4.0001.010)
Driver Install (Version: 1.00.0000)
EasySolve
EasyWeather
EditPad Lite 7.1.2 (Version: 7.1.2)
EPSON Attach To Email (Version: 1.01.0000)
EPSON Copy Utility 3 (Version: 3.1.5.0)
EPSON Event Manager (Version: 1.71.00)
EPSON File Manager (Version: 1.1.0.0)
EPSON Perf 3490 3590 Guide
EPSON Scan
EPSON Scan Assistant (Version: 1.10.00)
FileZilla Client 3.6.0.2 (Version: 3.6.0.2)
Flock (2.6.1) (Version: 2.6.1 (en-US))
Fwink (Version: 1.0.96)
Google Chrome (Version: 27.0.1453.110)
Google Chrome Frame (Version: 28.0.1500.37)
Google Earth (Version: 7.0.3.8542)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)
HP Officejet 6500 E710a-f Basic Device Software (Version: 22.50.231.0)
HP Officejet 6500 E710a-f Help (Version: 140.0.2.2)
HP Officejet 6500 E710a-f Product Improvement Study (Version: 22.50.231.0)
HP Product Detection (Version: 11.14.0001)
HP Update (Version: 5.003.001.001)
HPDiagnosticAlert (Version: 1.00.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel® Graphics Media Accelerator Driver (Version: 6.14.10.4410)
iolo technologies' System Mechanic Professional (Version: 10.7.6)
IrfanView (remove only) (Version: 4.32)
Java™ 7 Update 5 (Version: 7.0.50)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Marketsplash Print Software (Version: 1.0.1.31)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Automated Troubleshooting Services Shim
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Download Manager (Version: 1.2.1)
Microsoft Office XP Professional with FrontPage (Version: 10.0.6626.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WorldWide Telescope (Version: 3.0.60)
Motorola SM56 Speakerphone Modem
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Music Manager
MyNovel 4.0 (Version: 4.0.1008.0)
MyNovel 4.0 (Version: 4.1.0415.0)
Nero 7 Lite v7.7.5.1
PC Wizard 2012.2.0
PowerDVD (Version: 7.0.2414.0)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.1)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
RealUpgrade 1.1 (Version: 1.1.0)
RegCure Pro (Version: 3.1.5.0)
RoboForm 7-8-8-5 (All Users) (Version: 7-8-8-5)
SilkQuit v2.60
Stamps.com
Stamps.com (Version: 9.6.1.2323)
Stamps.com Application Support for Microsoft Word 2000-2010 (Version: 8.7.0.1506)
Stamps.com support for Microsoft Word 2000-2010
SumatraPDF 2.2.1 (Version: 2.2.1)
swMSM (Version: 12.0.0.1)
The Weather Channel App
ThinkPad Bluetooth with Enhanced Data Rate Software (Version: 5.5.0.9700)
TimeLeft (Version: 3.57)
TranslationBuddy Toolbar
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
WebFldrs XP (Version: 9.50.6513)
Windows Driver Package - Auvitek (AuviUADFilter) MEDIA  (02/27/2008 1.20122.84.212) (Version: 02/27/2008 1.20122.84.212)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinZip Registry Optimizer (Version: 1.0)
XFINITY Toolbar (Version: 3.5.2.2)
Yahoo! Software Update
yNotes
yWriter5
ZenWriter (Version: 1.43)
 
========================= Devices: ================================
 
Name: Logitech USB Camera (Web)
Description: Logitech USB Camera (Web)
Class Guid: {36FC9E60-C465-11CF-8056-444553540000}
Manufacturer: Logitech
Service: usbccgp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 60%
Total physical RAM: 2038.07 MB
Available physical RAM: 808.41 MB
Total Pagefile: 3931.07 MB
Available Pagefile: 2701.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1971.02 MB
 
========================= Partitions: =====================================
 
2 Drive c: () (Fixed) (Total:74.5 GB) (Free:10.03 GB) NTFS
3 Drive d: (New Volume) (Fixed) (Total:74.55 GB) (Free:74.23 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\HOME
 
Administrator            ASPNET                   Guest                    
HelpAssistant            Leon                     SUPPORT_388945a0         
 
 
**** End of log ****
 

 

 

  Results of screen317's Security Check version 0.99.64  

 Windows XP Service Pack 3 x86   
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
System Shield   
 Antivirus out of date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 7 Update 5  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.202  
 Adobe Reader XI  
 Mozilla Firefox (21.0) 
 Google Chrome 27.0.1453.110  
 Google Chrome 27.0.1453.94  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 Common Files Authentium AntiVirus5 vsedsps.exe 
 Common Files Authentium AntiVirus5 vseamps.exe 
 iolo System Mechanic Professional System Shield ioloSSTray.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 10% 
````````````````````End of Log`````````````````````` 
 

 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 09 June 2013 - 09:19 PM

Also in Control Panel  Add/ remove

 

See if it is there. If not

 

See How to remove AVG Toolbar, homepage and Secure Search from your browser

 

 

While in the CP uninstall this, older versions are exploitable.

 

Java™ 7 Update 5 (Version: 7.0.50)

 

Reboot

 

To install the latest Version 7 Update 21

go here

 

http://java.com/en/download/manual.jsp

 

click

 

Windows Offline (32-bit)

 

 

 

 


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Queen-Evie

Queen-Evie

    Official Bleepin' G.R.I.T.S. (and proud of it)


  • Members
  • 16,485 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:My own little corner of the universe (somewhere in Alabama). It's OK, they know me here
  • Local time:10:09 AM

Posted 09 June 2013 - 09:49 PM

This has nothing to do with malware removal.

I noticed 2 entries in your installed programs. I recommend you uninstall them. Comcast does not have a stellar history when it comes to branded software.

Easy Solve
Xfinity Toolbar

Just an FYI (this is a shortened version of my canned speech which I use in the Comcast help forum): Easy Solve is totally useless. Despite the name it solves nothing. It's actually nothing more than a glorified cache cleaner. It doesn't diagnose any problems nor will it solve anything.

EASY SOLVE DOES NOT CHECK FOR CONNECTIVITY ISSUES. If you do have issues it won't find anything. It will not "solve" connection problems. It will tell you to Check your Cables. The next screen is Reset the Modem. There is no need to reset the modem if the problem was a simple of case of cables or power cord being disconnected or loose.

If you reset the modem and that doesn't work you are told to call Comcast.

Obviously if there is a service outage checking cables and resetting the modem won't work. If there is a Comcast network issue and your internet starts crawling slower than a turtle it won't be able to help you.

The Xfinity toolbar has been known to be flaky. Unless it is something you use a lot there is no need to have it.

*getting off my soapbox about Comcast software and turning the topic back over to the malware aspect*

#6 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 09 June 2013 - 10:09 PM

The Avg will be finished when I reboot again.  The Java 5 failed to uninstall and the wizard was interrupted before Java 7 Update 21 could be completely installed.  it said to run set up again to complete the installation.  So I have a Java issue too.

 

aswMBR is still running, so I guess it is time to go get some sleep.  Hopefully, in the morning, I can see what that did, copy the log and post it.  And for 

Official Bleepin Bama Belle, I got rid of that Comcast stuff while I was in the uninstall area.  

 

Thank you everyone.  I can see this will not be easy for me.  Frackin Malware...but you can call me Leon.



#7 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 10 June 2013 - 04:43 AM

Happy Monday.  Here is the results of my aswMBR run.  I am going to reboot my computer to finish getting rid of the AVG crap and hopefully, before I leave for work, it will be gone.  

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-06-09 22:33:08
-----------------------------
22:33:08.562    OS Version: Windows 5.1.2600 Service Pack 3
22:33:08.562    Number of processors: 1 586 0x401
22:33:08.562    ComputerName: HOME  UserName: Leon
22:33:10.765    Initialize success
23:00:05.312    AVAST engine defs: 13060901
23:02:57.312    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-17
23:02:57.312    Disk 0 Vendor: ST3160212SCE 3.ACF Size: 152627MB BusType: 3
23:02:57.671    Disk 0 MBR read successfully
23:02:57.671    Disk 0 MBR scan
23:02:57.812    Disk 0 Windows XP default MBR code
23:02:57.828    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        76285 MB offset 64
23:02:57.875    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        76340 MB offset 156232125
23:02:57.921    Disk 0 scanning sectors +312576705
23:02:58.375    Disk 0 scanning C:\WINDOWS\system32\drivers
23:04:21.156    Service scanning
23:05:27.562    Modules scanning
23:06:25.687    Disk 0 trace - called modules:
23:06:25.718    ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys 
23:06:25.718    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x89e10ab8]
23:06:25.718    3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-17[0x89de6b00]
23:06:27.187    AVAST engine scan C:\WINDOWS
23:07:01.750    AVAST engine scan C:\WINDOWS\system32
23:33:14.921    AVAST engine scan C:\WINDOWS\system32\drivers
23:34:46.578    AVAST engine scan C:\Documents and Settings\Leon
23:58:28.218    File: C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\43\720c636b-3284f993  **INFECTED** Win32:Downloader-LKV [Trj]
03:26:24.687    AVAST engine scan C:\Documents and Settings\All Users
04:04:59.671    Scan finished successfully
04:58:09.000    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\MBR.dat"
04:58:09.062    The log file has been saved successfully to "C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\aswMBR.txt"
05:37:35.484    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Leon\Desktop\Malware Tests\MBR.dat"
05:37:35.500    The log file has been saved successfully to "C:\Documents and Settings\Leon\Desktop\Malware Tests\aswMBR.txt"
 
 
Thanks Again,
Leon


#8 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 10 June 2013 - 07:58 PM

Well my computer is still running, but nothing has fixed itself.  I was hoping some feedback was going to be posted from all those testings I posted.  I can be patient and also do some more research on this malware issue online. I will be online for a couple more hours.

 

Leon



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 10 June 2013 - 08:11 PM

Ok, we can wait on Java,not important right now.

Lets run RKIll,then try MBAM (malwarebytes) again.

Please download Rkill by Grinler and save it to your desktop.
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



    If that worked or did not ...follow with these.

    Please Download TDSSkiller
    Launch it.
    Click on change parameters-Select TDLFS file system
    Click on "Scan".
    Please post the LOG report(log file should be in your C drive)

    Do not change the default options on scan results.



    Please download AdwCleaner by Xplode onto your desktop.
    Close all open programs and internet browsers.
    Double click on adwcleaner.exe to run the tool.
    Click on Delete.
    Confirm each time with Ok.
    You will be prompted to restart your computer. A text file will open after the restart.
    Please post the contents of that logfile with your next reply.
    You can find the logfile at C:\AdwCleaner[S1].txt as well.



    Last run ESET.
    • Hold down Control and click on this link to open ESET OnlineScan in a new window.
    • Click the esetonlinebtn.png button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.
    • Under scan settings, check "Scan Archives" and "Remove found threats"
    • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
    • NOTE:Sometimes if ESET finds no infections it will not create a log.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 10 June 2013 - 09:57 PM

Working on them.  I will keep you posted. 



#11 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 10 June 2013 - 10:52 PM

I am now doing the ESET Online scanner.  ESET informed me there was another anti virus program in my computer.  AVG Business 2012.  I went to add remove programs page and I found that AVG SafeGuard Tool Bar was still there and will I still can't remove it.  I hope ESET does the trick.  So far so good with all the other procedures.  The adw cleaner log is below.

 

Going to go get some sleep now. I will get up and check ESET through the night.  I do not know how long this will run.  Being patient here in South Jersey.  Pine Barrens ...that is!

 

# AdwCleaner v2.303 - Logfile created 06/10/2013 at 23:03:49

# Updated 08/06/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Leon - HOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Application Updater
Stopped & Deleted : DefaultTabSearch
Stopped & Deleted : DefaultTabUpdate
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\Leon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Deleted on reboot : C:\Documents and Settings\Leon\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\searchplugins\search-here.xml
File Deleted : C:\END
File Deleted : C:\WINDOWS\system32\roboot.exe
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\WinZip Registry Optimizer
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Dealio
Folder Deleted : C:\Documents and Settings\Leon\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\Leon\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\Leon\Application Data\DSite
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\CT3277370
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\CT3282146
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\extensions\{6c3d3bd4-75f8-4283-bb97-1e22c4c090df}
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\extensions\{b920380d-fbe7-45c7-96ab-37e9870a566c}
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\jetpack
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\Smartbar
Folder Deleted : C:\Documents and Settings\Leon\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Leon\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\Leon\Local Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Leon\Local Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Leon\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Leon\Start Menu\Programs\ParetoLogic
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Common Files\ParetoLogic
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\Program Files\Dealio Toolbar
Folder Deleted : C:\Program Files\DefaultTab
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\WinZip Registry Optimizer
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\Dealio
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Dealio
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Babylon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Deleted : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\Software\Classes\Installer\Features\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\Software\Classes\Installer\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink
Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback
Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions
Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Dealio
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\DefaultTab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\Software\iLividSRTB
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DA5BD2D3CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23A03A6765D10864EB278629A2DF32C3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\30C16B15B255BD349A1157B8A83E2AF9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3A4FCCE032CA50340A6975C92410AE30
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC9EFC5C3366B4DB850DAB49330C52
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6E00D9B24354FBA44AE2CA0FA86EF2E2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7C13F41728A69EF41AA1A3372FB86FA6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7E98451C7CA808F47AFE467BDABD02FA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B92A2929968AED344BD6B34AD60E6604
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BFD11FD45FC7B9E46A8F4B69F3A66E35
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB61AF52AD64B6B45930BE969F316720
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5979AD63CA2D6943A1A233CD3F88CE7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF9BD2952384A9C49B4A5D3D95329890
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F3157AA407841454BB0C9BE8D1982BC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FABA2A33488410A4AA40489BD2224282
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\6207E55EA2FE71A4AA7ABD89AEF31D1B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E55E7026-EF2A-4A17-AAA7-DB98EA3FD1B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\Software\Search Settings
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/406?appid=757 --> hxxp://www.google.com
 
-\\ Mozilla Firefox v21.0 (en-US)
 
File : C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\prefs.js
 
C:\Documents and Settings\Leon\Application Data\Mozilla\Firefox\Profiles\yzkj8ciu.default\user.js ... Deleted !
 
Deleted : user_pref("CT3277370.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3277370.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3277370.1000234.TWC_TMP_city", "MIDDLETOWN");
Deleted : user_pref("CT3277370.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3277370.1000234.TWC_country", "UNITED STATES");
Deleted : user_pref("CT3277370.1000234.TWC_locId", "USCA0698");
Deleted : user_pref("CT3277370.1000234.TWC_location", "Middletown, CA");
Deleted : user_pref("CT3277370.1000234.TWC_region", "US");
Deleted : user_pref("CT3277370.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3277370.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3277370.1000234.weatherData", "{\"icon\":\"31.png\",\"temperature\":\"47°F\",\"temperat[...]
Deleted : user_pref("CT3277370.CT3277370ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY3MzIlMj[...]
Deleted : user_pref("CT3277370.CT3277370current_term.enc", "");
Deleted : user_pref("CT3277370.CT3277370sdate.enc", "MTM=");
Deleted : user_pref("CT3277370.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3277370.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3277370.FF19Solved", "true");
Deleted : user_pref("CT3277370.FirstTime", "true");
Deleted : user_pref("CT3277370.FirstTimeFF3", "true");
Deleted : user_pref("CT3277370.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
Deleted : user_pref("CT3277370.UserID", "UN19749081165367184");
Deleted : user_pref("CT3277370.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3277370.autoDisableScopes", -1);
Deleted : user_pref("CT3277370.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3277370.defaultSearch", "true");
Deleted : user_pref("CT3277370.enableAlerts", "always");
Deleted : user_pref("CT3277370.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3277370.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3277370.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3277370.fixPageNotFoundError", "true");
Deleted : user_pref("CT3277370.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3277370.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3277370.fixUrls", true);
Deleted : user_pref("CT3277370.homepageuserchanged", true);
Deleted : user_pref("CT3277370.hxxp___pinterest_aot_im.isEnabled.enc", "WQ==");
Deleted : user_pref("CT3277370.installDate", "13/2/2013 22:01:49");
Deleted : user_pref("CT3277370.installId", "stub.exe");
Deleted : user_pref("CT3277370.installType", "conduitnsisintegration");
Deleted : user_pref("CT3277370.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3277370.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3277370.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3277370.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3277370.keyword", "true");
Deleted : user_pref("CT3277370.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3277370.lastVersion", "10.16.2.509");
Deleted : user_pref("CT3277370.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3277370.migrateAppsAndComponents", true);
Deleted : user_pref("CT3277370.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3277370.openThankYouPage", "false");
Deleted : user_pref("CT3277370.openUninstallPage", "true");
Deleted : user_pref("CT3277370.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT32[...]
Deleted : user_pref("CT3277370.revertSettingsEnabled", "false");
Deleted : user_pref("CT3277370.search.searchAppId", "130021582164426878");
Deleted : user_pref("CT3277370.search.searchCount", "0");
Deleted : user_pref("CT3277370.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3277370.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3277370.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3277370.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3277370.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3277370.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3277370.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3277370.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360814469045");
Deleted : user_pref("CT3277370.serviceLayer_services_appsMetadata_lastUpdate", "1361068265786");
Deleted : user_pref("CT3277370.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360814468655");
Deleted : user_pref("CT3277370.serviceLayer_services_location_lastUpdate", "1370774410955");
Deleted : user_pref("CT3277370.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363897832950");
Deleted : user_pref("CT3277370.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366058217004");
Deleted : user_pref("CT3277370.serviceLayer_services_login_10.15.2.523_lastUpdate", "1368145894942");
Deleted : user_pref("CT3277370.serviceLayer_services_login_10.16.1.521_lastUpdate", "1368523075805");
Deleted : user_pref("CT3277370.serviceLayer_services_login_10.16.2.509_lastUpdate", "1370774411603");
Deleted : user_pref("CT3277370.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360814468804");
Deleted : user_pref("CT3277370.serviceLayer_services_searchAPI_lastUpdate", "1361068265935");
Deleted : user_pref("CT3277370.serviceLayer_services_serviceMap_lastUpdate", "1370774410874");
Deleted : user_pref("CT3277370.serviceLayer_services_setupAPI_lastUpdate", "1361068266022");
Deleted : user_pref("CT3277370.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360814468320");
Deleted : user_pref("CT3277370.serviceLayer_services_toolbarSettings_lastUpdate", "1370774411444");
Deleted : user_pref("CT3277370.serviceLayer_services_translation_lastUpdate", "1370774411409");
Deleted : user_pref("CT3277370.settingsINI", true);
Deleted : user_pref("CT3277370.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3277370.showToolbarPermission", "false");
Deleted : user_pref("CT3277370.smartbar.CTID", "CT3277370");
Deleted : user_pref("CT3277370.smartbar.Uninstall", "0");
Deleted : user_pref("CT3277370.smartbar.homepage", "true");
Deleted : user_pref("CT3277370.smartbar.isHidden", true);
Deleted : user_pref("CT3277370.smartbar.toolbarName", "InternetHelper3 ");
Deleted : user_pref("CT3277370.startPage", "true");
Deleted : user_pref("CT3277370.toolbarBornServerTime", "14-2-2013");
Deleted : user_pref("CT3277370.toolbarCurrentServerTime", "9-6-2013");
Deleted : user_pref("CT3277370.toolbarLoginClientTime", "Mon Mar 25 2013 05:54:51 GMT-0400 (Eastern Daylight T[...]
Deleted : user_pref("CT3277370_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3282146.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3282146.1000082.muteState", "off");
Deleted : user_pref("CT3282146.1000082.shrinkState", "shrinked");
Deleted : user_pref("CT3282146.1000082.state", "{\"state\":\"stopped\",\"text\":\"K-EARTH 1...\",\"description[...]
Deleted : user_pref("CT3282146.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3282146.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3282146.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3282146.FirstTime", "true");
Deleted : user_pref("CT3282146.FirstTimeFF3", "true");
Deleted : user_pref("CT3282146.LoginRevertSettingsEnabled", true);
Deleted : user_pref("CT3282146.PG_ENABLE", "ZmFsc2U=");
Deleted : user_pref("CT3282146.RevertSettingsEnabled", true);
Deleted : user_pref("CT3282146.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3282146.UserID", "UN35282817279665535");
Deleted : user_pref("CT3282146.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3282146.browser.search.defaultthis.engineName", true);
Deleted : user_pref("CT3282146.cb.enc", "MA==");
Deleted : user_pref("CT3282146.cb_experience_000.enc", "ODc=");
Deleted : user_pref("CT3282146.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3282146.cb_user_id_000.enc", "Q0I3MzM1NDE5ODEzMzdfMTM2MDExODA0NDE2MF9GaXJlZm94");
Deleted : user_pref("CT3282146.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT3282146.cbfirsttime.enc", "VHVlIEZlYiAwNSAyMDEzIDIxOjI3OjM3IEdNVC0wNTAwIChFYXN0ZXJuIFN0[...]
Deleted : user_pref("CT3282146.enableAlerts", "always");
Deleted : user_pref("CT3282146.enableFix404ByUser", "FALSE");
Deleted : user_pref("CT3282146.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3282146.fixPageNotFoundErrorByUser", "TRUE");
Deleted : user_pref("CT3282146.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3282146.fixUrls", true);
Deleted : user_pref("CT3282146.homepageuserchanged", true);
Deleted : user_pref("CT3282146.hxxp___oryte_com_content_support.APP_WIN_FEATURES.enc", "dGl0bGViYXI9MSxyZXNpem[...]
Deleted : user_pref("CT3282146.hxxp___oryte_com_content_todo.my_tasks.enc", "W3sidGl0bGUiOiJWQSUyMDIvMjYiLCJjb[...]
Deleted : user_pref("CT3282146.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Deleted : user_pref("CT3282146.installType", "DirectDownload");
Deleted : user_pref("CT3282146.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3282146.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3282146.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3282146.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3282146.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3282146.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3282146.keyword", true);
Deleted : user_pref("CT3282146.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3282146.lastVersion", "10.15.0.562");
Deleted : user_pref("CT3282146.migrateAppsAndComponents", true);
Deleted : user_pref("CT3282146.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3282146.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3282146.revertSettingsEnabled", "true");
Deleted : user_pref("CT3282146.search.searchAppId", "130037734451689447");
Deleted : user_pref("CT3282146.search.searchCount", "1");
Deleted : user_pref("CT3282146.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3282146.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3282146.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3282146.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3282146.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3282146.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3282146.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3282146.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3282146.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3282146.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1360117646712");
Deleted : user_pref("CT3282146.serviceLayer_services_appsMetadata_lastUpdate", "1360364751036");
Deleted : user_pref("CT3282146.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1360117645968");
Deleted : user_pref("CT3282146.serviceLayer_services_location_lastUpdate", "1370774412613");
Deleted : user_pref("CT3282146.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360792775130");
Deleted : user_pref("CT3282146.serviceLayer_services_login_10.14.65.43_lastUpdate", "1363897831406");
Deleted : user_pref("CT3282146.serviceLayer_services_login_10.15.0.562_lastUpdate", "1370774413494");
Deleted : user_pref("CT3282146.serviceLayer_services_login_10.15.2.523_lastUpdate", "1369261190488");
Deleted : user_pref("CT3282146.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13602[...]
Deleted : user_pref("CT3282146.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1360117646266");
Deleted : user_pref("CT3282146.serviceLayer_services_searchAPI_lastUpdate", "1360364732892");
Deleted : user_pref("CT3282146.serviceLayer_services_serviceMap_lastUpdate", "1370774412578");
Deleted : user_pref("CT3282146.serviceLayer_services_toolbarContextMenu_lastUpdate", "1360117645824");
Deleted : user_pref("CT3282146.serviceLayer_services_toolbarSettings_lastUpdate", "1370774413208");
Deleted : user_pref("CT3282146.serviceLayer_services_translation_lastUpdate", "1370774413170");
Deleted : user_pref("CT3282146.settingsINI", true);
Deleted : user_pref("CT3282146.showToolbarPermission", "false");
Deleted : user_pref("CT3282146.smartbar.CTID", "CT3282146");
Deleted : user_pref("CT3282146.smartbar.Uninstall", "0");
Deleted : user_pref("CT3282146.smartbar.homepage", true);
Deleted : user_pref("CT3282146.smartbar.isHidden", true);
Deleted : user_pref("CT3282146.smartbar.toolbarName", "Produtools Manuals 2.1 B ");
Deleted : user_pref("CT3282146.toolbarBornServerTime", "6-2-2013");
Deleted : user_pref("CT3282146.toolbarCurrentServerTime", "9-6-2013");
Deleted : user_pref("CT3282146.toolbarLoginClientTime", "Mon Mar 25 2013 05:54:48 GMT-0400 (Eastern Daylight T[...]
Deleted : user_pref("CT3282146.url_history0001.enc", "aHR0cDovL3dlYm1haWxiLmp1bm8uY29tL3dlYm1haWwvbmV3LzUjOjo6[...]
Deleted : user_pref("CT3282146.zones.enc", "");
Deleted : user_pref("CT3282146_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3277370");
Deleted : user_pref("browser.search.defaultthis.engineName", "InternetHelper3 Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "Search Results");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.searchnu.com/406?appid=757");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "6465552e00000000000000123f579294");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15632");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:25:02");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3277370&SearchSource=2&CU[...]
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3277370");
Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3277370");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3282146&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.machineId", "PISLIXJDJX2PJM72NBABUCNVBK4639AL6GOCCB2SJ0D3XMLDBWRL6DJ3XM3T2OQQL57[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://abclocal.go.com/wpvi/index");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("smartbar.originalSearchEngine", " false");
 
-\\ Google Chrome v27.0.1453.110
 
File : C:\Documents and Settings\Leon\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.3072] : urls_to_restore_on_startup = [ "hxxp://www.google.com/", "hxxp://www.searchnu.com/406?appid=7[...]
 
*************************
 
AdwCleaner[S1].txt - [39664 octets] - [10/06/2013 23:03:49]
 
########## EOF - C:\AdwCleaner[S1].txt - [39725 octets] ##########


#12 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 11 June 2013 - 04:36 AM

ESET is still running.  I got up around 2:30 and the software was doing well.  As of now, 5:30, 5.5 hours down, 29 bad files found with only 10% completed.  Oh this is going to be a long one.  

 

​Still patient in South Jersey!



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:09 AM

Posted 11 June 2013 - 11:50 AM

Let her finish... It's better even if it is long. You have a lot of junk to sift thru..

Glad to help in north Jersey.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 11 June 2013 - 03:53 PM

Hey boopme,

 

ESET is all done.  45 infections cleaned.  Wow!  Do I delete the software or save it? Let me know.  Find the results below.  

 

So what to do next?  Like reboot or whatever.  I am in no hurry to get this fixed.  The computer still works so I am good with that.  I am noticing a better overall performance already.  

 

Thanks,

Leon

 

C:\Documents and Settings\Leon\Application Data\Nico Mak Computing\WinZip Registry Optimizer\Version 1\productSetup_Setup_6_8_2013.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined

C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\16\2fdc3ad0-6d9b9cc2 a variant of Java/Exploit.CVE-2011-3544.CN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\30\937131e-24f3c24b a variant of Java/Exploit.CVE-2011-3544.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\31\2a68dcdf-435821be a variant of Java/Exploit.CVE-2011-3544.CN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\34\12b52ba2-1a2fd642 a variant of Java/Exploit.CVE-2011-3544.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\34\2f8d4ca2-7fbd4abe a variant of Java/Exploit.CVE-2011-3544.CN trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\36\6d31e8a4-78b05842 a variant of Java/Exploit.CVE-2011-3544.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\40\f2dc128-16f1bbd1 a variant of Java/Exploit.CVE-2011-3544.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\43\720c636b-3284f993 a variant of Win32/Kryptik.VJG trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\44\47a1186c-6d7edf12 a variant of Java/Exploit.CVE-2011-3544.B trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Carbonite Restored OLD User Settings\Application Data\Sun\Java\Deployment\cache\6.0\47\458df96f-2c8a4b4c a variant of Java/TrojanDownloader.OpenConnection.AQ trojan cleaned by deleting - quarantined
C:\Documents and Settings\Leon\Local Settings\Application Data\Google\Chrome\User Data\Default\Cache\f_0004d7 Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Leon\My Documents\Downloads\iLividSetup-r757-n-bc (1).exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Downloads\iLividSetup-r757-n-bc.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Downloads\Microsoft Office 2010.exe MSIL/Solimba.Q application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Downloads\WinZipRegistryOptimizer.exe a variant of Win32/OpenInstall application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Downloads\wzregopt.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Leon\My Documents\Downloads\ZipOpenerSetup.exe Win32/InstallCore.BN.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\cbsidlm-tr1_13-Free_Window_Registry_Repair-SEO-10606555 (1).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\cbsidlm-tr1_13-Free_Window_Registry_Repair-SEO-10606555 (2).exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\cbsidlm-tr1_13-Free_Window_Registry_Repair-SEO-10606555.exe Win32/DownloadAdmin.G application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\cbsidlm-tr1_7-Flock-SEO2-10803251.exe Win32/DownloadAdmin.D application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\iLividSetup.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\ImageEditorSetup.exe Win32/InstallCore.BN.Gen application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\setup.exe a variant of Win32/AirAdInstaller.A application cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\Spydig_Setup.exe multiple threats cleaned by deleting - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\U_0087_01_PlateauLines_0805_01_en.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\wzdrvupdt.exe Win32/OpenCandy application deleted - quarantined
C:\Documents and Settings\Leon\My Documents\Lee's Documents\Downloads from firefox\wzregopt.exe Win32/OpenCandy application deleted - quarantined
C:\Program Files\SpyDig\opfile.dll Win32/Adware.SpywareCease application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\SpyDig\RkHitApi.dll Win32/Adware.SpywareCease.AA application cleaned by deleting (after the next restart) - quarantined
C:\Program Files\SpyDig\spydig.exe a variant of Win32/Adware.SpywareCease.AA application cleaned by deleting - quarantined
C:\Program Files\SpyDig\ussafe.dll a variant of Win32/Adware.SpywareCease.AC application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5e\bar\1.bin\5edatact.dll a variant of Win32/Toolbar.MyWebSearch.A application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5e\bar\1.bin\5ehtmlmu.dll probably a variant of Win32/Toolbar.MyWebSearch.B application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5e\bar\1.bin\5eieovr.dll probably a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5e\bar\1.bin\5eskin.dll a variant of Win32/Toolbar.MyWebSearch.P application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5e\bar\1.bin\T8HTML.DLL probably a variant of Win32/Toolbar.MyWebSearch.F application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5eEI\Installr\1.bin\5eEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5eEI\Installr\1.bin\5eEZSETP.dll a variant of Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5eEI\Installr\1.bin\NP5eEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\TranslationBuddy_5eEI\Installr\Cache\0781A45E.exe a variant of Win32/Toolbar.MyWebSearch.O application cleaned by deleting - quarantined
C:\WINDOWS\Installer\16f7f93.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\WINDOWS\Installer\5e91e.msi probably a variant of Win32/Toolbar.Widgi application deleted - quarantined
C:\WINDOWS\system32\drivers\RKHit.sys Win32/Adware.SpywareCease application cleaned by deleting - quarantined


#15 Frackin Malware

Frackin Malware
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:South Jersey
  • Local time:11:09 AM

Posted 11 June 2013 - 08:02 PM

Frackin electric went out here for a few minutes.  I hope it did not hurt anything, but the reboot did not yield good results.  At first power up, scan disk came up.  So I thought that would be cool. Nope.  Damn thing did not do the three steps.  Went straight to the disk is clean.  Bullcrap.  Scan disk always goes through the steps.   :ranting:  For the first time since Saturday, the computer notices the anti virus is not working.  Cool.  I use Iolo System Mechanic.  I go to download and reinstall and then a pop up says "Iolo download manger class not registered."  Damn it.  The sound is awful.  I am ready to bag my head on a brick wall.  

 

Help me boopme.  What else can we do?  Do I need to repeat anything?  I'll be here watching the Phillies.  Thanks for all your help.

 

North Jersey huh...a home boy.  I will be up that way later this month.  I have an old high school buddy who plays the drums.  Going to see him play in NYC.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users