Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Serious Infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 hrolsons

hrolsons

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 30 July 2013 - 11:01 AM

I was told on this thread:

 

http://www.bleepingcomputer.com/forums/t/502507/dads-computer-has-a-bunch-of-adware/

 

That this computer is seriously compromised.

 

Here is a DDS log, and attached attach.zip file.  Thank You so much for your help:

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Rich Olson at 9:53:35 on 2013-07-30
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.1780 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Common Files\BeFrugal.com\Toolbar\befrgl.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\All Users\Application Data\WeCareReminder\ReminderHelper.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Program Files\AVG SafeGuard toolbar\vprot.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.inbox.com/homepage.aspx?tbid=80114&iwk=257&lng=en
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&iwk=%iwk&%language
uURLSearchHooks: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - <orphaned>
BHO: Claro LTD Helper Object: {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - c:\program files\claro ltd\claro\1.8.3.10\bh\claro.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: BeFrugalIEHelper: {2335A057-CBA6-40F6-A712-C6A7C98F7813} - c:\program files\common files\befrugal.com\toolbar\BFTB.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - c:\documents and settings\rich olson\application data\qwiklinx\Qwiklinx.dll
BHO: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbPro2.dll
BHO: CescrtHlpr Object: {64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
BHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - c:\documents and settings\all users\application data\wecarereminder\IEHelperv2.5.0.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: Produtools Manuals 2.1 B2 Toolbar: {589D7CFF-0173-47A9-966A-9AFAE3E5C249} - c:\program files\produtools_manuals_2.1_b2\prxtbPro2.dll
TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
TB: facemoods Toolbar: {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: Claro LTD Toolbar: {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - c:\program files\claro ltd\claro\1.8.3.10\claroTlbr.dll
TB: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Produtools Manuals 2.1 B2 Toolbar: {589d7cff-0173-47a9-966a-9afae3e5c249} - c:\program files\produtools_manuals_2.1_b2\prxtbPro2.dll
TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg safeguard toolbar\15.4.0.5\AVG SafeGuard toolbar_toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BeFrugal.com Toolbar: {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - c:\program files\common files\befrugal.com\toolbar\BFTB.dll
uRun: [DW7] "c:\program files\the weather channel\the weather channel app\TWCApp.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [vProt] "c:\program files\avg safeguard toolbar\vprot.exe"
dRun: [Adobe] rundll32.exe "c:\documents and settings\rich olson\local settings\application data\ancestry.com\adobe\ztsdpgjs.dll",DllRegisterServerW
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\activa~1.lnk - c:\program files\eset activation helper (noderator)\Activate NOD32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} - hxxps://membercenter.msn.com/photos/DigWebX2.cab#version=10,0,910,0
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341977605265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1AB9465D-CCA6-4479-BE16-28161CE2924C} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\15.4.0\ViProtocol.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
Notify: NecUsb3Sevice - USB3Nw32.dll
Notify: USB3Nw32 - USB3Nw32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-30 37664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-14 105784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-3-23 101112]
R2 BeFrugal.com Service;BeFrugal.com Service;c:\program files\common files\befrugal.com\toolbar\befrgl.exe [2013-6-21 346960]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-3-21 1341664]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-31 54760]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-7-28 47640]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.4.0\ToolbarUpdater.exe [2013-7-29 1616048]
R3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-7-29 50208]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-6-19 159400]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2008-4-14 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-8-5 1684736]
S3 cpuz134;cpuz134;\??\c:\docume~1\richol~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\richol~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-26 23624]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-5-7 13024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 PctrlsInjectService;PctrlsInjectService;c:\program files\paretologic\pgsurfer\injectservice.exe --> c:\program files\paretologic\pgsurfer\InjectService.exe [?]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-12-5 92632]
.
=============== Created Last 30 ================
.
2013-07-29 16:49:27 -------- d-----w- C:\EEK
2013-07-28 18:12:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-28 17:02:34 -------- d-----w- c:\documents and settings\rich olson\local settings\application data\LogMeIn
2013-07-28 17:02:31 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-07-28 17:02:31 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-07-28 17:02:31 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-07-28 17:02:31 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-07-28 17:02:27 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-07-28 17:02:26 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2013-07-28 17:02:15 -------- d-----w- c:\program files\LogMeIn
2013-07-12 03:48:00 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-07-29 18:01:01 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-11 15:06:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-11 15:06:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-29 13:16:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-29 13:16:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-06-08 05:55:44 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-29 18:13:38 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-29 18:13:26 33958 ----a-w- c:\documents and settings\all users\application data\uninstaller.exe
2013-05-22 15:21:06 4325376 ----a-w- c:\documents and settings\all users\application data\ReadOnlyInstaller.msi
2013-05-21 12:50:32 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2013-05-21 12:28:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-21 12:28:02 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-21 12:28:02 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-21 12:28:02 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-21 12:28:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-09 06:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-08 19:22:12 0 ----a-w- c:\documents and settings\rich olson\acrobatreader684381.exe
2013-05-08 19:22:09 0 ----a-w- c:\documents and settings\rich olson\skype68597.exe
2013-05-08 19:22:06 0 ----a-w- c:\documents and settings\rich olson\mstsc632456.exe
2013-05-07 16:40:20 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-05-03 01:30:20 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-03 00:38:17 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH:  9:54:03.93 ===============
 

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 04 August 2013 - 08:45 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
===

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
===

thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#3 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 04 August 2013 - 01:01 PM

Thank you VERY much for your help.  Here are the logs:

 

So, we ran RogueKiller, and after the scan it brought us to this website:
 
 
I did not do what that website suggested until you checked our logs.
 
RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Rich Olson [Admin rights]
Mode : Remove -- Date : 08/04/2013 11:44:43
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 9 ¤¤¤
[RUN][SUSP PATH] HKUS\.DEFAULT\[...]\Run : Adobe (rundll32.exe "C:\Documents 
 
and Settings\Rich Olson\Local Settings\Application 
 
Data\Ancestry.com\Adobe\ztsdpgjs.dll",DllRegisterServerW [x][x][x]) -> 
 
DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19\[...]\Run : Adobe (rundll32.exe "C:\Documents 
 
and Settings\Rich Olson\Local Settings\Application 
 
Data\Ancestry.com\Adobe\ztsdpgjs.dll",DllRegisterServerW [x][x][x]) -> 
 
DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20\[...]\Run : Adobe (rundll32.exe "C:\Documents 
 
and Settings\Rich Olson\Local Settings\Application 
 
Data\Ancestry.com\Adobe\ztsdpgjs.dll",DllRegisterServerW [x][x][x]) -> 
 
DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20\[...]\Run : Adobe CSx Manager (C:\Documents 
 
and Settings\NetworkService\Application 
 
Data\930775e3-64cf-4691-854d-a8d6068c5fe3ad\ecfdadcfead.exe [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-18\[...]\Run : Adobe (rundll32.exe "C:\Documents 
 
and Settings\Rich Olson\Local Settings\Application 
 
Data\Ancestry.com\Adobe\ztsdpgjs.dll",DllRegisterServerW [x][x][x]) -> [0x2] 
 
The system cannot find the file specified. 
[HJ DESK] HKCU\[...]\ClassicStartMenu : 
 
{20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} 
 
(1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} 
 
(1) -> REPLACED (0)
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 :  
 
(C:\RECYCLER\S-1-5-21-1060284298-287218729-682003330-1003\$81b0a660234cf48f9e
 
69a18f7da47772\n. [x]) -> REPLACED (C:\WINDOWS\system32\shell32.dll)
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] @ : 
 
C:\RECYCLER\S-1-5-18\$81b0a660234cf48f9e69a18f7da47772\@ [-] --> DELETED
[ZeroAccess][File] @ : 
 
C:\RECYCLER\S-1-5-21-1060284298-287218729-682003330-1003\$81b0a660234cf48f9e6
 
9a18f7da47772\@ [-] --> DELETED
[ZeroAccess][Folder] U : 
 
C:\RECYCLER\S-1-5-18\$81b0a660234cf48f9e69a18f7da47772\U [-] --> DELETED
[ZeroAccess][Folder] U : 
 
C:\RECYCLER\S-1-5-21-1060284298-287218729-682003330-1003\$81b0a660234cf48f9e6
 
9a18f7da47772\U [-] --> DELETED
[ZeroAccess][Folder] L : 
 
C:\RECYCLER\S-1-5-18\$81b0a660234cf48f9e69a18f7da47772\L [-] --> DELETED
[ZeroAccess][Folder] L : 
 
C:\RECYCLER\S-1-5-21-1060284298-287218729-682003330-1003\$81b0a660234cf48f9e6
 
9a18f7da47772\L [-] --> DELETED
[ZeroAccess][Junction] $NtUninstallKB49190$ : C:\WINDOWS\$NtUninstallKB49190$ 
 
>> \systemroot\system32\config [-] --> Junction DELETED
[ZeroAccess][Junction] 1648769375 : 
 
C:\WINDOWS\$NtUninstallKB49190$\1648769375 >> \systemroot\system32\config [-] 
 
--> Junction DELETED
[ZeroAccess][File] 1648769375 : C:\WINDOWS\$NtUninstallKB49190$\1648769375 
 
[-] --> DELETED
[ZeroAccess][File] @ : C:\WINDOWS\$NtUninstallKB49190$\2296989903\@ [-] --> 
 
DELETED
[ZeroAccess][File] bckfg.tmp : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\bckfg.tmp [-] --> DELETED
[ZeroAccess][File] cfg.ini : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\cfg.ini [-] --> DELETED
[ZeroAccess][File] Desktop.ini : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\Desktop.ini [-] --> DELETED
[ZeroAccess][File] keywords : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\keywords [-] --> DELETED
[ZeroAccess][File] kwrd.dll : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\kwrd.dll [-] --> DELETED
[ZeroAccess][File] tqaeoytn : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\L\tqaeoytn [-] --> DELETED
[ZeroAccess][Folder] L : C:\WINDOWS\$NtUninstallKB49190$\2296989903\L [-] --> 
 
DELETED
[ZeroAccess][File] lsflt7.ver : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\lsflt7.ver [-] --> DELETED
[ZeroAccess][File] 00000001.@ : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\U\00000001.@ [-] --> DELETED
[ZeroAccess][File] 00000002.@ : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\U\00000002.@ [-] --> DELETED
[ZeroAccess][File] 00000004.@ : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\U\00000004.@ [-] --> DELETED
[ZeroAccess][File] 80000000.@ : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\U\80000000.@ [-] --> DELETED
[ZeroAccess][File] 80000004.@ : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\U\80000004.@ [-] --> DELETED
[ZeroAccess][File] 80000032.@ : 
 
C:\WINDOWS\$NtUninstallKB49190$\2296989903\U\80000032.@ [-] --> DELETED
[ZeroAccess][Folder] U : C:\WINDOWS\$NtUninstallKB49190$\2296989903\U [-] --> 
 
DELETED
[ZeroAccess][Folder] 2296989903 : C:\WINDOWS\$NtUninstallKB49190$\2296989903 
 
[-] --> DELETED
[ZeroAccess][Folder] $NtUninstallKB49190$ : C:\WINDOWS\$NtUninstallKB49190$ 
 
[-] --> DELETED
 
¤¤¤ Driver : [LOADED] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
127.0.0.1       localhost
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: Hitachi HDS721010CLA332 +++++
--- User ---
[MBR] 38eca881c2d3bfc25a2bb79611745b2b
[BSP] b176217385e9da7fb7e549d86e39e306 : Linux MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 2218 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 4546395 | Size: 504046 
 
Mo
2 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 1036834814 | Size: 
 
447602 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_D_08042013_114443.txt >>
RKreport[0]_S_08042013_113728.txt
 
 
 
# AdwCleaner v2.306 - Logfile created 08/04/2013 at 11:47:05
# Updated 19/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Rich Olson - RICH-CD7716F084
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Rich Olson\Desktop\adwcleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
 
***** [Files / Folders] *****
 
Deleted on reboot : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Deleted on reboot : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted on reboot : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Deleted on reboot : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Deleted on reboot : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Google\Chrome\User 
 
Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
File Deleted : C:\WINDOWS\system32\ImhxxpComm.dll
File Deleted : C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
Folder Deleted : C:\DOCUME~1\RICHOL~1\LOCALS~1\Temp\AirInstaller
Folder Deleted : C:\DOCUME~1\RICHOL~1\LOCALS~1\Temp\AskSearch
Folder Deleted : C:\DOCUME~1\RICHOL~1\LOCALS~1\Temp\Iminent
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application 
 
Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Documents and Settings\All Users\Application 
 
Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\NetworkService\Local 
 
Settings\Application Data\Produtools_Manuals_2.1_B2
Folder Deleted : C:\Documents and Settings\Rich Olson\Application Data\24x7 
 
Help
Folder Deleted : C:\Documents and Settings\Rich Olson\Application 
 
Data\Babylon
Folder Deleted : C:\Documents and Settings\Rich Olson\Application Data\Claro 
 
LTD
Folder Deleted : C:\Documents and Settings\Rich Olson\Application 
 
Data\DriverCure
Folder Deleted : C:\Documents and Settings\Rich Olson\Application 
 
Data\facemoods.com
Folder Deleted : C:\Documents and Settings\Rich Olson\Application 
 
Data\mediabarim
Folder Deleted : C:\Documents and Settings\Rich Olson\Application 
 
Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\Rich Olson\Application 
 
Data\PriceGong
Folder Deleted : C:\Documents and Settings\Rich Olson\Application 
 
Data\Qwiklinx
Folder Deleted : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\APN
Folder Deleted : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\AskToolbar
Folder Deleted : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\iMesh
Folder Deleted : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Produtools_Manuals_2.1_B2
Folder Deleted : C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Question_Party
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\BringMeSports_1cEI
Folder Deleted : C:\Program Files\Claro LTD
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\facemoods.com
Folder Deleted : C:\Program Files\iMesh Applications
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Program Files\ParetoLogic
Folder Deleted : C:\Program Files\PriceGong
Folder Deleted : C:\Program Files\Produtools_Manuals_2.1_B2
Folder Deleted : C:\Program Files\Question_Party
Folder Deleted : C:\Program Files\Qwiklinx
Folder Deleted : C:\Program Files\Surf Canyon
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\WINDOWS\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Folder Deleted : C:\WINDOWS\system32\ARFC
Folder Deleted : C:\WINDOWS\system32\jmdp
Folder Deleted : C:\WINDOWS\system32\WNLT
 
***** [Registry] *****
 
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Claro LTD
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\facemoods.com
Key Deleted : HKCU\Software\FCTB000061107
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D
 
-436C-B6C7-E63F77503B30}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F
 
-41E4-9CD0-25AB1C574CE8}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4F
 
D3-8538-502F5495E5FC}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000F18F2-09EB-4A
 
59-82B2-5AE4184C39C3}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4E
 
FB-9B51-7695ECA05670}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-48
 
26-B069-D9439253D926}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{28387537-E3F9-4E
 
D7-860C-11E69AF4A8A0}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A
 
99-B4B6-146BF802613B}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{448E181C-161A-40
 
21-B8D5-6CAF25D83D15}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{474597C5-AB09-49
 
D6-A4D5-2E8D7341384E}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-48
 
6B-A045-B233BD0DA8FC}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4B
 
F1-B163-73684A933233}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49
 
DD-99D7-DC866BE87DBC}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-41
 
77-94EA-0D2B72D384C1}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9E131A93-EED7-4B
 
EB-B015-A0ADB30B5646}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4E
 
D4-8F7B-F1F7851A4497}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CCB69577-088B-40
 
04-9ED8-FF5BCC83A039}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-40
 
66-A1AD-4243D8127440}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F
 
57-9EB1-66033ECD8ABB}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4D
 
FD-9C7C-78B52103CAB9}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11
 
D2-892F-0090271D4F88}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4D
 
F5-BCE5-B3AC8ACF5478}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-
 
8538-502F5495E5FC}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000F18F2-09EB-4A59-
 
82B2-5AE4184C39C3}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-
 
9B51-7695ECA05670}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-
 
B069-D9439253D926}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28387537-E3F9-4ED7-
 
860C-11E69AF4A8A0}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-
 
B4B6-146BF802613B}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{448E181C-161A-4021-
 
B8D5-6CAF25D83D15}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{474597C5-AB09-49D6-
 
A4D5-2E8D7341384E}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{589D7CFF-0173-47A9-
 
966A-9AFAE3E5C249}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-
 
A045-B233BD0DA8FC}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-
 
A0F0-4C083409151C}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-
 
8935-AEC46303B9E5}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-
 
B163-73684A933233}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96BFA809-304B-4971-
 
A4A6-5474C628CC06}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-
 
99D7-DC866BE87DBC}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-
 
94EA-0D2B72D384C1}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E131A93-EED7-4BEB-
 
B015-A0ADB30B5646}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-
 
8F7B-F1F7851A4497}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCB69577-088B-4004-
 
9ED8-FF5BCC83A039}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-
 
B6C7-E63F77503B30}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-
 
A1AD-4243D8127440}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-
 
9CD0-25AB1C574CE8}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-
 
9EB1-66033ECD8ABB}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-
 
9C7C-78B52103CAB9}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-
 
9C72-001320C79847}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-
 
892F-0090271D4F88}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-
 
92F9-E9021F207706}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-
 
BCE5-B3AC8ACF5478}
Key Deleted : 
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-
 
85AF-466F52E918B0}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\Produtools_Manuals_2.1_B2
Key Deleted : HKCU\Software\Question_Party
Key Deleted : HKCU\Software\Qwiklinx
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Claro LTD
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd
Key Deleted : HKLM\SOFTWARE\Classes\claro.clarodskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr
Key Deleted : HKLM\SOFTWARE\Classes\claro.claroHlpr.1
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{05340575-7D2A-4266-9A84-7EEBDC476884}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{76576F57-F3A4-48E7-9EA7-EA0F127773F0}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{96BFA809-304B-4971-A4A6-5474C628CC06}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{9E131A93-EED7-4BEB-B015-A0ADB30B5646}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{A5B99E41-E157-4209-8AAC-DB003A816079}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{AD20D01C-C939-4DD2-8C55-56935A48987E}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{E95EAD3F-18C6-4304-9DC6-BD6FD8E11D37}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{EE4FC43F-84CE-4E20-88C2-2188525B47FB}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{F398D871-ED00-42A8-BEAA-0209E9E59FCC}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.claroESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.escrtSrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.xtrnl.1
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\facemoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.FCTB000061107Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.FCTB000061107Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000061107.JSOptionsImpl.1
Key Deleted : 
 
HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : 
 
HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : 
 
HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : 
 
HKLM\Software\Classes\Installer\Features\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : 
 
HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : 
 
HKLM\Software\Classes\Installer\Products\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{952EEDFD-A98B-4670-9BDD-3634C8846FC1}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO
Key Deleted : HKLM\SOFTWARE\Classes\PriceFactorIE.PriceGongBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl
Key Deleted : HKLM\SOFTWARE\Classes\PriceGongIE.PriceGongCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : 
 
HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : 
 
HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2872041
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3297955
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{12A5F606-B1EC-474C-83ED-95E99FD8058E}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{8B3372D0-09F0-41A5-8D9B-134E148672FB}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{A147AA03-820F-4A0F-9F34-D6CB4004A2F9}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{A903AC15-686E-4D67-A355-86FCBE9F60DA}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{CCC3E766-7BA9-4629-AC1A-7F4B7F362E65}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : 
 
HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\facemoods.com
Key Deleted : HKLM\SOFTWARE\FCTB000061107
Key Deleted : 
 
HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : 
 
HKLM\SOFTWARE\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
Key Deleted : 
 
HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Deleted : 
 
HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : 
 
HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{28387537-E3F9-4ED7-860C-11E69AF4A8A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{302147C2-73C6-4A9E-9271-5B485F4C914D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{60295942-9E5F-4EE8-B785-3A655904D24F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{7A922828-58C4-40FE-B785-714244D541C5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{B2840547-B52A-438E-A6EE-1AF7D6EA9CD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{E4BC79A0-8FFE-4083-B2AF-EFF90CB2C28E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 
 
Rights\ElevationPolicy\{FFDF9EF3-3C3A-4F05-9A6E-5D3B778EC567}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared 
 
Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared 
 
Tools\MSConfig\startupreg\DATAMNGR
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared 
 
Tools\MSConfig\startupreg\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\{DD85D6BF-4787-4A93-99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\claro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\iMesh 1 MediaBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\Produtools_Manuals_2.1_B2 Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\Question_Party Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 
 
Management\ARPCache\WNLT
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
 
Helper Objects\{000F18F2-09EB-4A59-82B2-5AE4184C39C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
 
Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
 
Helper Objects\{589D7CFF-0173-47A9-966A-9AFAE3E5C249}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
 
Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
 
Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
 
Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser 
 
Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9
 
-4EFB-9B51-7695ECA05670}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{76576F57-F3A4
 
-48E7-9EA7-EA0F127773F0}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{96BFA809-304B
 
-4971-A4A6-5474C628CC06}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A
 
-4DC3-B459-28C697C44CDC}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D
 
-436C-B6C7-E63F77503B30}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F
 
-41E4-9CD0-25AB1C574CE8}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB
 
-11D2-892F-0090271D4F88}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81
 
-40DC-92F9-E9021F207706}
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC2
 
3332751B47BA4B95BAA50C9D0
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123
 
A039649549966D4C29D35B1C9
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\0CFE535C35F99574E8340BFA75BF92C2
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\120DFADEB50841F408F04D2A278F9509
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\261F213D1F55267499B1F87D0CC3BCF7
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\2BDF3E992C0908741B7C11F4B4E0F775
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\2E6768B6932D112438F047C54D180635
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\351716A953E21214898904032EAE2E81
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\6B3BC4CF5ECE1F54BBA174C13A1AB907
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\741B4ADF27276464790022C965AB6DA8
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\7DE196B10195F5647A2B21B761F3DE01
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\7FFA128C2B0FF414D805FC5627883401
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\9D4F5849367142E4685ED8C25E44C5ED
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\9E7F556BF224D804D96A96F0F6344789
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\A189D17A469616C4688D23E192996267
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\A5875B04372C19545BEB90D4D606C472
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\A876D9E80B896EC44A8620248CC79296
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\B5BAE2ED018083A4C8DA86D6E3F4B024
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\B66FFAB725B92594C986DE826A867888
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\BEABAA33A5E68374DBF197F2A00CD011
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\CB61AF52AD64B6B45930BE969F316720
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\CE21F3FD57B244142880EF15A165A156
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\D3BA76A44C779424889063D5098ED2D6
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Co
 
mponents\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Pr
 
oducts\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : 
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Pr
 
oducts\FB6D58DD787439A4995AF3C00FEA8843
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-
 
832D-0148B392E058}_is1
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-
 
BE86-96357B70F4FE}
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DD85D6BF-4787-4A93-
 
99A5-3F0CF0AE8834}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facemoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iMesh 
 
1 MediaBar
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Produtools_Manuals_2
 
.1_B2 Toolbar
Key Deleted : 
 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Question_Party 
 
Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety 
 
plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin
Key Deleted : HKLM\Software\Produtools_Manuals_2.1_B2
Key Deleted : HKLM\Software\Question_Party
Key Deleted : HKLM\Software\WNLT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser 
 
[{448E181C-161A-4021-B8D5-6CAF25D83D15}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser 
 
[{589D7CFF-0173-47A9-966A-9AFAE3E5C249}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser 
 
[{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser 
 
[{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser 
 
[{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks 
 
[{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions 
 
[{8a9386b4-e958-4c4c-adf4-8f26db3e4829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
 
[{28387537-E3F9-4ED7-860C-11E69AF4A8A0}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
 
[{448E181C-161A-4021-B8D5-6CAF25D83D15}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
 
[{589D7CFF-0173-47A9-966A-9AFAE3E5C249}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
 
[{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
 
[{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
 
[{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
 
[{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 
 
[{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs 
 
[C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs 
 
[C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = 
 
hxxp://www.inbox.com/homepage.aspx?tbid=80114&iwk=257&lng=en --> 
 
hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = 
 
hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&iwk=%i
 
wk&%language --> hxxp://www.google.com
 
-\\ Google Chrome v28.0.1500.95
 
File : C:\Documents and Settings\Rich Olson\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Preferences
 
Deleted [l.1] : urls_to_restore_on_startup 
 
={"backup":{"homepage":true,"homepage_is_newtabpage":false,"session":{"restor
 
e_on_startup":4,"urls_to[...]
 
*************************
 
AdwCleaner[R1].txt - [66454 octets] - [04/08/2013 11:46:33]
AdwCleaner[S1].txt - [39492 octets] - [04/08/2013 11:47:05]
 
########## EOF - C:\AdwCleaner[S1].txt - [39553 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.2 (08.03.2013:1)
OS: Microsoft Windows XP x86
Ran by Rich Olson on Sun 08/04/2013 at 11:56:25.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] 
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] 
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] 
 
HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a0396495499
 
66d4c29d35b1c9
Successfully deleted: [Registry Key] 
 
HKEY_CURRENT_USER\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{2184A943-D48C-431C-91FA-CB4A1EAFDA0C}
Successfully deleted: [Registry Key] 
 
HKEY_CURRENT_USER\Software\Microsoft\Internet 
 
Explorer\SearchScopes\{8135E3A2-ED67-4BDA-98BB-5996E27A3AED}
Successfully deleted: [Registry Key] 
 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser 
 
Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\WINDOWS\couponprinter.ocx"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Documents and Settings\Rich 
 
Olson\Application Data\FCTB000061107
Successfully deleted: [Folder] "C:\Documents and Settings\All 
 
Users\application data\ammyy"
Successfully deleted: [Folder] "C:\Documents and Settings\All 
 
Users\application data\pc1data"
Successfully deleted: [Folder] "C:\Documents and Settings\All 
 
Users\application data\w3i"
Successfully deleted: [Folder] "C:\Documents and Settings\Rich 
 
Olson\Application Data\fixcleaner"
Successfully deleted: [Folder] "C:\Documents and Settings\Rich 
 
Olson\Application Data\gamesagogo_w3i"
Successfully deleted: [Folder] "C:\Documents and Settings\Rich 
 
Olson\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\Rich 
 
Olson\Application Data\pcpro"
Successfully deleted: [Folder] "C:\Program Files\coupons"
Successfully deleted: [Folder] "C:\Program Files\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files\gamesagogo_w3i"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] 
 
HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist 
 
[Blacklisted Policy]
Dumping contents of C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Google\Chrome\User Data\Default\Default
C:\Documents and Settings\Rich Olson\Local Settings\Application 
 
Data\Google\Chrome\User Data\Default\Default\aadgdfdjdcgfdedidagfdcdfdegedege
C:\Documents and Settings\Rich Olson\Local Settings\Application 
 
Data\Google\Chrome\User 
 
Data\Default\Default\aadgdfdjdcgfdedidagfdcdfdegedege\manifest.json
 
Successfully deleted: [Folder] C:\Documents and Settings\Rich Olson\Local 
 
Settings\Application Data\Google\Chrome\User Data\Default\Default [Default 
 
Extension 1.0]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/04/2013 at 11:58:23.17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 05 August 2013 - 07:37 AM

Please download ComboFix from one of these locations:
Link 1
Link 2
IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
RcAuto1.gif
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
whatnext.png
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please restart the computer before running this security check..

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.
===

Please run the DDS tool one more time and post a fresh let for my review.

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

p.s.
Please remove the Word Wrap function in Notepad.
This will eliminate all the extra blank lines in your logs.

#5 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 05 August 2013 - 02:15 PM

ComboFix 13-08-05.03 - Rich Olson 08/05/2013  12:55:44.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.2455 [GMT -6:00]
Running from: c:\documents and settings\Rich Olson\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\0C4C6300sm.pad
c:\documents and settings\All Users\Application Data\ReadOnlyInstaller.msi
c:\documents and settings\All Users\Application Data\uninstaller.exe
c:\documents and settings\Rich Olson\acrobat.exe
c:\documents and settings\Rich Olson\acrobatreader684381.exe
c:\documents and settings\Rich Olson\alg.exe
c:\documents and settings\Rich Olson\chrome366547.exe
c:\documents and settings\Rich Olson\csrss754846.exe
c:\documents and settings\Rich Olson\flashplayer.exe
c:\documents and settings\Rich Olson\icq.exe
c:\documents and settings\Rich Olson\iexplore350539.exe
c:\documents and settings\Rich Olson\java.exe
c:\documents and settings\Rich Olson\jqs.exe
c:\documents and settings\Rich Olson\jucheck.exe
c:\documents and settings\Rich Olson\jucheck322279.exe
c:\documents and settings\Rich Olson\msconfig504525.exe
c:\documents and settings\Rich Olson\mstsc632456.exe
c:\documents and settings\Rich Olson\opera.exe
c:\documents and settings\Rich Olson\opera289871.exe
c:\documents and settings\Rich Olson\skype.exe
c:\documents and settings\Rich Olson\skype320762.exe
c:\documents and settings\Rich Olson\skype68597.exe
c:\documents and settings\Rich Olson\teamviewer928330.exe
c:\documents and settings\Rich Olson\vlcplayer.exe
c:\documents and settings\Rich Olson\WINDOWS
c:\documents and settings\Rich Olson\winlogon186013.exe
c:\program files\Retrogamer_2zEI
c:\windows\EventSystem.log
c:\windows\system32\Cache
c:\windows\system32\Cache\075884af680ff6dc.fb
c:\windows\system32\Cache\1d302d86025b0960.fb
c:\windows\system32\Cache\227113dfa1ca894d.fb
c:\windows\system32\Cache\41761ec4b14aaa34.fb
c:\windows\system32\Cache\49fbbc5a8678d502.fb
c:\windows\system32\Cache\5c54eb1a1655b076.fb
c:\windows\system32\Cache\613e8ce7ab7106af.fb
c:\windows\system32\Cache\633a76311867bd11.fb
c:\windows\system32\Cache\691f14230153a9e1.fb
c:\windows\system32\Cache\6cb409d7ac73d9f1.fb
c:\windows\system32\Cache\7614bd6cfa99e546.fb
c:\windows\system32\Cache\77664b6ccc36be9f.fb
c:\windows\system32\Cache\881b3593316772f0.fb
c:\windows\system32\Cache\98657d0579ae1930.fb
c:\windows\system32\Cache\d5c0f4e7bbe35bf3.fb
c:\windows\system32\Cache\d9ca663388d21ec0.fb
c:\windows\system32\Cache\f2cda51fd108941f.fb
c:\windows\system32\Cache\f34d8db84131d925.fb
c:\windows\system32\msnphoto.scr
c:\windows\system32\SET1810.tmp
c:\windows\system32\SET1812.tmp
c:\windows\system32\SET1820.tmp
.
c:\windows\system32\drivers\i8042prt.sys was missing 
Restored copy from - c:\windows\system32\dllcache\i8042prt.sys
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BEFRUGAL.COM_SERVICE
-------\Service_BeFrugal.com Service
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-05 to 2013-08-05  )))))))))))))))))))))))))))))))
.
.
2013-08-05 18:58 . 2008-04-14 06:48 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-08-05 18:58 . 2008-04-14 06:48 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-08-04 17:56 . 2013-08-04 17:56 -------- d-----w- c:\windows\ERUNT
2013-07-29 16:49 . 2013-07-29 16:49 -------- d-----w- C:\EEK
2013-07-28 18:12 . 2013-04-04 20:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-28 18:05 . 2013-07-30 03:15 -------- d-----w- c:\documents and settings\LogMeInRemoteUser
2013-07-28 17:02 . 2013-07-28 17:02 -------- d-----w- c:\documents and settings\Rich Olson\Local Settings\Application Data\LogMeIn
2013-07-28 17:02 . 2013-06-08 05:28 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-07-28 17:02 . 2013-06-08 05:28 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-07-28 17:02 . 2013-06-08 05:28 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-07-28 17:02 . 2013-04-30 16:57 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-07-28 17:02 . 2013-06-08 05:28 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-07-28 17:02 . 2013-08-05 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2013-07-28 17:02 . 2013-07-28 17:02 -------- d-----w- c:\program files\LogMeIn
2013-07-12 03:48 . 2013-07-12 03:49 -------- d-----w- c:\windows\system32\MRT
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-29 18:01 . 2013-05-31 00:18 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-15 17:52 . 2013-05-09 17:13 181064 ----a-w- c:\windows\PSEXESVC.EXE
2013-07-11 15:06 . 2012-04-03 15:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-07-11 15:06 . 2011-06-27 16:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-29 13:16 . 2013-01-25 00:51 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-06-29 13:16 . 2007-10-20 02:37 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-08 05:55 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56 . 2008-04-14 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23 . 2008-04-14 12:00 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2008-04-14 12:00 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-29 18:13 . 2013-04-30 16:09 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-21 12:28 . 2013-05-29 18:12 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-21 12:28 . 2013-05-29 18:12 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-21 12:28 . 2013-05-29 18:12 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-21 12:28 . 2011-06-11 07:58 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-21 12:28 . 2011-06-11 07:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-09 06:28 . 2006-10-19 03:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-07-07 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{9EBF8AAF-0A31-4786-909A-97A0EF101743}]
2012-02-06 19:22 1613312 ----a-w- c:\program files\AddThis Toolbar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2012-02-06 1613312]
.
[HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B43176CC-4D9E-493B-A636-D9CBFE39C6DA}"= "c:\program files\AddThis Toolbar\Toolbar.dll" [2012-02-06 1613312]
.
[HKEY_CLASSES_ROOT\clsid\{b43176cc-4d9e-493b-a636-d9cbfe39c6da}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{58E510FE-36D8-4DEF-9385-CD04A1F555A3}]
[HKEY_CLASSES_ROOT\FCTB000061107.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2012-08-29 20:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2012-08-29 20:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2012-08-29 20:51 1014344 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2012-08-29 1061960]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 5078504]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2013-06-08 05:28 92488 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BackupManager.lnk]
backup=c:\windows\pss\BackupManager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSN Toolbar
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Synchronizer]
2013-05-10 07:57 1272912 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 04:56 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7]
2013-07-10 12:16 13103104 ----a-w- c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
2013-03-21 21:19 5078504 ----a-w- c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 03:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2013-04-30 16:57 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2013-04-04 20:50 532040 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
2003-09-14 03:36 50688 ----a-w- c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 09:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2013-05-01 09:59 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-08-04 19:01 18702336 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 20:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-08-01 01:09 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-06-29 13:17 295512 ----a-w- c:\program files\real\realplayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-12-05 20:22 247768 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
2013-07-29 18:01 2285232 ----a-w- c:\program files\AVG SafeGuard toolbar\vprot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"wlidsvc"=3 (0x3)
"TomTomHOMEService"=2 (0x2)
"RealNetworks Downloader Resolver Service"=2 (0x2)
"PctrlsInjectService"=2 (0x2)
"ose"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"IntuitUpdateServiceV4"=2 (0x2)
"IntuitUpdateService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"fsssvc"=3 (0x3)
"BBUpdate"=2 (0x2)
"BBSvc"=3 (0x3)
"Ati HotKey Poller"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [5/30/2013 6:18 PM 37664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 8:40 AM 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 8:40 AM 105784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [3/23/2011 4:38 PM 101112]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/21/2013 3:19 PM 1341664]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [6/7/2013 11:28 PM 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [4/30/2013 10:57 AM 13624]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [7/29/2013 12:01 PM 1616048]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [6/19/2009 3:51 PM 159400]
S2 NecUsb;USB Service;c:\windows\System32\svchost.exe -k NecUsbSevice [4/14/2008 6:00 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/5/2008 6:10 PM 1684736]
S3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp32.sys [7/29/2013 10:49 AM 50208]
S3 cpuz134;cpuz134;\??\c:\docume~1\RICHOL~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\RICHOL~1\LOCALS~1\Temp\cpuz134\cpuz134_x32.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [12/26/2011 6:06 PM 23624]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 6:00 AM 14336]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [5/7/2013 10:40 AM 13024]
S4 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336]
S4 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2010 7:15 PM 135664]
S4 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/31/2010 7:15 PM 135664]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
S4 PctrlsInjectService;PctrlsInjectService;c:\program files\ParetoLogic\PGsurfer\InjectService.exe --> c:\program files\ParetoLogic\PGsurfer\InjectService.exe [?]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [4/16/2013 3:07 AM 39056]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [12/5/2012 2:22 PM 92632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ   nosGetPlusHelper
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
NecUsbSevice REG_MULTI_SZ   NecUsb
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-04 17:33 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:06]
.
2013-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-08-05 c:\windows\Tasks\BeFrugal.com Toolbar.job
- c:\program files\Common Files\BeFrugal.com\Toolbar\BFHP.exe [2013-06-22 19:09]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 01:15]
.
2013-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-01 01:15]
.
2013-08-05 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1060284298-287218729-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 18:45]
.
2013-08-05 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1060284298-287218729-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 18:45]
.
2013-08-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1060284298-287218729-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 18:45]
.
2013-07-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1060284298-287218729-682003330-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2013-04-16 18:45]
.
2013-08-05 c:\windows\Tasks\User_Feed_Synchronization-{A606919A-0076-49D4-9781-78FF0852DDDC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 10:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
c:\documents and settings\All Users\Start Menu\Programs\Startup\Activate NOD32.lnk - c:\program files\ESET Activation Helper (Noderator)\Activate NOD32.exe
Notify-NecUsb3Sevice - USB3Nw32.dll
Notify-USB3Nw32 - USB3Nw32.dll
SafeBoot-49034038.sys
SafeBoot-59449885.sys
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DriverBoost - c:\program files\DriverBoost\DriverBoost\DriverBoost.exe
MSConfigStartUp-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
MSConfigStartUp-Microsoft Default Manager - c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-Power2GoExpress - c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
MSConfigStartUp-rUVrlOBtx0c1 - c:\documents and settings\Rich Olson\Application Data\dwme.exe
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
MSConfigStartUp-Windows Defender - c:\program files\Windows Defender\MSASCui.exe
AddRemove-Coupon Printer for Windows5.0.0.2 - c:\program files\Coupons\uninstall.exe
AddRemove-sl-pmi - c:\program files\OApps\sl-pmi_uninstall.exe
AddRemove-{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}_is1 - c:\program files\Updater By SweetPacks\unins000.exe
AddRemove-FoxTab Video Converter - c:\program files\FoxTabVideoConverter\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-05 13:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(608)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
.
- - - - - - - > 'explorer.exe'(1576)
c:\windows\system32\WININET.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\progra~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\system32\SearchFilterHost.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2013-08-05  13:03:51 - machine was rebooted
ComboFix-quarantined-files.txt  2013-08-05 19:03
.
Pre-Run: 463,968,489,472 bytes free
Post-Run: 471,127,404,544 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 5529198C237F76AD7D0383DB09327F18
10AE9EB13951B8E206480773F877A330
 
 
 Results of screen317's Security Check version 0.99.71  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 6.0   
 Antivirus up to date! (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 29  
 Java version out of Date! 
 Adobe Flash Player 11.6.602.180  
 Adobe Reader 10.1.7 Adobe Reader out of Date!  
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 6% 
````````````````````End of Log`````````````````````` 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702
Run by Rich Olson at 13:12:39 on 2013-08-05
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3318.2488 [GMT -6:00]
.
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\BeFrugal.com\Toolbar\BFHP.exe
C:\Program Files\Google\Update\1.3.21.153\GoogleCrashHandler.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\explorer.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: BeFrugalIEHelper: {2335A057-CBA6-40F6-A712-C6A7C98F7813} - c:\program files\common files\befrugal.com\toolbar\BFTB.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AddThis Toolbar BHO: {9EBF8AAF-0A31-4786-909A-97A0EF101743} - c:\program files\addthis toolbar\Toolbar.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: AddThis Toolbar: {B43176CC-4D9E-493B-A636-D9CBFE39C6DA} - c:\program files\addthis toolbar\Toolbar.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: BeFrugal.com Toolbar: {5BA2C4EE-42EF-4E2D-88BE-7271AE4E35B7} - c:\program files\common files\befrugal.com\toolbar\BFTB.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\pokerstars.net\PokerStarsUpdate.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {596AF4AC-40A0-474A-9F86-33F0A90F0FD6} - hxxps://membercenter.msn.com/photos/DigWebX2.cab#version=10,0,910,0
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341977605265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{1AB9465D-CCA6-4479-BE16-28161CE2924C} : DHCPNameServer = 75.75.75.75 75.75.76.76
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-5-30 37664]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 122240]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-14 105784]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-3-23 101112]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2013-3-21 1341664]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-7-31 54760]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2013-6-7 375120]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2013-4-30 13624]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2013-7-28 47640]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;c:\program files\common files\avg secure search\vtoolbarupdater\15.4.0\ToolbarUpdater.exe [2013-7-29 1616048]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2009-6-19 159400]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NecUsb;USB Service;c:\windows\system32\svchost.exe -k NecUsbSevice [2008-4-14 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2008-8-5 1684736]
S3 cleanhlp;cleanhlp;c:\eek\run\cleanhlp32.sys [2013-7-29 50208]
S3 cpuz134;cpuz134;\??\c:\docume~1\richol~1\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\richol~1\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2011-12-26 23624]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2013-5-7 13024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
S4 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S4 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
S4 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 PctrlsInjectService;PctrlsInjectService;c:\program files\paretologic\pgsurfer\injectservice.exe --> c:\program files\paretologic\pgsurfer\InjectService.exe [?]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-12-5 92632]
.
=============== Created Last 30 ================
.
2013-08-05 18:58:14 52480 -c--a-w- c:\windows\system32\dllcache\i8042prt.sys
2013-08-05 18:58:14 52480 ----a-w- c:\windows\system32\drivers\i8042prt.sys
2013-08-05 18:54:45 -------- d-sha-r- C:\cmdcons
2013-08-05 18:52:39 98816 ----a-w- c:\windows\sed.exe
2013-08-05 18:52:39 256000 ----a-w- c:\windows\PEV.exe
2013-08-05 18:52:39 208896 ----a-w- c:\windows\MBR.exe
2013-08-05 18:52:35 -------- d-----w- C:\ComboFix
2013-08-04 17:56:24 -------- d-----w- c:\windows\ERUNT
2013-07-29 16:49:27 -------- d-----w- C:\EEK
2013-07-28 18:12:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-28 17:02:34 -------- d-----w- c:\documents and settings\rich olson\local settings\application data\LogMeIn
2013-07-28 17:02:31 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-07-28 17:02:31 53064 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2013-07-28 17:02:31 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2013-07-28 17:02:31 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-07-28 17:02:27 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-07-28 17:02:26 -------- d-----w- c:\documents and settings\all users\application data\LogMeIn
2013-07-28 17:02:15 -------- d-----w- c:\program files\LogMeIn
2013-07-12 03:48:00 -------- d-----w- c:\windows\system32\MRT
.
==================== Find3M  ====================
.
2013-07-29 18:01:01 37664 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-07-11 15:06:20 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-11 15:06:20 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-29 13:16:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-06-29 13:16:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-06-08 05:55:44 385024 ------w- c:\windows\system32\html.iec
2013-06-07 21:56:06 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:56:06 43520 ------w- c:\windows\system32\licmgr10.dll
2013-06-07 21:56:05 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-04 07:23:02 562688 ----a-w- c:\windows\system32\qedit.dll
2013-06-04 01:40:45 1876736 ----a-w- c:\windows\system32\win32k.sys
2013-05-29 18:13:38 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2013-05-21 12:28:02 773968 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-21 12:28:02 632656 ----a-w- c:\windows\system32\msvcr80.dll
2013-05-21 12:28:02 554832 ----a-w- c:\windows\system32\msvcp80.dll
2013-05-21 12:28:02 479232 ----a-w- c:\windows\system32\msvcm80.dll
2013-05-21 12:28:02 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-09 06:28:02 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
============= FINISH: 13:12:44.18 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/31/2010 5:58:33 PM
System Uptime: 8/5/2013 1:00:34 PM (0 hours ago)
.
Motherboard: Intel Corporation |  | DP55WB
Processor: Intel® Core™ i5 CPU         750  @ 2.67GHz | LGA 1156 | 2666/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 492 GiB total, 438.794 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_822510EC&REV_20\4&1F8E6776&0&08F0
Manufacturer: 
Name: Ethernet Controller
PNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_822510EC&REV_20\4&1F8E6776&0&08F0
Service: 
.
==== System Restore Points ===================
.
RP205: 5/1/2013 11:55:05 AM - System Checkpoint
RP206: 5/2/2013 1:24:49 PM - System Checkpoint
RP207: 5/3/2013 5:34:23 PM - System Checkpoint
RP208: 5/4/2013 6:23:25 PM - System Checkpoint
RP209: 5/5/2013 6:42:00 PM - System Checkpoint
RP210: 5/6/2013 7:07:51 PM - System Checkpoint
RP211: 5/7/2013 10:44:47 AM - Removed DriverUpdate
RP212: 5/8/2013 11:01:04 AM - System Checkpoint
RP213: 5/9/2013 11:31:43 AM - Tweaking.com - Windows Repair
RP214: 5/9/2013 11:48:26 AM - Tweaking.com - Windows Repair
RP215: 5/10/2013 9:11:38 AM - Software Distribution Service 3.0
RP216: 5/10/2013 10:52:01 AM - Tweaking.com - Windows Repair
RP217: 5/11/2013 11:44:20 AM - System Checkpoint
RP218: 5/12/2013 11:54:37 AM - System Checkpoint
RP219: 5/13/2013 12:34:28 PM - System Checkpoint
RP220: 5/14/2013 1:15:16 PM - System Checkpoint
RP221: 5/15/2013 8:38:51 AM - Software Distribution Service 3.0
RP222: 5/16/2013 12:56:53 PM - System Checkpoint
RP223: 5/17/2013 2:04:15 PM - System Checkpoint
RP224: 5/18/2013 2:28:51 PM - System Checkpoint
RP225: 5/19/2013 4:05:14 PM - System Checkpoint
RP226: 5/20/2013 12:09:14 PM - Tweaking.com - Windows Repair
RP227: 5/20/2013 12:19:08 PM - Tweaking.com - Windows Repair
RP228: 5/21/2013 12:40:09 PM - System Checkpoint
RP229: 5/22/2013 1:16:44 PM - System Checkpoint
RP230: 5/23/2013 1:35:09 PM - System Checkpoint
RP231: 5/24/2013 4:01:13 PM - System Checkpoint
RP232: 5/25/2013 4:31:30 PM - System Checkpoint
RP233: 5/26/2013 4:57:31 PM - System Checkpoint
RP234: 5/27/2013 5:33:16 PM - System Checkpoint
RP235: 5/28/2013 8:39:33 PM - System Checkpoint
RP236: 5/29/2013 12:39:13 PM - Removed Google Earth.
RP237: 5/30/2013 12:57:38 PM - System Checkpoint
RP238: 5/30/2013 6:21:31 PM - Tweaking.com - Windows Repair
RP239: 5/31/2013 9:57:32 AM - Installed Windows Internet Explorer 8.
RP240: 5/31/2013 9:58:06 AM - Software Distribution Service 3.0
RP241: 6/1/2013 7:10:19 AM - Software Distribution Service 3.0
RP242: 6/2/2013 12:52:43 PM - System Checkpoint
RP243: 6/3/2013 12:58:04 PM - System Checkpoint
RP244: 6/4/2013 1:37:22 PM - System Checkpoint
RP245: 6/5/2013 4:47:03 PM - System Checkpoint
RP246: 6/6/2013 5:27:54 PM - System Checkpoint
RP247: 6/7/2013 6:18:30 PM - System Checkpoint
RP248: 6/8/2013 8:44:55 PM - System Checkpoint
RP249: 6/9/2013 9:13:49 PM - System Checkpoint
RP250: 6/10/2013 9:34:24 PM - System Checkpoint
RP251: 6/11/2013 9:59:20 PM - System Checkpoint
RP252: 6/12/2013 8:04:13 AM - Software Distribution Service 3.0
RP253: 6/13/2013 9:37:30 AM - System Checkpoint
RP254: 6/14/2013 9:46:32 AM - System Checkpoint
RP255: 6/15/2013 10:58:37 AM - System Checkpoint
RP256: 6/16/2013 11:16:47 AM - System Checkpoint
RP257: 6/17/2013 12:54:52 PM - System Checkpoint
RP258: 6/18/2013 1:10:28 PM - System Checkpoint
RP259: 6/19/2013 1:27:03 PM - System Checkpoint
RP260: 6/20/2013 2:53:40 PM - System Checkpoint
RP261: 6/21/2013 3:16:16 PM - System Checkpoint
RP262: 6/22/2013 3:38:38 PM - System Checkpoint
RP263: 6/23/2013 3:46:12 PM - System Checkpoint
RP264: 6/24/2013 4:05:09 PM - System Checkpoint
RP265: 6/25/2013 4:45:12 PM - System Checkpoint
RP266: 6/26/2013 4:59:11 PM - System Checkpoint
RP267: 6/27/2013 5:25:24 PM - System Checkpoint
RP268: 6/28/2013 6:49:31 PM - System Checkpoint
RP269: 6/29/2013 7:56:28 PM - System Checkpoint
RP270: 6/30/2013 8:59:57 PM - System Checkpoint
RP271: 7/1/2013 9:10:17 PM - System Checkpoint
RP272: 7/2/2013 9:54:40 PM - System Checkpoint
RP273: 7/4/2013 10:05:48 AM - System Checkpoint
RP274: 7/5/2013 10:35:47 AM - System Checkpoint
RP275: 7/6/2013 11:14:55 AM - System Checkpoint
RP276: 7/8/2013 1:56:29 PM - System Checkpoint
RP277: 7/9/2013 2:02:13 PM - System Checkpoint
RP278: 7/10/2013 2:32:55 PM - System Checkpoint
RP279: 7/10/2013 9:43:28 PM - Software Distribution Service 3.0
RP280: 7/11/2013 9:47:50 PM - Software Distribution Service 3.0
RP281: 7/13/2013 10:13:33 AM - System Checkpoint
RP282: 7/14/2013 6:44:55 PM - System Checkpoint
RP283: 7/15/2013 11:45:20 AM - Tweaking.com - Windows Repair
RP284: 7/16/2013 11:52:47 AM - System Checkpoint
RP285: 7/17/2013 12:05:30 PM - System Checkpoint
RP286: 7/18/2013 12:45:55 PM - System Checkpoint
RP287: 7/19/2013 3:06:45 PM - System Checkpoint
RP288: 7/20/2013 3:34:34 PM - System Checkpoint
RP289: 7/21/2013 4:16:04 PM - System Checkpoint
RP290: 7/22/2013 4:17:50 PM - System Checkpoint
RP291: 7/23/2013 4:21:04 PM - System Checkpoint
RP292: 7/24/2013 4:55:48 PM - System Checkpoint
RP293: 7/25/2013 5:05:27 PM - System Checkpoint
RP294: 7/26/2013 6:14:54 PM - System Checkpoint
RP295: 7/27/2013 6:19:14 PM - System Checkpoint
RP296: 7/28/2013 11:02:11 AM - Installed LogMeIn
RP297: 7/29/2013 11:32:21 AM - System Checkpoint
RP298: 8/5/2013 12:52:44 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Acrobat.com
AddThis Toolbar
Adobe AIR
Adobe Download Manager
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7)
Adobe Shockwave Player 11.6
Age of Empires III
Apple Application Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.22.1
ATI Display Driver
AVG SafeGuard toolbar
BackupManager
BeFrugal.com Toolbar
Bing Bar
BufferChm
C4400
C4400_Help
Carbonite
Cards_Calendar_OrderGift_DoMorePlugout
Compatibility Pack for the 2007 Office system
Copy
Critical Security Update
CustomerResearchQFolder
Destination Component
DetectorTools
DeviceDiscovery
DeviceManagementQFolder
DIGOpt
DIGReqEx
DocProc
DocProcQFolder
ESET NOD32 Antivirus
ESET Online Scanner v3
eSupportQFolder
Family Tree Maker 2011
Frugal Video Poker
GameBox Toolbar
Garmin USB Drivers
Garmin WebUpdater
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 10.0
HP Imaging Device Functions 10.0
HP Photosmart C4400 All-In-One Driver Software 10.0 Rel .3
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 10.0
HP Update
HPPhotoSmartPhotobookWebPack1
HPProductAssistant
HPSSupply
Internet Explorer (Enable DEP)
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
Las Vegas USA Casino
Logitech Harmony Remote Software 7
LogMeIn
Malwarebytes Anti-Malware version 1.75.0.1300
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In
Microsoft Office Standard Edition 2003
Microsoft Picture It! Express 9
Microsoft Picture It! Library 9
Microsoft PowerPoint Viewer
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft WSE 3.0 Runtime
MSN
MSN Encarta Plus Support Files
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OCR Software by I.R.I.S. 10.0
OGA Notifier 2.0.0048.0
PanoStandAlone
PokerStars.net
PowerDVD SE
PS_AIO_03_C4400_ProductContext
PS_AIO_03_C4400_Software
PS_AIO_03_C4400_Software_Min
PSSWCORE
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Remote Control USB Driver
Scan
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2834904)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2850851)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shop for HP Supplies
SmartWebPrintingOC
SolutionCenter
South Point Poker
Status
swMSM
The Weather Channel App
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
TurboTax 2010
TurboTax 2010 wcoiper
TurboTax 2010 WinPerFedFormset
TurboTax 2010 WinPerReleaseEngine
TurboTax 2010 WinPerTaxSupport
TurboTax 2010 wrapper
TurboTax 2011
TurboTax 2011 wcoiper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wcoiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Tweak UI
Tweaking.com - Windows Repair (All in One)
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Video Poker for Winners
VideoToolkit01
WebFldrs XP
WebM Media Foundation Components
WebReg
Windows Driver Package - Escort, Inc. (usbser) Ports  (07/28/2010 1.0.0.0)
Windows Driver Package - Escort, Inc. (usbser) Ports  (10/27/2010 1.0.0.0)
Windows Driver Package - Escort, Inc. (usbser) Ports  (11/09/2012 1.0.0.0)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Wolf Video Poker Lite
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/4/2013 11:44:54 AM, error: Service Control Manager [7034]  - The BeFrugal.com Service service terminated unexpectedly.  It has done this 2 time(s).
8/4/2013 11:37:55 AM, error: Service Control Manager [7034]  - The BeFrugal.com Service service terminated unexpectedly.  It has done this 1 time(s).
8/4/2013 11:31:01 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
7/31/2013 4:41:45 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
7/31/2013 4:41:44 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
7/31/2013 4:41:36 PM, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service CarboniteService with arguments "" in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
7/30/2013 9:44:28 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
7/30/2013 6:11:29 AM, error: Service Control Manager [7009]  - Timeout (30000 milliseconds) waiting for the MS Software Shadow Copy Provider service to connect.
7/30/2013 6:11:29 AM, error: DCOM [10005]  - DCOM got error "%1053" attempting to start the service SwPrv with arguments "" in order to run the server: {65EE1DBA-8FF4-4A58-AC1C-3470EE2F376A}
7/29/2013 10:02:15 AM, error: Service Control Manager [7022]  - The HP CUE DeviceDiscovery Service service hung on starting.
7/29/2013 10:00:45 AM, error: Service Control Manager [7023]  - The USB Service service terminated with the following error:  The specified module could not be found.
7/29/2013 1:59:14 AM, error: iaStor [9]  - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
.
==== End Of File ===========================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 06 August 2013 - 08:57 AM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.

Java™ 6 Update 29

Note
Java security update installs Ask Toolbar by default -- a single click in a multi-step installer.
http://www.benedelman.org/images/iac-jan13/ask-iac-011613-small.png
I suggest that your un-check the box "Install the Ask Toolbar" before proceeding.
===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

<<<>>>

Please let me know what problem persists.

#7 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 10 August 2013 - 12:57 PM

So I was camping and not able to run your last instructions.  While I was camping my Dad ran ESET NOD32 and found the below problems.  This surprised me after all the cleanup programs we've already run.  Also, I see quite a few GoogleEarth problems.  Can you get malware from using Google Earth?

 

Scan Log
Version of virus signature database: 8664 (20130808)
Date: 8/8/2013  Time: 10:44:41 AM
Scanned disks, folders and files: Operating memory;Boot sector;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;I:\Boot sector;I:\
MBR sector of the 1. physical disk - error opening [4]
MBR sector of the 2. physical disk - error opening [4]
MBR sector of the 3. physical disk - error opening [4]
MBR sector of the 4. physical disk - error opening [4]
C:\hiberfil.sys - error opening [4]
C:\pagefile.sys - error opening [4]
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{17C9BF6F-9D95-4F2C-9BBB-097439597776}\ParetoLogic PGsurfer.msi » MSI » Data1.cab » CAB » injectservice.exe - is OK
C:\Documents and Settings\Owner\.housecall6.6\AU_Temp\348_1132\AU_Down\pattern\vsapi979.zip » ZIP » lpt$vpn.979 - archive damaged - the file could not be extracted.
C:\Documents and Settings\Owner\.housecall6.6\AU_Temp\348_1132\AU_Down\pattern\vsapi979.zip » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00013f » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00013f » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000148 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000148 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000202 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000202 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00022e » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00022e » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00027e » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00027e » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0002cb » ZIP » zh-TW.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0002cb » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000352 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000352 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000376 » ZIP » zh-TW.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000376 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003a6 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003a6 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003b1 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003b1 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003b2 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003b2 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003c2 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003c2 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003ca » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003ca » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003e0 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003e0 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003e1 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0003e1 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000422 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000422 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004e5 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004e5 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004f6 » ZIP » zh-TW.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004f6 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004f7 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004f7 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004fa » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004fa » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004fe » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0004fe » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000500 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000500 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000501 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000501 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000532 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000532 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000569 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000569 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00056a » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00056a » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000633 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0006a2 » ZIP » default.km_ - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0006a2 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0007df » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0007df » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0007f3 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0007f3 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00080e » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00080e » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00092e » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00092e » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000953 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000953 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00095a » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_00095a » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a1 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a1 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a2 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a2 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a3 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a3 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a4 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a4 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a5 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a5 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a8 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_0009a8 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c33 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c33 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c35 » ZIP » zh-TW.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c35 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c36 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c36 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c37 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c37 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c52 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000c52 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d02 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d02 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d08 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d08 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d13 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d13 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d2b » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d2b » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d3f » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d3f » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d5f » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000d5f » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000dc1 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000dc1 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e37 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e37 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e5b » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e5b » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e63 » ZIP » zh-TW.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e63 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e65 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e65 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e6e » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e6e » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e6f » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e6f » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e76 » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e76 » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e7c » ZIP » default.kml - archive damaged - the file could not be extracted.
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e7c » ZIP »  - archive damaged
C:\Documents and Settings\Rich Olson\Local Settings\Application Data\Google\GoogleEarth\webdata\f_000e7e » ZIP » doc.kml - error reading archive
C:\Documents and Settings\Rich Olson\My Documents\My Downloads\couponprinter.exe » INDIGOROSE - unsupported option
C:\Program Files\Google\Update\1.3.21.153\GoogleUpdateHelper.msi » MSI » required.cab » CAB - error reading archive
C:\Program Files\LogMeIn\x86\epupdate2.zip » GZIP » epupdate2.zip » ZIP »  - archive damaged
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP212\A0043444.exe » INDIGOROSE - unsupported option
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP218\A0049406.msi » MSI » required.cab » CAB - error reading archive
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP233\A0051786.exe - Win32/Toolbar.Conduit.G potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052087.exe » NSIS » Script.nsi - Win32/DownloadAdmin.G potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052089.exe » INNO » file0000.bin - Win32/Toolbar.Inbox.D potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052089.exe » INNO » file0001.bin - Win32/Toolbar.Inbox.C potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052089.exe » INNO » file0004.bin » CAB » ibxcomtb.jar » ZIP » content/toolbar.js - Win32/Toolbar.Inbox.F potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052089.exe » INNO » file0004.bin » CAB » plugins.dll - Win32/Toolbar.Inbox.E potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052089.exe » INNO » script_decompiled.pas - Win32/Toolbar.Inbox.A potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052093.dll - Win32/24x7Help.A potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052094.dll - Win32/24x7Help.A potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP236\A0052300.exe » NSIS » Script.nsi - Win32/DomaIQ.I potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP236\A0052300.exe » NSIS » launcher.exe - a variant of Win32/DomaIQ.T.gen potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP236\A0052300.exe » NSIS » launcher4.exe - a variant of Win32/DomaIQ.T.gen potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP236\A0052413.dll - a variant of Win32/Toolbar.MyWebSearch.Q potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP236\A0052414.dll - Win32/Toolbar.MyWebSearch potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP253\A0054860.exe - Win32/SweetIM.D potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP253\A0054861.dll - Win32/SweetIM.D potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP254\A0054901.dll - Win32/SweetIM.E potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP254\A0054906.exe » NSIS » lmrn.dll - Win32/SweetIM.D potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP254\A0054906.exe » NSIS » stij.exe - Win32/SweetIM.D potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP266\A0056710.exe - a variant of Win32/Toolbar.BitCocktail.B potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP266\A0056711.dll - a variant of Win32/Toolbar.Perion.A potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP266\A0056712.dll - a variant of Win32/Toolbar.BitCocktail.A potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP273\A0057612.msi » MSI » required.cab » CAB - error reading archive
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP274\A0058763.exe - Win32/SweetIM.G potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP274\A0058764.dll - Win32/SweetIM.G potentially unwanted application - deleted - quarantined
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP275\A0058771.exe » NSIS » lmrn.dll - Win32/SweetIM.G potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP275\A0058771.exe » NSIS » stij.exe - Win32/SweetIM.G potentially unwanted application - was a part of the deleted object
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP280\A0060443.msi » MSI » required.cab » CAB - error reading archive
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063133.exe » INNO » {userappdata}\QwiklinxUpdate\QLSetup-CH.exe » INNO » {userappdata}\QwiklinxForChrome\Qwiklinx.crx » CHROMEEXTENSION » content.zip » ZIP » QLSetup-CHUpdate.exe » INNO » {userappdata}\QwiklinxUpdate\QLSetup-CH.exe » INNO » {userappdata}\QwiklinxForChrome\Qwiklinx.crx » CHROMEEXTENSION » content.zip » ZIP » QLSetup-CHUpdate.exe » INNO » {userappdata}\QwiklinxUpdate\QLSetup-CH.exe » INNO » {userappdata}\QwiklinxForChrome\Qwiklinx.crx » CHROMEEXTENSION - too many archives embedded
Boot sector of disk D: - error opening [4]
D:\ - error opening [4]
Boot sector of disk E: - error opening [4]
E:\ - error opening [4]
Boot sector of disk F: - error opening [4]
F:\ - error opening [4]
Boot sector of disk G: - error opening [4]
G:\ - error opening [4]
Boot sector of disk I: - error opening [4]
I:\ - error opening [4]
Number of scanned objects: 491083
Number of threats found: 26
Number of cleaned objects: 26
Time of completion: 11:27:24 AM  Total scanning time: 2563 sec (00:42:43)
 
Notes:
[4] Object cannot be opened. It may be in use by another application or operating system.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 10 August 2013 - 01:20 PM

You have nothing to worry about. ESET did a good cleanup.
Event the bad files in the System restore were deleted.

Other than this installer
C:\Documents and Settings\All Users\Application Data\Downloaded Installations\{17C9BF6F-9D95-4F2C-9BBB-097439597776}\ParetoLogic PGsurfer.msi » MSI » Data1.cab » CAB » injectservice.exe - is OK

All the others were inactive.

#9 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 10 August 2013 - 02:30 PM

So it looks clean on your end?  Thank You so much for all of your assistance!!!



#10 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 10 August 2013 - 02:44 PM

I ran Malwarebytes and it came up with 1 problem.  Not sure if it's serious or not?  I did not remove it until I hear from you.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.10.03
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rich Olson :: RICH-CD7716F084 [administrator]
 
8/10/2013 1:39:00 PM
MBAM-log-2013-08-10 (13-42-48).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 292146
Time elapsed: 3 minute(s), 25 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\WINDOWS\Installer\e50cf.msi (PUP.Optional.SweetIM) -> No action taken.
 
(end)


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 11 August 2013 - 06:57 AM

Yes remove it.

#12 hrolsons

hrolsons
  • Topic Starter

  • Members
  • 236 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 11 August 2013 - 03:01 PM

Thank you.

 

So since we encountered all these problems I installed a Linux dist. on his machine.  He has pretty much only been using Linux.  We only go into Windows to run the scans you suggest.  So this morning my Dad decided to run a full Malwarebytes scan and it came up with the log below.  It seems like one of the many scans we did with the other software should have caught these.

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.08.11.05
 
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Rich Olson :: RICH-CD7716F084 [administrator]
 
8/11/2013 1:15:25 PM
MBAM-log-2013-08-11 (13-55-37).txt
 
Scan type: Full scan (C:\|D:\|E:\|F:\|G:\|I:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 378514
Time elapsed: 35 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 25
C:\Documents and Settings\Rich Olson\Application Data\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab (PUP.Optional.OpenCandy) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP233\A0051787.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052121.exe (Adware.GameVance) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP235\A0052122.exe (Adware.GameVance) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP269\A0057442.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP269\A0057452.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP279\A0060231.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP279\A0060221.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063201.dll (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063113.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063123.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063144.exe (PUP.Optional.WeCare.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063145.exe (PUP.Optional.WeCare.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063184.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063199.exe (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063200.dll (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063202.dll (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063203.exe (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063204.dll (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063205.dll (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063206.dll (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063207.dll (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP297\A0063208.dll (PUP.Optional.SweetIM) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP298\A0063534.msi (PUP.Optional.WeCare.A) -> No action taken.
C:\System Volume Information\_restore{A8BD2424-75E4-4D10-BCF2-B217ECAC4B76}\RP304\A0066517.msi (PUP.Optional.SweetIM) -> No action taken.
 
(end)


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 12 August 2013 - 07:43 AM

All tools are not perfect.

Delete everything found by MBAM.

Most of the items found are in your Restore point. Not to many tools clean the restore point. One bad error and you lose all restore points.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,903 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 18 August 2013 - 09:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users