Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer pop-ups, errors, other curious behavior


  • This topic is locked This topic is locked
191 replies to this topic

#1 willlig

willlig

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 19 October 2013 - 03:41 PM

Hi. My Internet Explorer just started acting strangely on my Netbook. Sometimes when I click on a link I just get returned to the Google homepage. Sometimes it's a chore trying to even get to the Google homepage because all these different search home pages come up. Sometimes there are advertisements that pop up at seemingly random times. Sometimes I get an error when trying to register on a website.

I may not have an active antivirus program running so that may be an issue. I would also like to check to see  if my Registry has been compromised if possible.

Also I have practically maxed out the drive with too many song files so I probably should remove some of those. The computer is also much slower than it was.  

Thanks.


Edited by willlig, 19 October 2013 - 03:42 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 AM

Posted 19 October 2013 - 03:53 PM

Greetings Will and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 willlig

willlig
  • Topic Starter

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 19 October 2013 - 04:14 PM

Can I use the FRST that is already on my Desktop?



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 AM

Posted 19 October 2013 - 04:21 PM

No, we need to download a fresh copy.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 willlig

willlig
  • Topic Starter

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 19 October 2013 - 04:35 PM

I don't see the Addition log. Was I supposed to check the Addition.txt box before I started the scan? Also, The Seagate external hard drive that was connected to my infected PC that we were working on is plugged into the Netbook. Should I disconnect it?



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 AM

Posted 19 October 2013 - 07:07 PM

Please rerun Farbar and place a checkmark in Addition.txt. Post both logs.

Yes, please disconnect the external drive for now. I think files transferred off of that drive delivered malware to the Netbook.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 willlig

willlig
  • Topic Starter

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 19 October 2013 - 07:17 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-10-2013
Ran by Dorinne (administrator) on DWCACER on 19-10-2013 20:11:53
Running from C:\Documents and Settings\Dorinne\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Inc.) C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
(Dritek System Inc.) C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files\AVG SafeGuard toolbar\vprot.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\type32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Conduit) C:\Documents and Settings\Dorinne\Application Data\SearchProtect\bin\cltmng.exe
(InterVideo Inc.) C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
() C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\WINDOWS\system32\igfxext.exe
(Conduit) C:\Program Files\SearchProtect\bin\CltMngSvc.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe
(Realtek Semiconductor Corp.) C:\DOCUME~1\Dorinne\LOCALS~1\Temp\RtkBtMnt.exe
(Symantec Corporation) C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe
(AVG Secure Search) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe
() C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\loggingserver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
(Microsoft Corporation) c:\program files\internet explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
() C:\Documents and Settings\Dorinne\Application Data\defaulttab\defaulttab\dtupdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [LaunchApp] - Alaunch
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AzMixerSel] - C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [53248 2006-07-17] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1044480 2008-04-24] (Synaptics, Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [IMJPMIG8.1] - C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] - C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2008-04-14] ()
HKLM\...\Run: [PHIME2002ASync] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] - C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2008-04-14] (Microsoft Corporation)
HKLM\...\Run: [M3000Mnt] - Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
HKLM\...\Run: [LManager] - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [821768 2008-05-13] (Dritek System Inc.)
HKLM\...\Run: [eRecoveryService] - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe [425984 2008-05-22] (Acer Inc.)
HKLM\...\Run: [NBKeyScan] - "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
HKLM\...\Run: [RTHDCPL] - C:\Windows\RTHDCPL.EXE [16862720 2008-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] - C:\Windows\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [vProt] - C:\Program Files\AVG SafeGuard toolbar\vprot.exe [2404376 2013-10-01] ()
HKLM\...\Run: [type32] - C:\Program Files\Microsoft IntelliType Pro\type32.exe [172032 2004-06-03] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [SearchProtectAll] - C:\Program Files\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKLM\...\Run: [iYogi Support Dock] - C:\Program Files\iYogi Support Dock\SDStartup.exe [204288 2013-07-30] (iYogi Inc.)
HKLM\...\Runonce: [PDFCreatorRestart] - [x]
HKCU\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [13351304 2010-09-02] (Skype Technologies S.A.)
HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [SearchProtect] - C:\Documents and Settings\Dorinne\Application Data\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKCU\...\Run: [Bomgar_Cleanup_ZD358009323433] - cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\iyogi-scc-5261BA5A" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD358009323433 /f
MountPoints2: {51d66ab8-0e9e-11e3-ae21-00226984c619} - D:\DTLplus_Launcher.exe
MountPoints2: {6c913f08-d81c-11dd-ac3e-00226984c619} - D:\LaunchU3.exe -a
HKU\Default User\...\RunOnce: [AcerScrSav] - C:\WINDOWS\Acer\run_NB.exe [ 2007-07-23] ()
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe"
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
ShortcutTarget: InterVideo WinCinema Manager.lnk -> C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
URLSearchHook: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
URLSearchHook: MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL =
SearchScopes: HKCU - DefaultScope {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN38645085281691119&UM=2
SearchScopes: HKCU - {31CF9EBE-5755-4a1d-AC25-2834D952D9B4} URL = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKCU - {5636D761-2947-4C5D-8146-532497FE2C9C} URL = http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://mysearch.avg.com/search?cid={5DCB1D32-7807-484C-8AF1-323FC76DA9AF}&mid=Unknown&lang=en&ds=co011&pr=sa&d=2013-09-05 21:52:30&v=15.6.1.2&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN38645085281691119&UM=2
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80106&lng=en
BHO: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: SySaver - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\Dorinne\Local Settings\Application Data\SySaver\temp.dat ()
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.1.0.32\IPSBHO.DLL (Symantec Corporation)
BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL (Omega Partners Ltd)
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Dorinne\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
BHO: AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKLM - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG SafeGuard toolbar\17.0.1.12\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
Toolbar: HKLM - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
Toolbar: HKLM - MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} -  No File
Toolbar: HKCU -Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.1.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -&Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -InternetHelper3.1 Toolbar - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
Toolbar: HKCU -MixiDJ V44 Toolbar - {90A1B331-C2B4-4933-9F63-BA7B84D60D58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll (Inbox.com, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll (AVG Secure Search)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 209.18.47.61 209.18.47.62

========================== Services (Whitelisted) =================

R2 apmwinsrv; C:\Program Files\Paragon Software\HFS+ for Windows  9.1\apmwinsrv.exe [64720 2013-07-26] ()
R2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [220960 2013-09-22] (Conduit)
R2 DefaultTabUpdate; C:\Documents and Settings\Dorinne\Application Data\defaulttab\defaulttab\dtupdate.exe [107520 2013-10-19] ()
S2 N360; C:\Program Files\Norton 360\Engine\4.2.0.12\diMaster.dll [135032 2010-04-29] (Symantec Corporation)
R3 Nla; C:\Windows\System32\mswsock.dll [245248 2008-06-20] ()
R2 Norton PC Checkup Application Launcher; C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [123320 2013-08-31] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll [132984 2009-08-29] (Symantec Corporation)
S2 SupportDockService.exe; C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-08-07] (iYogi Technical Services)
R2 vToolbarUpdater17.0.12; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [1734680 2013-10-01] (AVG Secure Search)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{ceb2c0d6-c1d1-d8d4-8cda-6ce379b1bf2b}\   \   \???\{ceb2c0d6-c1d1-d8d4-8cda-6ce379b1bf2b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [42448 2013-07-26] (Paragon Software Group)
R3 AR5416; C:\Windows\System32\DRIVERS\athw.sys [1312576 2008-05-20] (Atheros Communications, Inc.)
R1 avgtp; C:\WINDOWS\system32\drivers\avgtpx86.sys [37664 2013-10-01] (AVG Technologies)
R1 BHDrvx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20101123.003\BHDrvx86.sys [691248 2010-11-23] (Symantec Corporation)
R1 ccHP; C:\Windows\system32\drivers\N360\0402000.00C\ccHPx86.sys [501888 2010-02-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [371248 2011-01-07] (Symantec Corporation)
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [44624 2013-07-26] (Paragon Software Group)
R3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [169168 2013-07-26] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [14544 2013-07-26] (Paragon Software Group)
S3 IDSxpx86; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110107.002\IDSxpx86.sys [341944 2010-12-01] (Symantec Corporation)
R3 int15.sys; C:\Acer\Empowering Technology\eRecovery\int15.sys [69632 2005-01-13] ()
R3 M3000Srv; C:\Windows\System32\Drivers\M3000KNT.sys [254976 2008-05-05] ()
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [33488 2013-07-26] (Paragon Software Group)
S3 NAVENG; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110108.002\NAVENG.SYS [86008 2011-01-07] (Symantec Corporation)
S3 NAVEX15; C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110108.002\NAVEX15.SYS [1360760 2011-01-07] (Symantec Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [21784 2011-04-13] (Microsoft Corporation)
S3 SRTSP; C:\Windows\system32\drivers\N360\0401000.020\SRTSP.SYS [325680 2010-02-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0402000.00C\SRTSPX.SYS [43696 2010-04-21] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0402000.00C\SYMDS.SYS [328752 2010-02-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0402000.00C\SYMEFA.SYS [173104 2010-04-21] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [124976 2011-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0402000.00C\Ironx86.SYS [116784 2010-04-29] (Symantec Corporation)
S3 SYMTDI; C:\Windows\system32\drivers\N360\0401000.020\SYMTDI.SYS [362032 2010-02-03] (Symantec Corporation)
S3 EraserUtilDrvI10; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys [x]
S3 MREMP50; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-10-19 15:25 - 2013-10-19 15:39 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\PriceGong
2013-10-19 15:24 - 2013-10-19 15:24 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\defaulttab
2013-10-19 15:23 - 2013-10-19 15:25 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\MixiDJ_V44
2013-10-19 15:23 - 2013-10-19 15:23 - 00000782 _____ C:\Documents and Settings\Dorinne\Desktop\Flash Player Pro.lnk
2013-10-19 15:23 - 2013-10-19 15:23 - 00000000 ____D C:\Program Files\MixiDJ_V44
2013-10-19 15:23 - 2013-10-19 15:23 - 00000000 ____D C:\Program Files\Flash Player Pro
2013-10-19 15:23 - 2013-10-19 15:23 - 00000000 ____D C:\Documents and Settings\Dorinne\My Documents\Flash Player Pro
2013-10-19 15:23 - 2013-10-19 15:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
2013-10-18 18:59 - 2013-10-18 18:59 - 00000937 _____ C:\Documents and Settings\Dorinne\Desktop\PC Diagnostics.lnk
2013-10-18 18:55 - 2013-10-18 18:55 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\QuickScan
2013-10-18 18:53 - 2013-10-18 18:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SmartPCScan
2013-10-18 18:48 - 2013-01-14 12:34 - 00007168 _____ C:\Documents and Settings\All Users\Application Data\Z@!-0283c99b-c8c5-4fc6-825e-b18c2aa6de76.tmp
2013-10-18 18:44 - 2013-10-18 18:45 - 00000000 ____D C:\Program Files\iYogi Support Dock
2013-10-18 18:44 - 2013-10-18 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iYogi Support Dock
2013-10-18 18:44 - 2013-10-18 18:44 - 00001698 _____ C:\Documents and Settings\All Users\Desktop\iYogi Support Dock.lnk
2013-10-18 18:44 - 2013-10-18 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iYogi
2013-10-18 18:26 - 2013-10-18 18:26 - 00000000 ____D C:\Documents and Settings\Dorinne\My Documents\PC Speed Maximizer
2013-10-18 18:04 - 2013-10-19 15:24 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\SySaver
2013-10-18 18:04 - 2013-10-18 18:04 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-18 18:04 - 2013-10-18 18:04 - 00000000 ____D C:\Documents and Settings\Dorinne\Start Menu\Programs\SySaver
2013-10-18 18:03 - 2013-10-19 15:24 - 00000009 _____ C:\END
2013-10-18 18:03 - 2013-10-19 15:23 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\Conduit
2013-10-18 18:03 - 2013-10-18 18:06 - 00000000 ____D C:\Program Files\InternetHelper3.1
2013-10-18 18:03 - 2013-10-18 18:05 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1
2013-10-18 18:03 - 2013-10-18 18:04 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\SearchProtect
2013-10-18 18:03 - 2013-10-18 18:03 - 00000868 _____ C:\Documents and Settings\All Users\Desktop\Download Internet Explorer 10.lnk
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Program Files\Download Internet Explorer 10
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Program Files\Conduit
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Download Internet Explorer 10
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-10-17 22:31 - 2013-10-17 22:31 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-10-17 22:30 - 2013-10-19 20:07 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-17 22:30 - 2013-10-17 22:30 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-10-17 22:30 - 2013-10-17 22:30 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-10-17 16:27 - 2013-07-26 01:31 - 00044624 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\gpt_loader.sys
2013-10-17 16:27 - 2013-07-26 01:31 - 00042448 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\apmwin.sys
2013-10-17 16:27 - 2013-07-26 01:31 - 00033488 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\mounthlp.sys
2013-10-17 16:26 - 2013-10-17 16:26 - 00000000 ____D C:\Program Files\Paragon Software
2013-10-17 16:26 - 2013-07-26 01:31 - 00169168 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hfsplus.sys
2013-10-17 16:26 - 2013-07-26 01:31 - 00014544 _____ (Paragon Software Group) C:\WINDOWS\system32\Drivers\hfsplusrec.sys
2013-10-17 15:33 - 2013-10-17 15:37 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\Systweak
2013-10-17 15:20 - 2013-10-17 15:20 - 00000000 ____D C:\WINDOWS\pss
2013-10-17 15:11 - 2013-10-17 16:08 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\LogMeIn Rescue Applet
2013-10-16 00:29 - 2013-10-16 00:29 - 00090112 _____ C:\WINDOWS\Minidump\Mini101613-01.dmp
2013-10-16 00:06 - 2013-10-16 00:06 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\Template
2013-10-16 00:06 - 2013-10-16 00:06 - 00000000 _____ C:\Documents and Settings\Dorinne\Application Data\wklnhst.dat
2013-10-15 23:35 - 2013-10-16 00:23 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\file backup Willy
2013-10-15 22:26 - 2013-10-15 23:10 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\file backup DiWilly
2013-10-14 23:05 - 2013-10-14 23:05 - 00001546 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-10-14 23:05 - 2013-10-14 23:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-10-14 23:04 - 2013-10-14 23:04 - 00000000 ____D C:\Program Files\iPod
2013-10-14 23:03 - 2013-10-14 23:05 - 00000000 ____D C:\Program Files\iTunes
2013-10-14 23:03 - 2013-10-14 23:05 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-14 17:28 - 2013-10-14 17:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-14 17:28 - 2013-10-14 17:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-14 17:27 - 2013-10-14 17:28 - 00012550 _____ C:\WINDOWS\KB2862335.log
2013-10-14 17:21 - 2013-10-14 17:22 - 00013743 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-14 17:21 - 2013-10-14 17:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-14 17:21 - 2013-10-14 17:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 00:03 - 2013-10-14 17:28 - 00016903 _____ C:\WINDOWS\KB2847311.log
2013-10-11 00:02 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-10 23:22 - 2013-10-15 22:26 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\Billy!
2013-10-10 23:22 - 2013-10-10 23:22 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\WEBROOT SYSTEM ANALYZER
2013-10-10 23:20 - 2013-10-10 23:20 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\opt
2013-10-03 23:50 - 2013-10-03 23:50 - 00000000 __SHD C:\Documents and Settings\NetworkService\PrivacIE
2013-09-27 21:47 - 2008-04-14 23:00 - 00014592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kbdhid.sys
2013-09-27 21:47 - 2008-04-14 23:00 - 00014592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2013-09-27 21:45 - 2013-09-27 21:45 - 00001903 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Keyboard.lnk
2013-09-27 21:45 - 2013-09-27 21:45 - 00000000 ____D C:\Program Files\Microsoft IntelliType Pro
2013-09-27 21:45 - 2013-09-27 21:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Keyboard
2013-09-23 21:32 - 2013-10-19 17:26 - 01087515 _____ (Farbar) C:\Documents and Settings\Dorinne\Desktop\FRST.exe
2013-09-22 23:54 - 2013-09-22 23:54 - 00000028 _____ C:\Documents and Settings\Dorinne\Desktop\filefind.txt
2013-09-22 22:45 - 2013-09-22 22:31 - 00019335 _____ C:\Documents and Settings\Dorinne\Desktop\driver.sh
2013-09-22 22:31 - 2013-09-22 22:31 - 00019335 _____ C:\Documents and Settings\Dorinne\My Documents\driver.sh
2013-09-22 22:30 - 2013-09-22 22:30 - 00055164 ____H C:\WINDOWS\system32\mlfcache.dat
2013-09-22 22:16 - 2009-12-07 08:03 - 00002859 _____ C:\Documents and Settings\Dorinne\Desktop\syslinux.cfg
2013-09-22 21:58 - 2013-09-22 22:17 - 00145680 _____ C:\Documents and Settings\Dorinne\Desktop\vesamenu.c32
2013-09-19 01:10 - 2013-09-19 01:10 - 00090112 _____ C:\WINDOWS\Minidump\Mini091913-01.dmp

==================== One Month Modified Files and Folders =======

2013-10-19 20:07 - 2013-10-17 22:30 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-10-19 19:37 - 2013-08-26 18:37 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
2013-10-19 19:36 - 2013-03-31 17:20 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-19 17:26 - 2013-09-23 21:32 - 01087515 _____ (Farbar) C:\Documents and Settings\Dorinne\Desktop\FRST.exe
2013-10-19 17:18 - 2008-08-15 16:37 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-19 15:39 - 2013-10-19 15:25 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\PriceGong
2013-10-19 15:25 - 2013-10-19 15:23 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\MixiDJ_V44
2013-10-19 15:24 - 2013-10-19 15:24 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\defaulttab
2013-10-19 15:24 - 2013-10-18 18:04 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\SySaver
2013-10-19 15:24 - 2013-10-18 18:03 - 00000009 _____ C:\END
2013-10-19 15:23 - 2013-10-19 15:23 - 00000782 _____ C:\Documents and Settings\Dorinne\Desktop\Flash Player Pro.lnk
2013-10-19 15:23 - 2013-10-19 15:23 - 00000000 ____D C:\Program Files\MixiDJ_V44
2013-10-19 15:23 - 2013-10-19 15:23 - 00000000 ____D C:\Program Files\Flash Player Pro
2013-10-19 15:23 - 2013-10-19 15:23 - 00000000 ____D C:\Documents and Settings\Dorinne\My Documents\Flash Player Pro
2013-10-19 15:23 - 2013-10-19 15:23 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Flash Player Pro
2013-10-19 15:23 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\Conduit
2013-10-19 15:14 - 2008-08-15 16:37 - 01480238 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-19 14:29 - 2013-08-31 13:37 - 00000094 _____ C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2013-10-19 14:29 - 2013-08-31 13:37 - 00000006 _____ C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
2013-10-18 18:59 - 2013-10-18 18:59 - 00000937 _____ C:\Documents and Settings\Dorinne\Desktop\PC Diagnostics.lnk
2013-10-18 18:59 - 2013-10-18 18:53 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SmartPCScan
2013-10-18 18:55 - 2013-10-18 18:55 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\QuickScan
2013-10-18 18:45 - 2013-10-18 18:44 - 00000000 ____D C:\Program Files\iYogi Support Dock
2013-10-18 18:45 - 2013-10-18 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iYogi Support Dock
2013-10-18 18:45 - 2008-12-27 16:28 - 00060544 _____ C:\Documents and Settings\Dorinne\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-18 18:44 - 2013-10-18 18:44 - 00001698 _____ C:\Documents and Settings\All Users\Desktop\iYogi Support Dock.lnk
2013-10-18 18:44 - 2013-10-18 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iYogi
2013-10-18 18:42 - 2008-08-15 14:21 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-10-18 18:26 - 2013-10-18 18:26 - 00000000 ____D C:\Documents and Settings\Dorinne\My Documents\PC Speed Maximizer
2013-10-18 18:17 - 2009-01-02 11:14 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\Skype
2013-10-18 18:17 - 2008-08-15 16:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-18 18:17 - 2008-08-15 06:33 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-18 18:17 - 2008-08-15 06:33 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-18 18:12 - 2008-12-28 04:50 - 00000178 ___SH C:\Documents and Settings\Dorinne\ntuser.ini
2013-10-18 18:12 - 2008-12-28 04:50 - 00000000 ____D C:\Documents and Settings\Dorinne
2013-10-18 18:12 - 2008-08-15 16:37 - 00032480 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-18 18:12 - 2008-08-15 15:59 - 00004584 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-18 18:07 - 2013-03-31 17:20 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-18 18:07 - 2011-08-06 13:48 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-18 18:07 - 2008-08-15 14:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe
2013-10-18 18:06 - 2013-10-18 18:03 - 00000000 ____D C:\Program Files\InternetHelper3.1
2013-10-18 18:05 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1
2013-10-18 18:04 - 2013-10-18 18:04 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-18 18:04 - 2013-10-18 18:04 - 00000000 ____D C:\Documents and Settings\Dorinne\Start Menu\Programs\SySaver
2013-10-18 18:04 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\SearchProtect
2013-10-18 18:03 - 2013-10-18 18:03 - 00000868 _____ C:\Documents and Settings\All Users\Desktop\Download Internet Explorer 10.lnk
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Program Files\Download Internet Explorer 10
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Program Files\Conduit
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Download Internet Explorer 10
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-10-17 22:32 - 2008-08-15 13:40 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-17 22:31 - 2013-10-17 22:31 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-10-17 22:30 - 2013-10-17 22:30 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-10-17 22:30 - 2013-10-17 22:30 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-10-17 22:25 - 2008-12-28 05:04 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google
2013-10-17 22:25 - 2008-12-28 04:57 - 00000000 ____D C:\Program Files\Google
2013-10-17 20:41 - 2008-08-15 16:19 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-17 16:27 - 2009-11-02 11:15 - 01011227 _____ C:\WINDOWS\setupapi.log
2013-10-17 16:26 - 2013-10-17 16:26 - 00000000 ____D C:\Program Files\Paragon Software
2013-10-17 16:08 - 2013-10-17 15:11 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\LogMeIn Rescue Applet
2013-10-17 15:37 - 2013-10-17 15:33 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\Systweak
2013-10-17 15:20 - 2013-10-17 15:20 - 00000000 ____D C:\WINDOWS\pss
2013-10-17 14:51 - 2008-12-27 16:18 - 00000000 ____D C:\Documents and Settings\Dorinne\My Documents\PDF
2013-10-16 00:30 - 2010-11-07 21:08 - 00006144 _____ C:\Documents and Settings\Dorinne\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-16 00:29 - 2013-10-16 00:29 - 00090112 _____ C:\WINDOWS\Minidump\Mini101613-01.dmp
2013-10-16 00:29 - 2010-04-21 16:20 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-16 00:23 - 2013-10-15 23:35 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\file backup Willy
2013-10-16 00:06 - 2013-10-16 00:06 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\Template
2013-10-16 00:06 - 2013-10-16 00:06 - 00000000 _____ C:\Documents and Settings\Dorinne\Application Data\wklnhst.dat
2013-10-15 23:10 - 2013-10-15 22:26 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\file backup DiWilly
2013-10-15 22:26 - 2013-10-10 23:22 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\Billy!
2013-10-15 20:37 - 2013-09-01 11:30 - 00000116 _____ C:\Documents and Settings\Dorinne\Application Data\WB.CFG
2013-10-15 20:37 - 2013-09-01 11:30 - 00000006 _____ C:\Documents and Settings\Dorinne\Application Data\WBPU-TTL.DAT
2013-10-15 20:04 - 2008-08-15 13:44 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-14 23:05 - 2013-10-14 23:05 - 00001546 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-10-14 23:05 - 2013-10-14 23:05 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-10-14 23:05 - 2013-10-14 23:03 - 00000000 ____D C:\Program Files\iTunes
2013-10-14 23:05 - 2013-10-14 23:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-14 23:04 - 2013-10-14 23:04 - 00000000 ____D C:\Program Files\iPod
2013-10-14 23:04 - 2008-12-31 09:48 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-14 17:59 - 2008-08-15 15:55 - 00248696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-14 17:28 - 2013-10-14 17:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-14 17:28 - 2013-10-14 17:28 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-14 17:28 - 2013-10-14 17:27 - 00012550 _____ C:\WINDOWS\KB2862335.log
2013-10-14 17:28 - 2013-10-11 00:03 - 00016903 _____ C:\WINDOWS\KB2847311.log
2013-10-14 17:28 - 2008-08-15 16:42 - 00000000 ____D C:\I386
2013-10-14 17:28 - 2008-08-15 16:19 - 00730226 _____ C:\WINDOWS\tsoc.log
2013-10-14 17:28 - 2008-08-15 16:19 - 00301440 _____ C:\WINDOWS\iis6.log
2013-10-14 17:28 - 2008-08-15 13:53 - 01911063 _____ C:\WINDOWS\FaxSetup.log
2013-10-14 17:28 - 2008-08-15 13:53 - 00916305 _____ C:\WINDOWS\ocgen.log
2013-10-14 17:28 - 2008-08-15 13:53 - 00643345 _____ C:\WINDOWS\comsetup.log
2013-10-14 17:28 - 2008-08-15 13:53 - 00388833 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-14 17:28 - 2008-08-15 13:53 - 00202862 _____ C:\WINDOWS\updspapi.log
2013-10-14 17:28 - 2008-08-15 13:53 - 00105195 _____ C:\WINDOWS\ocmsn.log
2013-10-14 17:28 - 2008-08-15 13:53 - 00095116 _____ C:\WINDOWS\msgsocm.log
2013-10-14 17:28 - 2008-08-15 13:53 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-14 17:28 - 2008-08-15 13:53 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-14 17:27 - 2013-08-06 21:47 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-14 17:22 - 2013-10-14 17:21 - 00013743 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-14 17:22 - 2009-01-02 15:31 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-14 17:21 - 2013-10-14 17:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-14 17:21 - 2013-10-14 17:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-11 00:23 - 2009-01-21 10:22 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\iTunes
2013-10-10 23:22 - 2013-10-10 23:22 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\WEBROOT SYSTEM ANALYZER
2013-10-10 23:20 - 2013-10-10 23:20 - 00000000 ____D C:\Documents and Settings\Dorinne\Desktop\opt
2013-10-08 20:40 - 2009-09-16 12:29 - 00002187 _____ C:\Documents and Settings\All Users\Desktop\Safari.lnk
2013-10-06 20:00 - 2013-09-12 19:52 - 00020251 _____ C:\WINDOWS\KB2870699-IE8.log
2013-10-04 22:32 - 2011-04-27 20:09 - 00000000 ____D C:\Program Files\AppGraffiti
2013-10-03 23:50 - 2013-10-03 23:50 - 00000000 __SHD C:\Documents and Settings\NetworkService\PrivacIE
2013-10-03 23:50 - 2008-08-15 13:40 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-01 20:52 - 2013-09-01 15:13 - 00000000 ____D C:\WINDOWS\system32\cache
2013-10-01 20:52 - 2013-08-26 18:38 - 00037664 _____ (AVG Technologies) C:\WINDOWS\system32\Drivers\avgtpx86.sys
2013-10-01 20:52 - 2013-08-26 18:37 - 00000000 ____D C:\Program Files\AVG SafeGuard toolbar
2013-09-27 21:48 - 2008-08-15 13:58 - 00218720 _____ C:\WINDOWS\setupact.log
2013-09-27 21:45 - 2013-09-27 21:45 - 00001903 _____ C:\Documents and Settings\All Users\Desktop\Microsoft Keyboard.lnk
2013-09-27 21:45 - 2013-09-27 21:45 - 00000000 ____D C:\Program Files\Microsoft IntelliType Pro
2013-09-27 21:45 - 2013-09-27 21:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Keyboard
2013-09-23 23:36 - 2007-08-13 21:39 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-23 23:36 - 2007-08-13 21:39 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2013-09-23 14:33 - 2012-07-17 10:09 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-09-23 14:33 - 2010-08-26 17:36 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-09-23 14:33 - 2009-11-02 10:35 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-09-23 14:33 - 2009-11-02 10:35 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-09-23 14:33 - 2008-12-31 15:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-09-23 14:33 - 2008-12-31 15:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-09-23 14:33 - 2008-12-31 15:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-09-23 14:33 - 2008-12-31 15:33 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-09-23 14:33 - 2008-04-14 23:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2013-09-23 14:33 - 2008-04-14 23:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-09-23 14:33 - 2007-08-13 21:54 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2013-09-23 14:33 - 2007-08-13 21:45 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-09-23 14:33 - 2007-08-13 21:45 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2013-09-23 14:33 - 2007-08-13 21:44 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2013-09-23 14:33 - 2007-08-13 21:44 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2013-09-23 14:33 - 2007-08-13 21:44 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-09-23 14:33 - 2007-08-13 21:44 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-09-23 14:33 - 2007-08-13 21:44 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2013-09-23 14:33 - 2007-08-13 21:44 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2013-09-23 14:33 - 2007-08-13 21:39 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2013-09-23 14:33 - 2007-08-13 21:39 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2013-09-23 14:33 - 2007-08-13 21:34 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-23 14:06 - 2008-04-14 23:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2013-09-22 23:54 - 2013-09-22 23:54 - 00000028 _____ C:\Documents and Settings\Dorinne\Desktop\filefind.txt
2013-09-22 22:31 - 2013-09-22 22:45 - 00019335 _____ C:\Documents and Settings\Dorinne\Desktop\driver.sh
2013-09-22 22:31 - 2013-09-22 22:31 - 00019335 _____ C:\Documents and Settings\Dorinne\My Documents\driver.sh
2013-09-22 22:30 - 2013-09-22 22:30 - 00055164 ____H C:\WINDOWS\system32\mlfcache.dat
2013-09-22 22:29 - 2008-12-31 09:47 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\Apple Computer
2013-09-22 22:17 - 2013-09-22 21:58 - 00145680 _____ C:\Documents and Settings\Dorinne\Desktop\vesamenu.c32
2013-09-21 12:00 - 2008-08-15 13:43 - 00029554 _____ C:\WINDOWS\wmsetup.log
2013-09-19 01:10 - 2013-09-19 01:10 - 00090112 _____ C:\WINDOWS\Minidump\Mini091913-01.dmp

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Windows\Tasks\At1.job

Some content of TEMP:
====================
C:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\156_FPPSetup.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air155.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air15D.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air186.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air187.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air88.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air8A.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\airB9.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\airD4.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\checktbexist.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\HitmanPro_x64.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\Kickstarter.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\mconduitinstaller.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nskF5.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nslAC.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsn174.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsp179.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nspF0.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsvA7.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\SPStub.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\vcredist_x86.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013
Ran by Dorinne at 2013-10-19 20:14:29
Running from C:\Documents and Settings\Dorinne\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Norton 360 (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
Could not list Security Center items. Check WMI.

==================== Installed Programs ======================

Acer Crystal Eye webcam
Acer Crystal Eye Webcam 1.0.1.3 (Version: 1.0.1.3)
Acer ScreenSaver (Version: 1.11.0613)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9 (Version: 9.0.0)
AppGraffiti (Version: 1.0.0.25)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Atheros for Acer Driver v7.6.0.224_Foxconn Installation Program (Version: 7.6.0.224)
AVG SafeGuard toolbar (Version: 17.0.1.12)
Bonjour (Version: 3.0.0.10)
DefaultTab (Version: 2.3.3.0)
Download Internet Explorer 10 10.0.01 (Version: 10.0.01)
Flash Player Pro V5.4
Hoyle Board Games 3
Inbox Toolbar (Version: 1.0.0)
Intel® Graphics Media Accelerator Driver
InternetHelper3.1 Toolbar for IE (Version: 6.17.1.25)
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD (Version: 5.0-B11.1255)
iTunes (Version: 11.1.1.11)
iYogi Support Dock (Version: 5.8.1)
JMicron JMB38X Flash Media Controller (Version: 1.00.16.01)
Launch Manager
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Carioca Rummy (Version: 1.0.047)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliType Pro 5.2 (Version: 5.20.413.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Works (Version: 08.05.0818)
MixiDJ V44 Toolbar for IE (Version: 6.17.1.25)
MSN
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
neroxml (Version: 1.0.0)
Norton 360 (Version: 4.1.0.32)
Norton PC Checkup (Version: 2.0.8.13)
Open It! (Version: 1.1.1)
Paragon HFS+ for Windows™ 9.1 (Version: 1.00)
QuickTime (Version: 7.70.80.34)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5628)
Safari (Version: 5.33.18.5)
Search Protect by conduit (Version: 1.7.0.72)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.187)
Synaptics Pointing Device Driver (Version: 11.1.4.0)
SySaver (HKCU Version: 2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB975364) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB942763) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Zip Opener
VCRedistSetup (Version: 1.0.0)
WebFldrs XP (Version: 9.50.7523)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WiseFixer 3.2 (Version: 3.2)
Zip Opener Packages

==================== Restore Points  =========================

18-10-2013 01:23:04 System Checkpoint
19-10-2013 18:46:05 System Checkpoint

==================== Hosts content: ==========================

2008-04-14 23:00 - 2008-04-14 23:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Dorinne\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE

==================== Loaded Modules (whitelisted) =============

2008-06-20 13:46 - 2008-06-20 12:02 - 00245248 _____ () C:\WINDOWS\system32\MSWSOCK.dll
2008-06-20 13:46 - 2008-06-20 12:02 - 00245248 _____ () C:\WINDOWS\system32\mswsock.dll
2008-06-20 13:46 - 2008-06-20 12:02 - 00245248 _____ () C:\WINDOWS\System32\mswsock.dll
2008-12-28 05:01 - 2007-04-06 02:56 - 00356352 _____ () C:\Acer\Empowering Technology\eRecovery\it41.dll
2008-12-28 05:01 - 2006-01-12 10:33 - 00212992 _____ () C:\Acer\Empowering Technology\eRecovery\imagefile.dll
2013-10-01 20:52 - 2013-10-01 20:52 - 00519704 _____ () C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\log4cplusU.dll
2013-10-01 20:52 - 2013-10-01 20:52 - 00142360 _____ () C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\17.0.12\SiteSafety.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-05-28 07:05 - 2013-05-28 07:05 - 00435200 _____ () C:\Program Files\iYogi Support Dock\ResDll.dll
2013-04-06 23:09 - 2013-04-06 23:09 - 00830312 _____ () C:\Documents and Settings\Dorinne\Local Settings\Application Data\SySaver\temp.dat
2008-04-14 23:00 - 2008-04-14 23:00 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 23:00 - 2008-04-14 23:00 - 00014336 _____ () C:\WINDOWS\System32\msdmo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/19/2013 03:24:19 PM) (Source: CltMngSvc) (User: )
Description: CltMngSvcServiceInstall: Fail to Start serviceSearch Protect by Conduit Updater (Error: 1056)

Error: (10/18/2013 08:08:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9343

Error: (10/18/2013 08:08:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9343

Error: (10/18/2013 08:08:38 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2013 08:08:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7140

Error: (10/18/2013 08:08:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7140

Error: (10/18/2013 08:08:36 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/18/2013 08:08:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5187

Error: (10/18/2013 08:08:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5187

Error: (10/18/2013 08:08:34 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (10/18/2013 06:17:46 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060

Error: (10/18/2013 06:17:46 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (10/18/2013 05:39:09 PM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 14 minutes.
NtpClient has no source of accurate time.

Error: (10/18/2013 05:39:09 PM) (Source: W32Time) (User: )
Description: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Error: (10/17/2013 04:29:27 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (10/17/2013 04:26:58 PM) (Source: Service Control Manager) (User: )
Description: The Hfsplus service failed to start due to the following error:
%%5

Error: (10/17/2013 04:08:28 PM) (Source: Service Control Manager) (User: )
Description: The Norton 360 service terminated with service-specific error 4294967295 (0xFFFFFFFF).

Error: (10/17/2013 03:37:14 PM) (Source: SideBySide) (User: )
Description: Generate Activation Context failed for C:\Program Files\Advanced System Optimizer 3\mfc90u.dll.
Reference error message: The operation completed successfully.
.

Error: (10/17/2013 03:37:14 PM) (Source: SideBySide) (User: )
Description: Syntax error in manifest or policy file "The manifest file contains one or more syntax errors.
1" on line The manifest file contains one or more syntax errors.
2.

Error: (10/17/2013 03:37:14 PM) (Source: SideBySide) (User: )
Description: Component identity found in manifest does not match the identity of the component requested

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 1011.88 MB
Available physical RAM: 398.18 MB
Total Pagefile: 2427.11 MB
Available Pagefile: 1467.62 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.6 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:106.91 GB) (Free:1.42 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 112 GB) (Disk ID: 11A8BA38)
Partition 1: (Not Active) - (Size=5 GB) - (Type=12)
Partition 2: (Active) - (Size=107 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 AM

Posted 19 October 2013 - 08:49 PM

Hi Will,

This computer is sick as well. In addition, you are correct about overloading it with transferred files. There is not enough free space on your hard drive for Windows to run properly and you will need to remove at least 15 GB of information.

I must first warn you about the infection on your computer and then ask you to run the below.

===================================================

BACKDOOR WARNING!

--------------------

One or more of the identified infections is a Backdoor Trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please let me know if you have already noticed evidences of financial institution irregularities.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
(Conduit) C:\Documents and Settings\Dorinne\Application Data\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files\SearchProtect\bin\CltMngSvc.exe
() C:\Documents and Settings\Dorinne\Application Data\defaulttab\defaulttab\dtupdate.exe
HKLM\...\Run: [SearchProtectAll] - C:\Program Files\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKLM\...\Run: [iYogi Support Dock] - C:\Program Files\iYogi Support Dock\SDStartup.exe [204288 2013-07-30] (iYogi Inc.)
() C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
2013-05-28 07:05 - 2013-05-28 07:05 - 00435200 _____ () C:\Program Files\iYogi Support Dock\ResDll.dll
HKLM\...\Runonce: [PDFCreatorRestart] - [x]
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [SearchProtect] - C:\Documents and Settings\Dorinne\Application Data\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKCU\...\Run: [Bomgar_Cleanup_ZD358009323433] - cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\iyogi-scc-5261BA5A" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD358009323433 /f
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
URLSearchHook: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
URLSearchHook: MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL =
SearchScopes: HKCU - DefaultScope {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN38645085281691119&UM=2
SearchScopes: HKCU - {31CF9EBE-5755-4a1d-AC25-2834D952D9B4} URL = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKCU - {5636D761-2947-4C5D-8146-532497FE2C9C} URL = http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN38645085281691119&UM=2
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80106&lng=en
BHO: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
BHO: SySaver - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\Dorinne\Local Settings\Application Data\SySaver\temp.dat ()
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Dorinne\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
Toolbar: HKLM - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
Toolbar: HKLM - MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -InternetHelper3.1 Toolbar - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
Toolbar: HKCU -MixiDJ V44 Toolbar - {90A1B331-C2B4-4933-9F63-BA7B84D60D58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
R2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [220960 2013-09-22] (Conduit)
S2 SupportDockService.exe; C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-08-07] (iYogi Technical Services)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{ceb2c0d6-c1d1-d8d4-8cda-6ce379b1bf2b}\   \   \???\{ceb2c0d6-c1d1-d8d4-8cda-6ce379b1bf2b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-10-18 18:48 - 2013-01-14 12:34 - 00007168 _____ C:\Documents and Settings\All Users\Application Data\Z@!-0283c99b-c8c5-4fc6-825e-b18c2aa6de76.tmp
2013-10-18 18:44 - 2013-10-18 18:45 - 00000000 ____D C:\Program Files\iYogi Support Dock
2013-10-18 18:44 - 2013-10-18 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iYogi Support Dock
2013-10-18 18:44 - 2013-10-18 18:44 - 00001698 _____ C:\Documents and Settings\All Users\Desktop\iYogi Support Dock.lnk
2013-10-18 18:44 - 2013-10-18 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iYogi
2013-10-18 18:04 - 2013-10-18 18:04 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-18 18:03 - 2013-10-18 18:06 - 00000000 ____D C:\Program Files\InternetHelper3.1
2013-10-18 18:03 - 2013-10-18 18:05 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1
2013-10-18 18:03 - 2013-10-18 18:04 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\SearchProtect
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Program Files\Conduit
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-10-19 19:37 - 2013-08-26 18:37 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
ZeroAccess:
C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\156_FPPSetup.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air155.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air15D.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air186.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air187.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air88.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air8A.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\airB9.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\airD4.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\checktbexist.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\HitmanPro_x64.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\Kickstarter.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\mconduitinstaller.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nskF5.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nslAC.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsn174.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsp179.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nspF0.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsvA7.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\SPStub.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\vcredist_x86.exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 willlig

willlig
  • Topic Starter

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 19 October 2013 - 09:25 PM

Would moving files onto flash drives be an acceptable method for removing at least 15GB of information?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 AM

Posted 19 October 2013 - 09:33 PM

Yes. Run the fix first and post the results. Wait to move the files because I want to run some programs to check the files first.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 willlig

willlig
  • Topic Starter

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 19 October 2013 - 09:36 PM

OK.



#12 willlig

willlig
  • Topic Starter

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 19 October 2013 - 10:13 PM

I pressed Fix and fixlist was launched. A message came up that said the computer will be restarted to complete the operation. The computer automatically restarted and then there was the usual "Open File - Security Warning" window asking if I'm sure I want to run FRST.exe. I don't know why this window is coming up after restarting. The fixlog was created. So I will just go ahead and copy and paste and post the fixlog contents, correct?  Just want to be sure I'm not supposed to run FRST again at this point.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 AM

Posted 19 October 2013 - 10:32 PM

Yes, post what you have.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 willlig

willlig
  • Topic Starter

  • Members
  • 407 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:48 AM

Posted 19 October 2013 - 10:34 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-10-2013
Ran by Dorinne at 2013-10-19 22:53:37 Run:1
Running from C:\Documents and Settings\Dorinne\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
(Conduit) C:\Documents and Settings\Dorinne\Application Data\SearchProtect\bin\cltmng.exe
(Conduit) C:\Program Files\SearchProtect\bin\CltMngSvc.exe
() C:\Documents and Settings\Dorinne\Application Data\defaulttab\defaulttab\dtupdate.exe
HKLM\...\Run: [SearchProtectAll] - C:\Program Files\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKLM\...\Run: [iYogi Support Dock] - C:\Program Files\iYogi Support Dock\SDStartup.exe [204288 2013-07-30] (iYogi Inc.)
() C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe
2013-05-28 07:05 - 2013-05-28 07:05 - 00435200 _____ () C:\Program Files\iYogi Support Dock\ResDll.dll
HKLM\...\Runonce: [PDFCreatorRestart] - [x]
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [SearchProtect] - C:\Documents and Settings\Dorinne\Application Data\SearchProtect\bin\cltmng.exe [3470624 2013-09-22] (Conduit)
HKCU\...\Run: [Bomgar_Cleanup_ZD358009323433] - cmd.exe /C rd /S /Q "C:\Documents and Settings\All Users\Application Data\iyogi-scc-5261BA5A" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD358009323433 /f
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
URLSearchHook: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
URLSearchHook: MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL =
SearchScopes: HKCU - DefaultScope {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN38645085281691119&UM=2
SearchScopes: HKCU - {31CF9EBE-5755-4a1d-AC25-2834D952D9B4} URL = http://search.pdfcreator-toolbar.org/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
SearchScopes: HKCU - {5636D761-2947-4C5D-8146-532497FE2C9C} URL = http://search.conduit.com/Results.aspx?ctid=CT3300019&SearchSource=45&UM=2&q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
SearchScopes: HKCU - {B7892FF0-3439-4157-8661-1C12CA8AF53E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3298580&CUI=UN38645085281691119&UM=2
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80106&lng=en
BHO: InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
BHO: SySaver - {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Documents and Settings\Dorinne\Local Settings\Application Data\SySaver\temp.dat ()
BHO: DefaultTab Browser Helper - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Documents and Settings\Dorinne\Application Data\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
BHO: MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
Toolbar: HKLM - InternetHelper3.1 Toolbar - {07cbf788-1359-421b-a4e3-5a8d041b90a3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
Toolbar: HKLM - MixiDJ V44 Toolbar - {90a1b331-c2b4-4933-9f63-ba7b84d60d58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} -  No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Toolbar: HKCU -InternetHelper3.1 Toolbar - {07CBF788-1359-421B-A4E3-5A8D041B90A3} - C:\Program Files\InternetHelper3.1\prxtbInt0.dll (Conduit Ltd.)
Toolbar: HKCU -MixiDJ V44 Toolbar - {90A1B331-C2B4-4933-9F63-BA7B84D60D58} - C:\Program Files\MixiDJ_V44\prxtbMixi.dll (Conduit Ltd.)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
R2 CltMngSvc; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [220960 2013-09-22] (Conduit)
S2 SupportDockService.exe; C:\Program Files\iYogi Support Dock\Services\CommAgent\SupportDockService.exe [78336 2012-08-07] (iYogi Technical Services)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{ceb2c0d6-c1d1-d8d4-8cda-6ce379b1bf2b}\   \   \???\{ceb2c0d6-c1d1-d8d4-8cda-6ce379b1bf2b}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
2013-10-18 18:48 - 2013-01-14 12:34 - 00007168 _____ C:\Documents and Settings\All Users\Application Data\Z@!-0283c99b-c8c5-4fc6-825e-b18c2aa6de76.tmp
2013-10-18 18:44 - 2013-10-18 18:45 - 00000000 ____D C:\Program Files\iYogi Support Dock
2013-10-18 18:44 - 2013-10-18 18:45 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iYogi Support Dock
2013-10-18 18:44 - 2013-10-18 18:44 - 00001698 _____ C:\Documents and Settings\All Users\Desktop\iYogi Support Dock.lnk
2013-10-18 18:44 - 2013-10-18 18:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\iYogi
2013-10-18 18:04 - 2013-10-18 18:04 - 00000000 ____D C:\Program Files\SearchProtect
2013-10-18 18:03 - 2013-10-18 18:06 - 00000000 ____D C:\Program Files\InternetHelper3.1
2013-10-18 18:03 - 2013-10-18 18:05 - 00000000 ____D C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1
2013-10-18 18:03 - 2013-10-18 18:04 - 00000000 ____D C:\Documents and Settings\Dorinne\Application Data\SearchProtect
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Program Files\Conduit
2013-10-18 18:03 - 2013-10-18 18:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Conduit
2013-10-19 19:37 - 2013-08-26 18:37 - 00000412 _____ C:\WINDOWS\Tasks\At1.job
ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini
ZeroAccess:
C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install
C:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\156_FPPSetup.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air155.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air15D.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air186.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air187.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air88.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\air8A.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\airB9.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\airD4.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\checktbexist.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\HitmanPro_x64.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\Kickstarter.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\mconduitinstaller.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nskF5.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nslAC.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsn174.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsp179.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nspF0.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsvA7.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\RtkBtMnt.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\SPStub.exe
C:\Documents and Settings\Dorinne\Local Settings\Temp\vcredist_x86.exe
*****************

[1064] C:\Documents and Settings\Dorinne\Application Data\SearchProtect\bin\cltmng.exe => Process closed successfully.
[212] C:\Program Files\SearchProtect\bin\CltMngSvc.exe => Process closed successfully.
[3276] C:\Documents and Settings\Dorinne\Application Data\defaulttab\defaulttab\dtupdate.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\iYogi Support Dock => Value deleted successfully.
[5588] C:\Program Files\iYogi Support Dock\iYogiSupportDock.exe => Process closed successfully.
C:\Program Files\iYogi Support Dock\ResDll.dll => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\PDFCreatorRestart => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Bomgar_Cleanup_ZD358009323433 => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Value deleted successfully.
HKCR\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{90a1b331-c2b4-4933-9f63-ba7b84d60d58} => Value deleted successfully.
HKCR\CLSID\{90a1b331-c2b4-4933-9f63-ba7b84d60d58} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{31CF9EBE-5755-4a1d-AC25-2834D952D9B4} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5636D761-2947-4C5D-8146-532497FE2C9C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5636D761-2947-4C5D-8146-532497FE2C9C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7892FF0-3439-4157-8661-1C12CA8AF53E} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B7892FF0-3439-4157-8661-1C12CA8AF53E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Key deleted successfully.
HKCR\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
HKCR\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
HKCR\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90a1b331-c2b4-4933-9f63-ba7b84d60d58} => Key deleted successfully.
HKCR\CLSID\{90a1b331-c2b4-4933-9f63-ba7b84d60d58} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Value deleted successfully.
HKCR\CLSID\{07cbf788-1359-421b-a4e3-5a8d041b90a3} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{90a1b331-c2b4-4933-9f63-ba7b84d60d58} => Value deleted successfully.
HKCR\CLSID\{90a1b331-c2b4-4933-9f63-ba7b84d60d58} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} => Value deleted successfully.
HKCR\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Value deleted successfully.
HKCR\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{07CBF788-1359-421B-A4E3-5A8D041B90A3} => Value deleted successfully.
HKCR\CLSID\{07CBF788-1359-421B-A4E3-5A8D041B90A3} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{90A1B331-C2B4-4933-9F63-BA7B84D60D58} => Value deleted successfully.
HKCR\CLSID\{90A1B331-C2B4-4933-9F63-BA7B84D60D58} => Key not found.
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5 entry 000000000003\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
CltMngSvc => Service deleted successfully.
SupportDockService.exe => Service deleted successfully.
*etadpug => Service deleted successfully.
C:\Documents and Settings\All Users\Application Data\Z@!-0283c99b-c8c5-4fc6-825e-b18c2aa6de76.tmp => Moved successfully.
C:\Program Files\iYogi Support Dock => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\iYogi Support Dock => Moved successfully.
C:\Documents and Settings\All Users\Desktop\iYogi Support Dock.lnk => Moved successfully.
C:\Documents and Settings\All Users\Application Data\iYogi => Moved successfully.
C:\Program Files\SearchProtect => Moved successfully.
C:\Program Files\InternetHelper3.1 => Moved successfully.

"C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1" directory move:

Could not move "C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_60_323_CT3237160_Images_634780790335935610_png.png" => Scheduled to move on reboot.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_60_323_CT3237160_images_634787744739785761_24PX_png.png => Moved successfully.
Could not move "C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_60_323_CT3237160_Images_Email_xml-0-Classic-634780764927809351_png.png" => Scheduled to move on reboot.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_bankimages_commandcomps_block_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_BankImages_Facebook_Facebook_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_Images_ClientResources_mini_browser_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_eula_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif => Moved successfully.
Could not move "C:\Documents and Settings\Dorinne\Local Settings\Application Data\InternetHelper3.1" directory. => Scheduled to move on reboot.

C:\Documents and Settings\Dorinne\Application Data\SearchProtect => Moved successfully.
C:\Program Files\Conduit => Moved successfully.
C:\Documents and Settings\All Users\Application Data\Conduit => Moved successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.

"C:\Program Files\Google\Desktop\Install" directory move:

"C:\Program Files\Google\Desktop\Install\{CEB2C~1\0103~1\0103~1\CFFE~1\{CEB2C~1" => Directory moved successfully.
Could not move "C:\Program Files\Google\Desktop\Install" directory. => Scheduled to move on reboot.

C:\Documents and Settings\Default User\Local Settings\Temp\RtkBtMnt.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\156_FPPSetup.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\air155.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\air15D.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\air186.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\air187.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\air88.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\air8A.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\airB9.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\airD4.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\checktbexist.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\HitmanPro_x64.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\Kickstarter.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\mconduitinstaller.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\nskF5.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\nslAC.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsn174.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsp179.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\nspF0.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\nsvA7.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\RtkBtMnt.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\SPStub.exe => Moved successfully.
C:\Documents and Settings\Dorinne\Local Settings\Temp\vcredist_x86.exe => Moved successfully.



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:48 AM

Posted 19 October 2013 - 10:40 PM

That looks good. How is the computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users